Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.04.2013, 10:17   #1
tommi1991
 
GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Standard

GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?



Liebes Team von trojaner-board.de,

gestern Abend habe ich mir beim Surfen im Internen auf meinem PC den GVU-Trojaner eingefangen. Es hat sich ein Fenster geöffnet mit dem Logo der Bundespolizei und der GVU mit der Nachricht "Achtung! Ihr Computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt" und der Aufforderung, in den nächsten 72 Stunden 100 Euro zu überweisen.
Heute morgen beim hochfahren wurde automatisch die Systemstartreparatur gestartet: "Der Computer konnte nicht gestartet werden. Starthilfe überprüft, ob im System Probleme vorliegen." Anschließend konnte ich meinen PC wieder normal starten und auch das Sperrbild des Bundestrojaners war verschwunden.
Allerdings denke ich nicht, dass dadurch der Trojaner vollständig vom PC entfernt ist. Also hab ich mir einige Beiträge aus diesem Forum durchgelesen, mir Malwarebytes heruntergeladen und erst einmal einen QuickScan durchgeführt. Bei diesem wurden sieben infizierte Trojaner Objekte entdeckt, ich habe auf "Alle entfernen" geklickt und der PC wurde neu gestartet. z.Zt. läuft bei mir der vollständige Scan, aber es sieht nicht so aus, als ob noch weitere infizierte Objekte vorliegen.

Wie kann ich jetzt am besten weiter vorgehen? Sind noch weitere Schritte nötig, oder kann ich nach dem Scan vom Malwarebytes davon ausgehen, dass der Trojaner beseitigt ist?

Vielen lieben Dank im voraus!


Edit 11:34:

Der vollständige Scan ist jetzt fertig, es wurden keine infizierten Objekte gefunden. Hier ist der Logfile von Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Flo :: FLO-VAIO [Administrator]

Schutz: Aktiviert

16.04.2013 10:30:37
mbam-log-2013-04-16 (10-30-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377653
Laufzeit: 1 Stunde(n), 2 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Geändert von tommi1991 (16.04.2013 um 10:37 Uhr)

Alt 16.04.2013, 12:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Standard

GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?



Hallo und

Zitat:
und erst einmal einen QuickScan durchgeführt. Bei diesem wurden sieben infizierte Trojaner Objekte entdeckt,
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 16.04.2013, 13:00   #3
tommi1991
 
GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Standard

GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?



Hier ist der Log von dem ersten Durchlauf:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Flo :: FLO-VAIO [Administrator]

Schutz: Aktiviert

16.04.2013 10:16:57
mbam-log-2013-04-16 (10-16-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228210
Laufzeit: 7 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Users\Flo\AppData\Roaming\skype.dat (Trojan.Ransom.SVD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Flo\AppData\Local\Temp\kotdxd (Trojan.Ransom.SVD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Flo\AppData\Local\Temp\tmp42a162ec\soft.exe (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Flo\AppData\Local\Temp\tmp87906f5e\soft.exe (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Flo\AppData\Local\Temp\tmp8c5e1e3c\soft.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Flo\AppData\Local\Temp\tmpaf4bb15a\soft.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Flo\AppData\Local\Temp\tmpe397079c\soft.exe (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Außerdem hat mein Virenschutzprogramm Norton 360 eben noch eine Datei gelöscht...Nun steht in der Anzeige "Ihr Computer ist jetzt sicher":

Code:
ATTFilter
Kategorie: Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
16.04.2013 13:52:48,Hoch,odkyz.exe (Bloodhound.Sonar.9) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\flo\appdata\roaming\ewnye\odkyz.exe


Kategorie: Quarantäne
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
16.04.2013 13:52:48,Hoch,odkyz.exe (Bloodhound.Sonar.9) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\flo\appdata\roaming\ewnye\odkyz.exe


Kategorie: SONAR-Aktivität
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
16.04.2013 13:52:48,Hoch,odkyz.exe (Bloodhound.Sonar.9) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\flo\appdata\roaming\ewnye\odkyz.exe
         
__________________

Alt 16.04.2013, 13:02   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Standard

GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.04.2013, 13:25   #5
tommi1991
 
GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Standard

GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?



Hier von OTL.Txt:

Code:
ATTFilter
OTL logfile created on: 16.04.2013 14:09:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Flo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 44,94% Memory free
7,90 Gb Paging File | 5,63 Gb Available in Paging File | 71,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,16 Gb Total Space | 381,13 Gb Free Space | 84,29% Space Free | Partition Type: NTFS
Drive F: | 993,74 Mb Total Space | 992,84 Mb Free Space | 99,91% Space Free | Partition Type: FAT32
 
Computer Name: FLO-VAIO | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Flo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.1.0.24\wincfi39.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe (Symantec Corporation)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bserd) -- C:\Windows\SysNative\drivers\ss_bserd.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130415.025\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130415.025\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130413.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilDrv11220) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys (Symantec Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.eu/vaioportal
IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\..\SearchScopes\{17AB064C-63A8-4F58-874B-9FA692DDC5E2}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE450
IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\..\SearchScopes\{9EEBB1F8-53A1-47A9-8735-652748E53112}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\..\SearchScopes\{CB07E72D-2CF3-43E1-9247-423DD7BE2764}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms}
IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.04.16 13:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.04.16 13:48:13 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-812394530-2126681308-1128913503-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe ()
O4 - HKU\S-1-5-21-812394530-2126681308-1128913503-1000..\Run: [Spotify] C:\Users\Flo\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-812394530-2126681308-1128913503-1000..\Run: [Spotify Web Helper] C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LG Mouse Scanner.lnk = C:\Program Files (x86)\LG Mouse Scanner\LG_Smart_Scan.exe ()
O4 - Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFA38430-F451-4781-A6D8-6C0843252951}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.16 14:07:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe
[2013.04.16 13:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013.04.16 13:47:35 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.04.16 13:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013.04.16 13:46:31 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013.04.16 13:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013.04.16 13:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013.04.16 13:41:13 | 000,000,000 | R--D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.04.16 13:25:04 | 154,147,384 | ---- | C] (Symantec Corporation) -- C:\Users\Flo\Desktop\norton_360_setup.exe
[2013.04.16 10:14:15 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Malwarebytes
[2013.04.16 10:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.16 10:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.16 10:14:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.16 10:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.16 10:12:53 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Programs
[2013.04.16 10:12:12 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Flo\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.16 09:40:54 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.16 09:40:53 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.16 09:40:52 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.16 09:40:52 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.16 09:40:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.16 09:40:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.15 19:36:02 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013.04.11 10:41:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.11 10:41:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.11 10:41:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 10:41:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 10:41:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.11 10:41:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.11 10:41:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.11 10:41:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.11 10:41:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.11 10:41:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.11 10:41:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.11 10:41:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 10:41:39 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 10:41:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 10:41:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.11 10:36:55 | 000,000,000 | ---D | C] -- C:\Users\Flo\Desktop\4. Semester
[2013.04.11 08:40:15 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.11 08:40:14 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.11 08:40:14 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.11 08:40:14 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.11 08:40:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.11 08:40:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.02 14:14:02 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Spotify
[2013.04.02 14:12:49 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Spotify
[2013.03.29 14:04:19 | 000,000,000 | ---D | C] -- C:\output
[2013.03.29 14:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WAV To MP3
[2013.03.29 14:03:57 | 000,000,000 | ---D | C] -- C:\WAV To MP3
[2013.03.26 16:13:21 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.16 14:08:57 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\VT20130115.021
[2013.04.16 14:07:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe
[2013.04.16 13:48:56 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.16 13:48:56 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.16 13:48:11 | 001,891,863 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Cat.DB
[2013.04.16 13:47:35 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.04.16 13:47:35 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.04.16 13:47:35 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.04.16 13:45:33 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.16 13:45:33 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.16 13:45:33 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.16 13:45:33 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.16 13:45:33 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.16 13:42:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.16 13:40:58 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.16 13:40:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.16 13:40:20 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.16 13:38:19 | 154,147,384 | ---- | M] (Symantec Corporation) -- C:\Users\Flo\Desktop\norton_360_setup.exe
[2013.04.16 13:35:57 | 000,867,880 | ---- | M] () -- C:\Users\Flo\Desktop\Norton20_Removal_Tool.exe
[2013.04.16 10:14:07 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.16 10:12:39 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Flo\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.15 18:59:43 | 000,500,235 | ---- | M] () -- C:\Users\Flo\Desktop\Biologie_IV_SS2013_Botanischer_Teil_Experiment_2.pdf
[2013.04.11 14:41:39 | 000,336,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.11 14:40:02 | 001,891,863 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\Cat.DB
[2013.04.08 15:32:40 | 000,075,033 | ---- | M] () -- C:\Users\Flo\Desktop\0_1a.jpg
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.02 14:14:00 | 000,001,795 | ---- | M] () -- C:\Users\Flo\Desktop\Spotify.lnk
[2013.03.28 13:17:17 | 000,003,028 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN12N21GKB05D2.job
[2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.16 13:47:35 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.04.16 13:47:35 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.04.16 13:35:56 | 000,867,880 | ---- | C] () -- C:\Users\Flo\Desktop\Norton20_Removal_Tool.exe
[2013.04.16 10:14:07 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.15 19:10:32 | 000,075,033 | ---- | C] () -- C:\Users\Flo\Desktop\0_1a.jpg
[2013.04.15 18:59:43 | 000,500,235 | ---- | C] () -- C:\Users\Flo\Desktop\Biologie_IV_SS2013_Botanischer_Teil_Experiment_2.pdf
[2013.04.02 14:14:00 | 000,001,795 | ---- | C] () -- C:\Users\Flo\Desktop\Spotify.lnk
[2013.04.02 14:14:00 | 000,001,781 | ---- | C] () -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.09.27 20:46:39 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.05.01 15:12:40 | 000,005,120 | ---- | C] () -- C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Und von Extras.Txt:

Code:
ATTFilter
OTL Extras logfile created on: 16.04.2013 14:09:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Flo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 44,94% Memory free
7,90 Gb Paging File | 5,63 Gb Available in Paging File | 71,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,16 Gb Total Space | 381,13 Gb Free Space | 84,29% Space Free | Partition Type: NTFS
Drive F: | 993,74 Mb Total Space | 992,84 Mb Free Space | 99,91% Space Free | Partition Type: FAT32
 
Computer Name: FLO-VAIO | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0222D555-5C5A-430B-935A-26170C85899F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{066DFC0D-2AC1-4F8A-A0CE-FC4EE559BA5F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{5A67A418-FE67-4DA8-B2E9-2C73D9B5303D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5E211B9D-02EB-4323-B421-7A1773788334}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{71C6B976-95EE-4571-AA75-720001EEE2A6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{78E68AFB-ED50-4C83-B3CA-93C46B145878}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7E7963E7-66AC-437B-BAAF-F030BAE62C99}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8112820C-A4AE-4B2A-BA9E-35BB4E8CCBC5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{99B846A2-5D34-4D7B-9733-70DB54D444B7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A9EEF803-F8D2-4405-95F2-F3A22F9208D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CA5EAA97-534C-450A-95A2-640ABADA234F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DEE10B25-7CE7-470E-9355-2DA6D3277E56}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E857A432-5AD4-4B48-906D-F4C93D716B46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FFD04D02-AEA2-40EC-8235-6CA6F2BBCF71}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A704B56-E1A6-4D7C-9B45-8ED746D3BDF3}" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\vaiocaremain.exe | 
"{1D47D00A-239D-4DE5-8763-86D3BB766222}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1D6C7807-B864-4981-A373-961DB5C4AA1F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{20F3FD0C-65EC-4FBF-A65C-DA17BD55BF07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2F8DF772-C4FD-4E48-BB4C-F7F5B1EF9724}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{3B6AB01D-2257-4ECC-A48F-B4A6FFA5AA5C}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{429500F2-2966-4F90-ACC4-3A15D51AC3BA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{437CBD96-A9D8-4111-A7C0-914509669FFF}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | 
"{57567A80-30CD-4933-9457-3CF2E14A3DF6}" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\vaiocaremain.exe | 
"{5A7C2F0B-6BFD-454B-9309-B8183B947EEA}" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\vcagent.exe | 
"{6159A99B-493B-41B2-A4B3-C52D75BB5836}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{616E1069-40E4-4130-B4F4-3D9A01E04850}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{65E3EC5E-0AAC-4DD4-99B5-EEF977699D69}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6A8E18FA-988E-435B-A151-04BD3F52F8C0}" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\vcagent.exe | 
"{6D3CA846-7BC0-48DD-A69D-C0AD0D24F3FA}" = protocol=6 | dir=in | app=c:\users\flo\appdata\local\temp\7zs5ca0.tmp\symnrt.exe | 
"{87507FB4-56CF-4696-95E2-8F00C9890F15}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{8CAF3CC6-3B85-4350-B519-CFF697EE9FB8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{975DD497-7745-4AB6-AC56-C536F33EA4E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AB38E9A6-6BDC-4A2B-AFFA-1A4AAA82B437}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B677A8AD-640E-4A1D-86A5-34D92EEEF5ED}" = protocol=17 | dir=in | app=c:\users\flo\appdata\local\temp\7zs5ca0.tmp\symnrt.exe | 
"{BECDEF67-9B35-493C-8775-D5E05D370063}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C0D11190-3AEB-42AB-910B-EF5D0DBBF920}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{CC6B9880-90EE-4055-AE88-232785CE5016}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{ED448E8B-9C51-4D3C-A86F-3AC16AAC03B6}" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\selfhealupdate.exe | 
"{EDCE2D25-DE71-49DC-9240-E79C9BA632A9}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | 
"{F97A4AE0-1522-4EA1-99C0-132E897438A6}" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\selfhealupdate.exe | 
"TCP Query User{1A97794E-7FCF-4496-9AE1-F22C68F30665}C:\users\flo\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\flo\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{717152CC-2457-4FD1-A609-8D173419E48C}C:\users\flo\appdata\roaming\awitce\puxab.exe" = protocol=6 | dir=in | app=c:\users\flo\appdata\roaming\awitce\puxab.exe | 
"TCP Query User{9C96F9C4-F03F-4822-8552-8778E68CC49C}C:\users\flo\appdata\roaming\ewnye\odkyz.exe" = protocol=6 | dir=in | app=c:\users\flo\appdata\roaming\ewnye\odkyz.exe | 
"TCP Query User{9DAFAD44-C9B2-4BF3-B279-6F24ADEA0C26}C:\users\flo\appdata\roaming\ewnye\odkyz.exe" = protocol=6 | dir=in | app=c:\users\flo\appdata\roaming\ewnye\odkyz.exe | 
"TCP Query User{A91B7831-BC1D-4A8D-935D-2607933B5B42}C:\users\flo\appdata\roaming\awitce\puxab.exe" = protocol=6 | dir=in | app=c:\users\flo\appdata\roaming\awitce\puxab.exe | 
"UDP Query User{220792BA-769D-472B-B954-F09A6C583BD4}C:\users\flo\appdata\roaming\ewnye\odkyz.exe" = protocol=17 | dir=in | app=c:\users\flo\appdata\roaming\ewnye\odkyz.exe | 
"UDP Query User{5BEEB375-ED19-4313-8A89-C1B2E3C87605}C:\users\flo\appdata\roaming\awitce\puxab.exe" = protocol=17 | dir=in | app=c:\users\flo\appdata\roaming\awitce\puxab.exe | 
"UDP Query User{851C05FF-FFC0-43D9-9FF1-5EA4DE48D8EB}C:\users\flo\appdata\roaming\awitce\puxab.exe" = protocol=17 | dir=in | app=c:\users\flo\appdata\roaming\awitce\puxab.exe | 
"UDP Query User{86295159-BF3D-48D3-B344-23727CB6227D}C:\users\flo\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\flo\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{ECC99618-005F-434B-B0A1-D6A918F1AE62}C:\users\flo\appdata\roaming\ewnye\odkyz.exe" = protocol=17 | dir=in | app=c:\users\flo\appdata\roaming\ewnye\odkyz.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3F7C54EA-F59C-45DD-BA93-AD1E084A9550}" = Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4EFA8109-732B-4026-9F0C-B70ECF3F9293}" = Windows Live Remote Service Resources
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{9F672527-2BE4-47AB-B061-C057BDE30B30}" = Windows Live Remote Client Resources
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ECFFD23C-3111-4685-8118-E1F79644203F}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"CNXT_AUDIO_HDA" = Conexant HD Audio
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" = 
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D7BC86-7358-464C-8AD0-0D84B5F0A0C9}" = Remote Keyboard
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1B0545C4-620F-4661-A369-C4D113F24932}" = Windows Live Writer Resources
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303F9E7-6293-4A85-BC21-CA226FAD5CE4}" = Windows Live Mail
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}" = Основи Windows Live
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{33D21DE0-8363-4997-A960-E32EA9D84AB3}" = KODAK Create@Home Software (für dm)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}" = Елемент керування Windows Live Mesh ActiveX для віддалених підключень
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AC57EEF-2733-4DE6-81BB-E78ACB964C22}" = Windows Live Photo Common
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur 
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{80651674-74AA-4155-AF2D-1339E628D187}" = Windows Live Movie Maker
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91989CE7-EE83-4A53-8E06-D97887928119}" = VAIO Care
"{91BD94FE-ADCA-49CC-BE96-97D4BBC36FAF}" = Windows Live Mesh
"{92280FD3-A119-41E6-A740-A62DBA4DFB53}" = Windows Live UX Platform Language Pack
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97821186-7938-4FC5-9171-8B508D6DE35A}" = LG Mouse Scanner
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C115A674-A398-49E5-9C6E-C0A541D3EA10}" = Фотоколекція Windows Live
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57A002F-2B34-4E7B-A58B-0A4FBDA2E93F}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6725026-A650-449C-897B-D6B7A5EEA058}" = Adobe Flash Player 10 Plugin
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F28C98E9-BAC1-41FF-81F2-8885925CCB48}" = Windows Live Writer
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AudibleManager" = AudibleManager
"Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1130
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"HP Photo Creations" = HP Photo Creations
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0
"MyFreeCodec" = MyFreeCodec
"N360" = Norton 360
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"SILIPA93" = SILIPA93 2.00
"splashtop" = VAIO Quick Web Access
"T4EPlayer" = T4E Player
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VAIO Help and Support" = 
"VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver
"WAV To MP3_is1" = WAV To MP3 V2
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-812394530-2126681308-1128913503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.06.2012 12:52:35 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.06.2012 15:04:06 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.06.2012 10:13:39 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.06.2012 11:27:54 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2012 14:27:59 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2012 15:14:41 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2012 17:52:04 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.07.2012 11:43:03 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.07.2012 04:31:57 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.07.2012 10:01:18 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 15.04.2013 15:49:17 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BHDrvx64
 
Error - 15.04.2013 16:44:49 | Computer Name = Flo-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?04.?2013 um 21:51:51 unerwartet heruntergefahren.
 
Error - 15.04.2013 16:45:16 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BHDrvx64
 
Error - 15.04.2013 16:54:34 | Computer Name = Flo-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?04.?2013 um 22:53:40 unerwartet heruntergefahren.
 
Error - 15.04.2013 16:55:04 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BHDrvx64
 
Error - 16.04.2013 03:33:00 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BHDrvx64
 
Error - 16.04.2013 04:26:31 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BHDrvx64
 
Error - 16.04.2013 07:11:27 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BHDrvx64
 
Error - 16.04.2013 07:15:50 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7022
Description = Der Dienst "VAIO Care Performance Service" wurde nicht richtig gestartet.
 
Error - 16.04.2013 07:36:32 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Norton 360" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
         


Alt 16.04.2013, 13:53   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Standard

GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?

Alt 16.04.2013, 20:03   #7
tommi1991
 
GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Standard

GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?



Der Scan von Gmer:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-16 20:40:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0006 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Flo\AppData\Local\Temp\pwldypow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                          00000000776efc90 5 bytes JMP 000000010010091c
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                        00000000776efdf4 5 bytes JMP 0000000100100048
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                 00000000776efe88 5 bytes JMP 00000001001002ee
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                              00000000776effe4 5 bytes JMP 00000001001004b2
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                      00000000776f0018 5 bytes JMP 00000001001009fe
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                              00000000776f0048 5 bytes JMP 0000000100100ae0
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                           00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                              00000000776f077c 5 bytes JMP 000000010010012a
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                  00000000776f086c 5 bytes JMP 0000000100100758
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                            00000000776f0884 5 bytes JMP 0000000100100676
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                00000000776f0dd4 5 bytes JMP 00000001001003d0
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                          00000000776f1900 5 bytes JMP 0000000100100594
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                      00000000776f1bc4 5 bytes JMP 000000010010083a
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                             00000000776f1d50 5 bytes JMP 000000010010020c
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206            000000007502524f 7 bytes JMP 0000000100100f52
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                00000000750253d0 7 bytes JMP 0000000100110210
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149               0000000075025677 1 byte JMP 0000000100110048
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151               0000000075025679 5 bytes {JMP 0xffffffff8b0ea9d1}
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                      000000007502589a 7 bytes JMP 0000000100100ca6
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                      0000000075025a1d 7 bytes JMP 00000001001103d8
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                 0000000075025c9b 7 bytes JMP 000000010011012c
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                   0000000075025d87 7 bytes JMP 00000001001102f4
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123  0000000075027240 7 bytes JMP 0000000100100e6e
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                 0000000074ed1492 7 bytes JMP 00000001001104bc
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                              00000000776efc90 5 bytes JMP 000000010028091c
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                            00000000776efdf4 5 bytes JMP 0000000100280048
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                     00000000776efe88 5 bytes JMP 00000001002802ee
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                  00000000776effe4 5 bytes JMP 00000001002804b2
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                          00000000776f0018 5 bytes JMP 00000001002809fe
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                  00000000776f0048 5 bytes JMP 0000000100280ae0
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                               00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                  00000000776f077c 5 bytes JMP 000000010028012a
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                      00000000776f086c 5 bytes JMP 0000000100280758
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                00000000776f0884 5 bytes JMP 0000000100280676
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                    00000000776f0dd4 5 bytes JMP 00000001002803d0
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                              00000000776f1900 5 bytes JMP 0000000100280594
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                          00000000776f1bc4 5 bytes JMP 000000010028083a
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                 00000000776f1d50 5 bytes JMP 000000010028020c
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                     0000000074ed1492 7 bytes JMP 00000001002904bc
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                000000007502524f 7 bytes JMP 0000000100280f52
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                    00000000750253d0 7 bytes JMP 0000000100290210
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                   0000000075025677 1 byte JMP 0000000100290048
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                   0000000075025679 5 bytes {JMP 0xffffffff8b26a9d1}
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                          000000007502589a 7 bytes JMP 0000000100280ca6
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                          0000000075025a1d 7 bytes JMP 00000001002903d8
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                     0000000075025c9b 7 bytes JMP 000000010029012c
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                       0000000075025d87 7 bytes JMP 00000001002902f4
.text  C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                      0000000075027240 7 bytes JMP 0000000100280e6e
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                   00000000776efc90 5 bytes JMP 00000001000f091c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                 00000000776efdf4 5 bytes JMP 00000001000f0048
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                          00000000776efe88 5 bytes JMP 00000001000f02ee
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                       00000000776effe4 5 bytes JMP 00000001000f04b2
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                               00000000776f0018 5 bytes JMP 00000001000f09fe
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                       00000000776f0048 5 bytes JMP 00000001000f0ae0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                    00000000776f0064 5 bytes JMP 00000001000d004c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                       00000000776f077c 5 bytes JMP 00000001000f012a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                           00000000776f086c 5 bytes JMP 00000001000f0758
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                     00000000776f0884 5 bytes JMP 00000001000f0676
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                         00000000776f0dd4 5 bytes JMP 00000001000f03d0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                   00000000776f1900 5 bytes JMP 00000001000f0594
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                               00000000776f1bc4 5 bytes JMP 00000001000f083a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                      00000000776f1d50 5 bytes JMP 00000001000f020c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                          0000000074ed1492 7 bytes JMP 000000010010059e
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                     000000007502524f 7 bytes JMP 00000001000f0f52
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                         00000000750253d0 7 bytes JMP 0000000100100210
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                        0000000075025677 1 byte JMP 0000000100100048
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                        0000000075025679 5 bytes {JMP 0xffffffff8b0da9d1}
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                               000000007502589a 7 bytes JMP 00000001000f0ca6
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                               0000000075025a1d 7 bytes JMP 00000001001003d8
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                          0000000075025c9b 7 bytes JMP 000000010010012c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                            0000000075025d87 7 bytes JMP 00000001001002f4
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                           0000000075027240 7 bytes JMP 00000001000f0e6e
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                     00000000776efc90 5 bytes JMP 000000010013091c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                   00000000776efdf4 5 bytes JMP 0000000100130048
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                            00000000776efe88 5 bytes JMP 00000001001302ee
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                         00000000776effe4 5 bytes JMP 00000001001304b2
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                 00000000776f0018 5 bytes JMP 00000001001309fe
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                         00000000776f0048 5 bytes JMP 0000000100130ae0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                      00000000776f0064 5 bytes JMP 000000010011004c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                         00000000776f077c 5 bytes JMP 000000010013012a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                             00000000776f086c 5 bytes JMP 0000000100130758
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                       00000000776f0884 5 bytes JMP 0000000100130676
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                           00000000776f0dd4 5 bytes JMP 00000001001303d0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                     00000000776f1900 5 bytes JMP 0000000100130594
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                 00000000776f1bc4 5 bytes JMP 000000010013083a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                        00000000776f1d50 5 bytes JMP 000000010013020c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                       000000007502524f 7 bytes JMP 0000000100130f52
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                           00000000750253d0 7 bytes JMP 0000000100140210
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                          0000000075025677 1 byte JMP 0000000100140048
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                          0000000075025679 5 bytes {JMP 0xffffffff8b11a9d1}
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                 000000007502589a 7 bytes JMP 0000000100130ca6
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                 0000000075025a1d 7 bytes JMP 00000001001403d8
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                            0000000075025c9b 7 bytes JMP 000000010014012c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                              0000000075025d87 7 bytes JMP 00000001001402f4
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                             0000000075027240 7 bytes JMP 0000000100130e6e
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                            0000000074ed1492 7 bytes JMP 000000010014059e
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              00000000759f1465 2 bytes [9F, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             00000000759f14bb 2 bytes [9F, 75]
.text  ...                                                                                                                                                                          * 2
?      C:\Windows\system32\mssprxy.dll [1884] entry point in ".rdata" section                                                                                                       0000000069a171e6
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                             00000000776efc90 5 bytes JMP 000000010019091c
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                           00000000776efdf4 5 bytes JMP 0000000100190048
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                    00000000776efe88 5 bytes JMP 00000001001902ee
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                 00000000776effe4 5 bytes JMP 00000001001904b2
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                         00000000776f0018 5 bytes JMP 00000001001909fe
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                 00000000776f0048 5 bytes JMP 0000000100190ae0
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                              00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                 00000000776f077c 5 bytes JMP 000000010019012a
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                     00000000776f086c 5 bytes JMP 0000000100190758
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                               00000000776f0884 5 bytes JMP 0000000100190676
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                   00000000776f0dd4 5 bytes JMP 00000001001903d0
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                             00000000776f1900 5 bytes JMP 0000000100190594
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                         00000000776f1bc4 5 bytes JMP 000000010019083a
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                00000000776f1d50 5 bytes JMP 000000010019020c
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                    0000000074ed1492 7 bytes JMP 00000001001a059e
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                               000000007502524f 7 bytes JMP 0000000100190f52
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                   00000000750253d0 7 bytes JMP 00000001001a0210
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                  0000000075025677 1 byte JMP 00000001001a0048
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                  0000000075025679 5 bytes {JMP 0xffffffff8b17a9d1}
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                         000000007502589a 7 bytes JMP 0000000100190ca6
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                         0000000075025a1d 7 bytes JMP 00000001001a03d8
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                    0000000075025c9b 7 bytes JMP 00000001001a012c
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                      0000000075025d87 7 bytes JMP 00000001001a02f4
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                     0000000075027240 7 bytes JMP 0000000100190e6e
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                             00000000776efc90 5 bytes JMP 000000010014091c
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                           00000000776efdf4 5 bytes JMP 0000000100140048
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                    00000000776efe88 5 bytes JMP 00000001001402ee
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                 00000000776effe4 5 bytes JMP 00000001001404b2
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                         00000000776f0018 5 bytes JMP 00000001001409fe
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                 00000000776f0048 5 bytes JMP 0000000100140ae0
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                              00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                 00000000776f077c 5 bytes JMP 000000010014012a
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                     00000000776f086c 5 bytes JMP 0000000100140758
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                               00000000776f0884 5 bytes JMP 0000000100140676
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                   00000000776f0dd4 5 bytes JMP 00000001001403d0
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                             00000000776f1900 5 bytes JMP 0000000100140594
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                         00000000776f1bc4 5 bytes JMP 000000010014083a
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                00000000776f1d50 5 bytes JMP 000000010014020c
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                    0000000074ed1492 7 bytes JMP 00000001001504bc
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                               000000007502524f 7 bytes JMP 0000000100140f52
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                   00000000750253d0 7 bytes JMP 0000000100150210
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                  0000000075025677 1 byte JMP 0000000100150048
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                  0000000075025679 5 bytes {JMP 0xffffffff8b12a9d1}
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                         000000007502589a 7 bytes JMP 0000000100140ca6
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                         0000000075025a1d 7 bytes JMP 00000001001503d8
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                    0000000075025c9b 7 bytes JMP 000000010015012c
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                      0000000075025d87 7 bytes JMP 00000001001502f4
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                     0000000075027240 7 bytes JMP 0000000100140e6e
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                          00000000776efc90 5 bytes JMP 000000010024091c
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                        00000000776efdf4 5 bytes JMP 0000000100240048
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                 00000000776efe88 5 bytes JMP 00000001002402ee
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                              00000000776effe4 5 bytes JMP 00000001002404b2
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                      00000000776f0018 5 bytes JMP 00000001002409fe
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                              00000000776f0048 5 bytes JMP 0000000100240ae0
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                           00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                              00000000776f077c 5 bytes JMP 000000010024012a
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                  00000000776f086c 5 bytes JMP 0000000100240758
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                            00000000776f0884 5 bytes JMP 0000000100240676
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                00000000776f0dd4 5 bytes JMP 00000001002403d0
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                          00000000776f1900 5 bytes JMP 0000000100240594
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                      00000000776f1bc4 5 bytes JMP 000000010024083a
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                             00000000776f1d50 5 bytes JMP 000000010024020c
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                 0000000074ed1492 7 bytes JMP 00000001002504bc
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                            000000007502524f 7 bytes JMP 0000000100240f52
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                00000000750253d0 7 bytes JMP 0000000100250210
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                               0000000075025677 1 byte JMP 0000000100250048
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                               0000000075025679 5 bytes {JMP 0xffffffff8b22a9d1}
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                      000000007502589a 7 bytes JMP 0000000100240ca6
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                      0000000075025a1d 7 bytes JMP 00000001002503d8
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                 0000000075025c9b 7 bytes JMP 000000010025012c
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                   0000000075025d87 7 bytes JMP 00000001002502f4
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                  0000000075027240 7 bytes JMP 0000000100240e6e
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                          00000000776efc90 5 bytes JMP 000000010009091c
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                        00000000776efdf4 5 bytes JMP 0000000100090048
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                 00000000776efe88 5 bytes JMP 00000001000902ee
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                              00000000776effe4 5 bytes JMP 00000001000904b2
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                      00000000776f0018 5 bytes JMP 00000001000909fe
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                              00000000776f0048 5 bytes JMP 0000000100090ae0
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                           00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                              00000000776f077c 5 bytes JMP 000000010009012a
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                  00000000776f086c 5 bytes JMP 0000000100090758
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                            00000000776f0884 5 bytes JMP 0000000100090676
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                00000000776f0dd4 5 bytes JMP 00000001000903d0
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                          00000000776f1900 5 bytes JMP 0000000100090594
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                      00000000776f1bc4 5 bytes JMP 000000010009083a
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                             00000000776f1d50 5 bytes JMP 000000010009020c
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                 0000000074ed1492 7 bytes JMP 00000001000a04bc
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                            000000007502524f 7 bytes JMP 0000000100090f52
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                00000000750253d0 7 bytes JMP 00000001000a0210
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                               0000000075025677 1 byte JMP 00000001000a0048
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                               0000000075025679 5 bytes {JMP 0xffffffff8b07a9d1}
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                      000000007502589a 7 bytes JMP 0000000100090ca6
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                      0000000075025a1d 7 bytes JMP 00000001000a03d8
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                 0000000075025c9b 7 bytes JMP 00000001000a012c
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                   0000000075025d87 7 bytes JMP 00000001000a02f4
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                  0000000075027240 7 bytes JMP 0000000100090e6e
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                   00000000759f1465 2 bytes [9F, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  00000000759f14bb 2 bytes [9F, 75]
.text  ...                                                                                                                                                                          * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000759f1465 2 bytes [9F, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000759f14bb 2 bytes [9F, 75]
.text  ...                                                                                                                                                                          * 2
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                         00000000776efc90 5 bytes JMP 000000010013091c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                       00000000776efdf4 5 bytes JMP 0000000100130048
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                00000000776efe88 5 bytes JMP 00000001001302ee
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                             00000000776effe4 5 bytes JMP 00000001001304b2
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                     00000000776f0018 5 bytes JMP 00000001001309fe
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                             00000000776f0048 5 bytes JMP 0000000100130ae0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                          00000000776f0064 5 bytes JMP 000000010009004c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                             00000000776f077c 5 bytes JMP 000000010013012a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                 00000000776f086c 5 bytes JMP 0000000100130758
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                           00000000776f0884 5 bytes JMP 0000000100130676
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                               00000000776f0dd4 5 bytes JMP 00000001001303d0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                         00000000776f1900 5 bytes JMP 0000000100130594
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                     00000000776f1bc4 5 bytes JMP 000000010013083a
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                            00000000776f1d50 5 bytes JMP 000000010013020c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                0000000074ed1492 7 bytes JMP 000000010014059e
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                           000000007502524f 7 bytes JMP 0000000100130f52
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                               00000000750253d0 7 bytes JMP 0000000100140210
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                              0000000075025677 1 byte JMP 0000000100140048
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                              0000000075025679 5 bytes {JMP 0xffffffff8b11a9d1}
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                     000000007502589a 7 bytes JMP 0000000100130ca6
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                     0000000075025a1d 7 bytes JMP 00000001001403d8
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                0000000075025c9b 7 bytes JMP 000000010014012c
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                  0000000075025d87 7 bytes JMP 00000001001402f4
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                 0000000075027240 7 bytes JMP 0000000100130e6e
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                         00000000776efc90 5 bytes JMP 000000010029091c
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                       00000000776efdf4 5 bytes JMP 0000000100290048
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                00000000776efe88 5 bytes JMP 00000001002902ee
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                             00000000776effe4 5 bytes JMP 00000001002904b2
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                     00000000776f0018 5 bytes JMP 00000001002909fe
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                             00000000776f0048 5 bytes JMP 0000000100290ae0
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                          00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                             00000000776f077c 5 bytes JMP 000000010029012a
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                 00000000776f086c 5 bytes JMP 0000000100290758
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                           00000000776f0884 5 bytes JMP 0000000100290676
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                               00000000776f0dd4 5 bytes JMP 00000001002903d0
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                         00000000776f1900 5 bytes JMP 0000000100290594
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                     00000000776f1bc4 5 bytes JMP 000000010029083a
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                            00000000776f1d50 5 bytes JMP 000000010029020c
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                        00000000776efc90 5 bytes JMP 000000010018091c
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                      00000000776efdf4 5 bytes JMP 0000000100180048
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                               00000000776efe88 5 bytes JMP 00000001001802ee
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                            00000000776effe4 5 bytes JMP 00000001001804b2
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                    00000000776f0018 5 bytes JMP 00000001001809fe
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                            00000000776f0048 5 bytes JMP 0000000100180ae0
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                         00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                            00000000776f077c 5 bytes JMP 000000010018012a
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                00000000776f086c 5 bytes JMP 0000000100180758
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                          00000000776f0884 5 bytes JMP 0000000100180676
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                              00000000776f0dd4 5 bytes JMP 00000001001803d0
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                        00000000776f1900 5 bytes JMP 0000000100180594
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                    00000000776f1bc4 5 bytes JMP 000000010018083a
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                           00000000776f1d50 5 bytes JMP 000000010018020c
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                               0000000074ed1492 7 bytes JMP 0000000100190762
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                          000000007502524f 7 bytes JMP 0000000100180f52
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                              00000000750253d0 7 bytes JMP 0000000100190210
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                             0000000075025677 1 byte JMP 0000000100190048
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                             0000000075025679 5 bytes {JMP 0xffffffff8b16a9d1}
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                    000000007502589a 7 bytes JMP 0000000100180ca6
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                    0000000075025a1d 7 bytes JMP 00000001001903d8
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                               0000000075025c9b 7 bytes JMP 000000010019012c
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                 0000000075025d87 7 bytes JMP 00000001001902f4
.text  C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                0000000075027240 7 bytes JMP 0000000100180e6e
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                    00000000776efc90 5 bytes JMP 000000010009091c
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                  00000000776efdf4 5 bytes JMP 0000000100090048
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                           00000000776efe88 5 bytes JMP 00000001000902ee
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                        00000000776effe4 5 bytes JMP 00000001000904b2
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                00000000776f0018 5 bytes JMP 00000001000909fe
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                        00000000776f0048 5 bytes JMP 0000000100090ae0
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                     00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                        00000000776f077c 5 bytes JMP 000000010009012a
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                            00000000776f086c 5 bytes JMP 0000000100090758
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                      00000000776f0884 5 bytes JMP 0000000100090676
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                          00000000776f0dd4 5 bytes JMP 00000001000903d0
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                    00000000776f1900 5 bytes JMP 0000000100090594
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                00000000776f1bc4 5 bytes JMP 000000010009083a
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                       00000000776f1d50 5 bytes JMP 000000010009020c
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                      000000007502524f 7 bytes JMP 0000000100090f52
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                          00000000750253d0 7 bytes JMP 00000001000a0210
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                         0000000075025677 1 byte JMP 00000001000a0048
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                         0000000075025679 5 bytes {JMP 0xffffffff8b07a9d1}
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                000000007502589a 7 bytes JMP 0000000100090ca6
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                0000000075025a1d 7 bytes JMP 00000001000a03d8
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                           0000000075025c9b 7 bytes JMP 00000001000a012c
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                             0000000075025d87 7 bytes JMP 00000001000a02f4
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                            0000000075027240 7 bytes JMP 0000000100090e6e
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                           0000000074ed1492 7 bytes JMP 00000001000a059e
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                            00000000776efc90 5 bytes JMP 000000010029091c
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                          00000000776efdf4 5 bytes JMP 0000000100290048
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                   00000000776efe88 5 bytes JMP 00000001002902ee
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                00000000776effe4 5 bytes JMP 00000001002904b2
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                        00000000776f0018 5 bytes JMP 00000001002909fe
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                00000000776f0048 5 bytes JMP 0000000100290ae0
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                             00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                00000000776f077c 5 bytes JMP 000000010029012a
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                    00000000776f086c 5 bytes JMP 0000000100290758
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                              00000000776f0884 5 bytes JMP 0000000100290676
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                  00000000776f0dd4 5 bytes JMP 00000001002903d0
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                            00000000776f1900 5 bytes JMP 0000000100290594
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                        00000000776f1bc4 5 bytes JMP 000000010029083a
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                               00000000776f1d50 5 bytes JMP 000000010029020c
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                   0000000074ed1492 7 bytes JMP 00000001002a059e
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                              000000007502524f 7 bytes JMP 0000000100290f52
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                  00000000750253d0 7 bytes JMP 00000001002a0210
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                 0000000075025677 1 byte JMP 00000001002a0048
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                 0000000075025679 5 bytes {JMP 0xffffffff8b27a9d1}
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                        000000007502589a 7 bytes JMP 0000000100290ca6
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                        0000000075025a1d 7 bytes JMP 00000001002a03d8
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                   0000000075025c9b 7 bytes JMP 00000001002a012c
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                     0000000075025d87 7 bytes JMP 00000001002a02f4
.text  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                    0000000075027240 7 bytes JMP 0000000100290e6e
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                        00000000776efc90 5 bytes JMP 000000010010091c
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                      00000000776efdf4 5 bytes JMP 0000000100100048
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                               00000000776efe88 5 bytes JMP 00000001001002ee
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                            00000000776effe4 5 bytes JMP 00000001001004b2
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                    00000000776f0018 5 bytes JMP 00000001001009fe
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                            00000000776f0048 5 bytes JMP 0000000100100ae0
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                         00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                            00000000776f077c 5 bytes JMP 000000010010012a
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                00000000776f086c 5 bytes JMP 0000000100100758
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                          00000000776f0884 5 bytes JMP 0000000100100676
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                              00000000776f0dd4 5 bytes JMP 00000001001003d0
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                        00000000776f1900 5 bytes JMP 0000000100100594
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                    00000000776f1bc4 5 bytes JMP 000000010010083a
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                           00000000776f1d50 5 bytes JMP 000000010010020c
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                          000000007502524f 7 bytes JMP 0000000100100f52
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                              00000000750253d0 7 bytes JMP 00000001001d0210
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                             0000000075025677 1 byte JMP 00000001001d0048
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                             0000000075025679 5 bytes {JMP 0xffffffff8b1aa9d1}
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                    000000007502589a 7 bytes JMP 0000000100100ca6
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                    0000000075025a1d 7 bytes JMP 00000001001d03d8
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                               0000000075025c9b 7 bytes JMP 00000001001d012c
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                 0000000075025d87 7 bytes JMP 00000001001d02f4
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                                0000000075027240 7 bytes JMP 0000000100100e6e
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                               0000000074ed1492 7 bytes JMP 00000001001d04bc
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                           00000000776efc90 5 bytes JMP 000000010105091c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                         00000000776efdf4 5 bytes JMP 0000000101050048
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                  00000000776efe88 5 bytes JMP 00000001010502ee
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                               00000000776effe4 5 bytes JMP 00000001010504b2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                       00000000776f0018 5 bytes JMP 00000001010509fe
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                               00000000776f0048 5 bytes JMP 0000000101050ae0
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                            00000000776f0064 5 bytes JMP 000000010103004c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                               00000000776f077c 5 bytes JMP 000000010105012a
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                   00000000776f086c 5 bytes JMP 0000000101050758
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                             00000000776f0884 5 bytes JMP 0000000101050676
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                 00000000776f0dd4 5 bytes JMP 00000001010503d0
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                           00000000776f1900 5 bytes JMP 0000000101050594
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                       00000000776f1bc4 5 bytes JMP 000000010105083a
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                              00000000776f1d50 5 bytes JMP 000000010105020c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                  0000000074ed1492 7 bytes JMP 000000010106059e
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                             000000007502524f 7 bytes JMP 0000000101050f52
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                 00000000750253d0 7 bytes JMP 0000000101060210
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                0000000075025677 1 byte JMP 0000000101060048
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                0000000075025679 5 bytes {JMP 0xffffffff8c03a9d1}
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                       000000007502589a 7 bytes JMP 0000000101050ca6
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                       0000000075025a1d 7 bytes JMP 00000001010603d8
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                  0000000075025c9b 7 bytes JMP 000000010106012c
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                    0000000075025d87 7 bytes JMP 00000001010602f4
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                   0000000075027240 7 bytes JMP 0000000101050e6e
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                    00000000759f1465 2 bytes [9F, 75]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                   00000000759f14bb 2 bytes [9F, 75]
.text  ...                                                                                                                                                                          * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                        00000000776efc90 5 bytes JMP 000000010038091c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                      00000000776efdf4 5 bytes JMP 0000000100380048
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                               00000000776efe88 5 bytes JMP 00000001003802ee
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                            00000000776effe4 5 bytes JMP 00000001003804b2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                    00000000776f0018 5 bytes JMP 00000001003809fe
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                            00000000776f0048 5 bytes JMP 0000000100380ae0
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                         00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                            00000000776f077c 5 bytes JMP 000000010038012a
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                00000000776f086c 5 bytes JMP 0000000100380758
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                          00000000776f0884 5 bytes JMP 0000000100380676
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                              00000000776f0dd4 5 bytes JMP 00000001003803d0
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                        00000000776f1900 5 bytes JMP 0000000100380594
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                    00000000776f1bc4 5 bytes JMP 000000010038083a
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                           00000000776f1d50 5 bytes JMP 000000010038020c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                          000000007502524f 7 bytes JMP 0000000100380f52
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                              00000000750253d0 7 bytes JMP 0000000100390210
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                             0000000075025677 1 byte JMP 0000000100390048
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                             0000000075025679 5 bytes {JMP 0xffffffff8b36a9d1}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                    000000007502589a 7 bytes JMP 0000000100380ca6
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                    0000000075025a1d 7 bytes JMP 00000001003903d8
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                               0000000075025c9b 7 bytes JMP 000000010039012c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                 0000000075025d87 7 bytes JMP 00000001003902f4
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                0000000075027240 7 bytes JMP 0000000100380e6e
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                               0000000074ed1492 7 bytes JMP 00000001003904bc
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                          00000000776efc90 5 bytes JMP 000000010028091c
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                        00000000776efdf4 5 bytes JMP 0000000100280048
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                                 00000000776efe88 5 bytes JMP 00000001002802ee
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                              00000000776effe4 5 bytes JMP 00000001002804b2
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                      00000000776f0018 5 bytes JMP 00000001002809fe
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                              00000000776f0048 5 bytes JMP 0000000100280ae0
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                           00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                              00000000776f077c 5 bytes JMP 000000010028012a
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                  00000000776f086c 5 bytes JMP 0000000100280758
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                            00000000776f0884 5 bytes JMP 0000000100280676
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                00000000776f0dd4 5 bytes JMP 00000001002803d0
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                          00000000776f1900 5 bytes JMP 0000000100280594
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                      00000000776f1bc4 5 bytes JMP 000000010028083a
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                             00000000776f1d50 5 bytes JMP 000000010028020c
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                                 0000000074ed1492 7 bytes JMP 000000010029059e
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                            000000007502524f 7 bytes JMP 0000000100280f52
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                                00000000750253d0 7 bytes JMP 0000000100290210
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                               0000000075025677 1 byte JMP 0000000100290048
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                               0000000075025679 5 bytes {JMP 0xffffffff8b26a9d1}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                      000000007502589a 7 bytes JMP 0000000100280ca6
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                      0000000075025a1d 7 bytes JMP 00000001002903d8
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                                 0000000075025c9b 7 bytes JMP 000000010029012c
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                   0000000075025d87 7 bytes JMP 00000001002902f4
.text  C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                                  0000000075027240 7 bytes JMP 0000000100280e6e
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                               00000000776efc90 5 bytes JMP 000000010028091c
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                             00000000776efdf4 5 bytes JMP 0000000100280048
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                      00000000776efe88 5 bytes JMP 00000001002802ee
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                   00000000776effe4 5 bytes JMP 00000001002804b2
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                           00000000776f0018 5 bytes JMP 00000001002809fe
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                   00000000776f0048 5 bytes JMP 0000000100280ae0
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                   00000000776f077c 5 bytes JMP 000000010028012a
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                       00000000776f086c 5 bytes JMP 0000000100280758
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                 00000000776f0884 5 bytes JMP 0000000100280676
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                     00000000776f0dd4 5 bytes JMP 00000001002803d0
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                               00000000776f1900 5 bytes JMP 0000000100280594
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                           00000000776f1bc4 5 bytes JMP 000000010028083a
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                  00000000776f1d50 5 bytes JMP 000000010028020c
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                      0000000074ed1492 7 bytes JMP 00000001002904bc
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                 000000007502524f 7 bytes JMP 0000000100280f52
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                     00000000750253d0 7 bytes JMP 0000000100290210
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                    0000000075025677 1 byte JMP 0000000100290048
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                    0000000075025679 5 bytes {JMP 0xffffffff8b26a9d1}
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                           000000007502589a 7 bytes JMP 0000000100280ca6
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                           0000000075025a1d 7 bytes JMP 00000001002903d8
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                      0000000075025c9b 7 bytes JMP 000000010029012c
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                        0000000075025d87 7 bytes JMP 00000001002902f4
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                       0000000075027240 7 bytes JMP 0000000100280e6e
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        00000000759f1465 2 bytes [9F, 75]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000759f14bb 2 bytes [9F, 75]
.text  ...                                                                                                                                                                          * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                        00000000776efc90 5 bytes JMP 00000001003e091c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                      00000000776efdf4 5 bytes JMP 00000001003e0048
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                               00000000776efe88 5 bytes JMP 00000001003e02ee
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                            00000000776effe4 5 bytes JMP 00000001003e04b2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                    00000000776f0018 5 bytes JMP 00000001003e09fe
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                            00000000776f0048 5 bytes JMP 00000001003e0ae0
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                         00000000776f0064 5 bytes JMP 00000001001d004c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                            00000000776f077c 5 bytes JMP 00000001003e012a
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                00000000776f086c 5 bytes JMP 00000001003e0758
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                          00000000776f0884 5 bytes JMP 00000001003e0676
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                              00000000776f0dd4 5 bytes JMP 00000001003e03d0
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                        00000000776f1900 5 bytes JMP 00000001003e0594
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                    00000000776f1bc4 5 bytes JMP 00000001003e083a
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                           00000000776f1d50 5 bytes JMP 00000001003e020c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                          000000007502524f 7 bytes JMP 00000001003e0f52
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                              00000000750253d0 7 bytes JMP 00000001003f0210
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                             0000000075025677 1 byte JMP 00000001003f0048
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                             0000000075025679 5 bytes {JMP 0xffffffff8b3ca9d1}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                    000000007502589a 7 bytes JMP 00000001003e0ca6
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                    0000000075025a1d 7 bytes JMP 00000001003f03d8
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                               0000000075025c9b 7 bytes JMP 00000001003f012c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                 0000000075025d87 7 bytes JMP 00000001003f02f4
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                0000000075027240 7 bytes JMP 00000001003e0e6e
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                               0000000074ed1492 7 bytes JMP 00000001003f059e
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                         00000000776efc90 5 bytes JMP 000000010009091c
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                       00000000776efdf4 5 bytes JMP 0000000100090048
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                                00000000776efe88 5 bytes JMP 00000001000902ee
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                             00000000776effe4 5 bytes JMP 00000001000904b2
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                     00000000776f0018 5 bytes JMP 00000001000909fe
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                             00000000776f0048 5 bytes JMP 0000000100090ae0
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                          00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                             00000000776f077c 5 bytes JMP 000000010009012a
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                 00000000776f086c 5 bytes JMP 0000000100090758
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                           00000000776f0884 5 bytes JMP 0000000100090676
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                               00000000776f0dd4 5 bytes JMP 00000001000903d0
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                         00000000776f1900 5 bytes JMP 0000000100090594
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                     00000000776f1bc4 5 bytes JMP 000000010009083a
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                            00000000776f1d50 5 bytes JMP 000000010009020c
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                           000000007502524f 7 bytes JMP 0000000100090f52
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                               00000000750253d0 7 bytes JMP 00000001000a0210
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                              0000000075025677 1 byte JMP 00000001000a0048
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                              0000000075025679 5 bytes {JMP 0xffffffff8b07a9d1}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                     000000007502589a 7 bytes JMP 0000000100090ca6
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                     0000000075025a1d 7 bytes JMP 00000001000a03d8
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                                0000000075025c9b 7 bytes JMP 00000001000a012c
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                  0000000075025d87 7 bytes JMP 00000001000a02f4
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                                 0000000075027240 7 bytes JMP 0000000100090e6e
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                                0000000074ed1492 7 bytes JMP 00000001000a04bc
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                               00000000776efc90 5 bytes JMP 000000010024091c
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                             00000000776efdf4 5 bytes JMP 0000000100240048
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                                      00000000776efe88 5 bytes JMP 00000001002402ee
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                   00000000776effe4 5 bytes JMP 00000001002404b2
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                           00000000776f0018 5 bytes JMP 00000001002409fe
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                   00000000776f0048 5 bytes JMP 0000000100240ae0
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                00000000776f0064 5 bytes JMP 000000010002004c
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                   00000000776f077c 5 bytes JMP 000000010024012a
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                       00000000776f086c 5 bytes JMP 0000000100240758
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                 00000000776f0884 5 bytes JMP 0000000100240676
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                     00000000776f0dd4 5 bytes JMP 00000001002403d0
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                               00000000776f1900 5 bytes JMP 0000000100240594
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                           00000000776f1bc4 5 bytes JMP 000000010024083a
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                  00000000776f1d50 5 bytes JMP 000000010024020c
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                                 000000007502524f 7 bytes JMP 0000000100240f52
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                                     00000000750253d0 7 bytes JMP 0000000100310210
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                                    0000000075025677 1 byte JMP 0000000100310048
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                                    0000000075025679 5 bytes {JMP 0xffffffff8b2ea9d1}
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                           000000007502589a 7 bytes JMP 0000000100240ca6
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                           0000000075025a1d 7 bytes JMP 00000001003103d8
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                                      0000000075025c9b 7 bytes JMP 000000010031012c
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                        0000000075025d87 7 bytes JMP 00000001003102f4
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                                       0000000075027240 7 bytes JMP 0000000100240e6e
.text  C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                                      0000000074ed1492 7 bytes JMP 00000001003104bc

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004eba2aaa                                                                                                  
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c1e22a                                                                                                  
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004eba2aaa (not active ControlSet)                                                                              
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c1e22a (not active ControlSet)                                                                              

---- EOF - GMER 2.1 ----
         
Während des Scans von MBAR ist mein PC abgestürzt und dann stand da: "A problem has been detected and windows has been shut down to prevent damage to your computer etc."

Soll ich diesen Scan trotzdem noch einmal durchführen?

Alt 17.04.2013, 11:51   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Standard

GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?



Ja Scan bitte wiederholen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.04.2013, 13:44   #9
tommi1991
 
GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Standard

GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?



Beim zweiten Scan mit MBAR ist der PC nicht abgestürzt und es wurde keine Malware gefunden.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.17.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Flo :: FLO-VAIO [administrator]

17.04.2013 14:40:04
mbar-log-2013-04-17 (14-40-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31648
Time elapsed: 27 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 17.04.2013, 14:09   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Standard

GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.04.2013, 18:05   #11
tommi1991
 
GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Standard

GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?



aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-17 15:20:08
-----------------------------
15:20:08.913    OS Version: Windows x64 6.1.7601 Service Pack 1
15:20:08.913    Number of processors: 2 586 0x2A07
15:20:08.913    ComputerName: FLO-VAIO  UserName: Flo
15:20:11.310    Initialize success
15:27:57.546    AVAST engine defs: 13041700
18:27:04.250    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:27:04.250    Disk 0 Vendor: ST950032 0006 Size: 476940MB BusType: 3
18:27:04.437    Disk 0 MBR read successfully
18:27:04.453    Disk 0 MBR scan
18:27:04.453    Disk 0 Windows 7 default MBR code
18:27:04.453    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13825 MB offset 2048
18:27:04.468    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 28317696
18:27:04.484    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       463013 MB offset 28522496
18:27:04.609    Disk 0 scanning C:\Windows\system32\drivers
18:27:17.604    Service scanning
18:27:53.281    Modules scanning
18:27:53.281    Disk 0 trace - called modules:
18:27:53.343    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
18:27:53.359    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c33060]
18:27:53.359    3 CLASSPNP.SYS[fffff880013ca43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800470c050]
18:27:55.404    AVAST engine scan C:\Windows
18:27:58.960    AVAST engine scan C:\Windows\system32
18:32:40.247    AVAST engine scan C:\Windows\system32\drivers
18:33:17.452    AVAST engine scan C:\Users\Flo
18:47:58.120    AVAST engine scan C:\ProgramData
18:52:50.155    Scan finished successfully
18:59:03.572    Disk 0 MBR has been saved successfully to "C:\Users\Flo\Desktop\MBR.dat"
18:59:03.588    The log file has been saved successfully to "C:\Users\Flo\Desktop\aswMBR.txt"
         

TDSS-Killer:

Code:
ATTFilter
19:01:38.0540 3568  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:01:40.0054 3568  ============================================================
19:01:40.0054 3568  Current date / time: 2013/04/17 19:01:40.0054
19:01:40.0054 3568  SystemInfo:
19:01:40.0054 3568  
19:01:40.0054 3568  OS Version: 6.1.7601 ServicePack: 1.0
19:01:40.0054 3568  Product type: Workstation
19:01:40.0054 3568  ComputerName: FLO-VAIO
19:01:40.0054 3568  UserName: Flo
19:01:40.0054 3568  Windows directory: C:\Windows
19:01:40.0054 3568  System windows directory: C:\Windows
19:01:40.0054 3568  Running under WOW64
19:01:40.0054 3568  Processor architecture: Intel x64
19:01:40.0054 3568  Number of processors: 2
19:01:40.0054 3568  Page size: 0x1000
19:01:40.0054 3568  Boot type: Normal boot
19:01:40.0054 3568  ============================================================
19:01:41.0536 3568  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:01:41.0551 3568  ============================================================
19:01:41.0551 3568  \Device\Harddisk0\DR0:
19:01:41.0551 3568  MBR partitions:
19:01:41.0551 3568  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B01800, BlocksNum 0x32000
19:01:41.0551 3568  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B33800, BlocksNum 0x38852830
19:01:41.0551 3568  ============================================================
19:01:41.0598 3568  C: <-> \Device\Harddisk0\DR0\Partition2
19:01:41.0598 3568  ============================================================
19:01:41.0598 3568  Initialize success
19:01:41.0598 3568  ============================================================
19:02:00.0007 5184  ============================================================
19:02:00.0007 5184  Scan started
19:02:00.0007 5184  Mode: Manual; SigCheck; TDLFS; 
19:02:00.0007 5184  ============================================================
19:02:01.0302 5184  ================ Scan system memory ========================
19:02:01.0302 5184  System memory - ok
19:02:01.0317 5184  ================ Scan services =============================
19:02:02.0097 5184  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:02:02.0363 5184  1394ohci - ok
19:02:02.0565 5184  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:02:02.0628 5184  ACDaemon - ok
19:02:02.0737 5184  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:02:02.0784 5184  ACPI - ok
19:02:02.0877 5184  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:02:03.0096 5184  AcpiPmi - ok
19:02:03.0189 5184  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:02:03.0252 5184  adp94xx - ok
19:02:03.0345 5184  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:02:03.0408 5184  adpahci - ok
19:02:03.0501 5184  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:02:03.0533 5184  adpu320 - ok
19:02:03.0595 5184  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:02:04.0250 5184  AeLookupSvc - ok
19:02:04.0344 5184  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:02:04.0422 5184  AFD - ok
19:02:04.0500 5184  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:02:04.0547 5184  agp440 - ok
19:02:04.0625 5184  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:02:04.0703 5184  ALG - ok
19:02:04.0749 5184  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:02:04.0796 5184  aliide - ok
19:02:04.0827 5184  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:02:04.0859 5184  amdide - ok
19:02:04.0905 5184  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:02:04.0952 5184  AmdK8 - ok
19:02:04.0983 5184  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:02:05.0046 5184  AmdPPM - ok
19:02:05.0108 5184  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:02:05.0139 5184  amdsata - ok
19:02:05.0233 5184  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:02:05.0264 5184  amdsbs - ok
19:02:05.0295 5184  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:02:05.0327 5184  amdxata - ok
19:02:05.0420 5184  [ D80CB25D90474C731C0D1312A6DE3B13 ] ApfiltrService  C:\Windows\system32\drivers\Apfiltr.sys
19:02:05.0467 5184  ApfiltrService - ok
19:02:05.0529 5184  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:02:06.0060 5184  AppID - ok
19:02:06.0122 5184  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:02:06.0294 5184  AppIDSvc - ok
19:02:06.0387 5184  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:02:06.0528 5184  Appinfo - ok
19:02:06.0684 5184  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:02:06.0715 5184  Apple Mobile Device - ok
19:02:06.0793 5184  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:02:06.0855 5184  arc - ok
19:02:06.0933 5184  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:02:06.0980 5184  arcsas - ok
19:02:07.0011 5184  [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
19:02:07.0043 5184  ArcSoftKsUFilter - ok
19:02:07.0355 5184  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:02:07.0386 5184  aspnet_state - ok
19:02:07.0433 5184  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:02:07.0557 5184  AsyncMac - ok
19:02:07.0651 5184  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:02:07.0682 5184  atapi - ok
19:02:07.0745 5184  [ 50F257E19554421B6891E3F998EDCA90 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
19:02:07.0823 5184  AthBTPort - ok
19:02:08.0025 5184  [ 4119870B90E1B5E7797D6433D21F9216 ] ATHDFU          C:\Windows\System32\Drivers\AthDfu.sys
19:02:08.0119 5184  ATHDFU - ok
19:02:08.0213 5184  [ 650F111D5CDA64C10AE4B9D1BA9D4FFF ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
19:02:08.0244 5184  Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning
19:02:08.0244 5184  Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1)
19:02:08.0322 5184  [ 4D643CD9E892E559355B7A77D532BD38 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
19:02:08.0353 5184  AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
19:02:08.0353 5184  AtherosSvc - detected UnsignedFile.Multi.Generic (1)
19:02:08.0540 5184  [ C8679A07267F030704168E45E27C3D43 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:02:08.0712 5184  athr - ok
19:02:08.0883 5184  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:02:09.0024 5184  AudioEndpointBuilder - ok
19:02:09.0086 5184  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:02:09.0195 5184  AudioSrv - ok
19:02:09.0383 5184  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:02:09.0601 5184  AxInstSV - ok
19:02:09.0679 5184  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:02:09.0757 5184  b06bdrv - ok
19:02:09.0835 5184  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:02:09.0913 5184  b57nd60a - ok
19:02:09.0991 5184  [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:02:10.0022 5184  BBSvc - ok
19:02:10.0085 5184  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:02:10.0163 5184  BDESVC - ok
19:02:10.0256 5184  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:02:10.0381 5184  Beep - ok
19:02:10.0537 5184  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:02:10.0710 5184  BFE - ok
19:02:11.0178 5184  [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx64.sys
19:02:11.0302 5184  BHDrvx64 - ok
19:02:11.0396 5184  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:02:11.0583 5184  BITS - ok
19:02:11.0647 5184  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
19:02:11.0693 5184  blbdrive - ok
19:02:11.0865 5184  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:02:11.0912 5184  Bonjour Service - ok
19:02:11.0943 5184  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:02:12.0005 5184  bowser - ok
19:02:12.0068 5184  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:02:12.0153 5184  BrFiltLo - ok
19:02:12.0193 5184  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:02:12.0233 5184  BrFiltUp - ok
19:02:12.0323 5184  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:02:12.0393 5184  Browser - ok
19:02:12.0493 5184  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:02:12.0637 5184  Brserid - ok
19:02:12.0787 5184  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:02:12.0847 5184  BrSerWdm - ok
19:02:12.0917 5184  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:02:13.0017 5184  BrUsbMdm - ok
19:02:13.0067 5184  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:02:13.0117 5184  BrUsbSer - ok
19:02:13.0207 5184  [ B3BCD755FA9A359D10208CC9F09847CC ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
19:02:13.0327 5184  BTATH_A2DP - ok
19:02:13.0367 5184  [ 9BBBA9D6DBDEFC8A6542BC7A6EBAF710 ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
19:02:13.0447 5184  btath_avdt - ok
19:02:13.0517 5184  [ D838DD1BCB328EFCFAD7A52DE9E3CAFD ] BTATH_BUS       C:\Windows\system32\drivers\btath_bus.sys
19:02:13.0567 5184  BTATH_BUS - ok
19:02:13.0637 5184  [ A441B800E04CF8443FAF519207563ABB ] BTATH_HCRP      C:\Windows\system32\drivers\btath_hcrp.sys
19:02:13.0707 5184  BTATH_HCRP - ok
19:02:13.0777 5184  [ B16F8429A35BBA2A8EF9DB2E08675B97 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
19:02:13.0857 5184  BTATH_LWFLT - ok
19:02:13.0927 5184  [ C24231C6BDFE21735930084A22089AAB ] BTATH_RCP       C:\Windows\system32\drivers\btath_rcp.sys
19:02:13.0997 5184  BTATH_RCP - ok
19:02:14.0087 5184  [ 6C4911B6FB92984FBEF775674795CFA2 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
19:02:14.0167 5184  BtFilter - ok
19:02:14.0227 5184  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
19:02:14.0287 5184  BthEnum - ok
19:02:14.0334 5184  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:02:14.0397 5184  BTHMODEM - ok
19:02:14.0443 5184  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:02:14.0506 5184  BthPan - ok
19:02:14.0599 5184  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:02:14.0677 5184  BTHPORT - ok
19:02:14.0740 5184  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:02:14.0849 5184  bthserv - ok
19:02:14.0896 5184  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:02:14.0958 5184  BTHUSB - ok
19:02:15.0067 5184  [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_N360      C:\Windows\system32\drivers\N360x64\1401000.018\ccSetx64.sys
19:02:15.0099 5184  ccSet_N360 - ok
19:02:15.0161 5184  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:02:15.0286 5184  cdfs - ok
19:02:15.0348 5184  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
19:02:15.0395 5184  cdrom - ok
19:02:15.0457 5184  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:02:15.0613 5184  CertPropSvc - ok
19:02:15.0691 5184  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:02:15.0754 5184  circlass - ok
19:02:15.0801 5184  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:02:15.0847 5184  CLFS - ok
19:02:15.0910 5184  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:02:15.0941 5184  clr_optimization_v2.0.50727_32 - ok
19:02:16.0035 5184  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:02:16.0066 5184  clr_optimization_v2.0.50727_64 - ok
19:02:16.0378 5184  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:02:16.0425 5184  clr_optimization_v4.0.30319_32 - ok
19:02:16.0471 5184  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:02:16.0534 5184  clr_optimization_v4.0.30319_64 - ok
19:02:16.0612 5184  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:02:16.0674 5184  CmBatt - ok
19:02:16.0690 5184  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:02:16.0721 5184  cmdide - ok
19:02:16.0768 5184  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
19:02:16.0846 5184  CNG - ok
19:02:17.0095 5184  [ 1F394DF3714ED4280047810790E6DF69 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
19:02:17.0220 5184  CnxtHdAudService - ok
19:02:17.0298 5184  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:02:17.0345 5184  Compbatt - ok
19:02:17.0423 5184  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:02:17.0470 5184  CompositeBus - ok
19:02:17.0501 5184  COMSysApp - ok
19:02:17.0548 5184  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:02:17.0579 5184  crcdisk - ok
19:02:17.0673 5184  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:02:17.0751 5184  CryptSvc - ok
19:02:17.0922 5184  [ 61A86809B62769643892BC0812B204AA ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:02:18.0016 5184  cvhsvc - ok
19:02:18.0125 5184  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:02:18.0250 5184  DcomLaunch - ok
19:02:18.0359 5184  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:02:18.0499 5184  defragsvc - ok
19:02:18.0531 5184  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:02:18.0655 5184  DfsC - ok
19:02:18.0765 5184  [ FFCCD922F305B8CFBA8D99F65E35EDD7 ] dgderdrv        C:\Windows\system32\drivers\dgderdrv.sys
19:02:18.0796 5184  dgderdrv - ok
19:02:18.0858 5184  [ D9A7C8977D9AFA54D21A2A6501ADF4FF ] dgdersvc        C:\Windows\system32\dgdersvc.exe
19:02:18.0936 5184  dgdersvc - ok
19:02:19.0030 5184  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:02:19.0123 5184  Dhcp - ok
19:02:19.0186 5184  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:02:19.0295 5184  discache - ok
19:02:19.0404 5184  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:02:19.0435 5184  Disk - ok
19:02:19.0498 5184  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:02:19.0545 5184  Dnscache - ok
19:02:19.0591 5184  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:02:19.0701 5184  dot3svc - ok
19:02:19.0747 5184  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:02:19.0857 5184  DPS - ok
19:02:19.0950 5184  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:02:20.0013 5184  drmkaud - ok
19:02:20.0137 5184  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:02:20.0247 5184  DXGKrnl - ok
19:02:20.0434 5184  [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y60x64.sys
19:02:20.0496 5184  e1yexpress - ok
19:02:20.0527 5184  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:02:20.0637 5184  EapHost - ok
19:02:20.0949 5184  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:02:21.0167 5184  ebdrv - ok
19:02:21.0354 5184  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:02:21.0417 5184  eeCtrl - ok
19:02:21.0479 5184  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:02:21.0651 5184  EFS - ok
19:02:21.0869 5184  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:02:21.0978 5184  ehRecvr - ok
19:02:22.0025 5184  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:02:22.0087 5184  ehSched - ok
19:02:22.0181 5184  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:02:22.0259 5184  elxstor - ok
19:02:22.0446 5184  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:02:22.0477 5184  EraserUtilRebootDrv - ok
19:02:22.0493 5184  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:02:22.0555 5184  ErrDev - ok
19:02:22.0649 5184  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:02:22.0789 5184  EventSystem - ok
19:02:22.0836 5184  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:02:22.0945 5184  exfat - ok
19:02:22.0977 5184  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:02:23.0101 5184  fastfat - ok
19:02:23.0226 5184  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:02:23.0351 5184  Fax - ok
19:02:23.0382 5184  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:02:23.0445 5184  fdc - ok
19:02:23.0569 5184  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:02:23.0694 5184  fdPHost - ok
19:02:23.0725 5184  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:02:23.0835 5184  FDResPub - ok
19:02:23.0897 5184  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:02:23.0928 5184  FileInfo - ok
19:02:23.0944 5184  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:02:24.0069 5184  Filetrace - ok
19:02:24.0084 5184  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:02:24.0131 5184  flpydisk - ok
19:02:24.0193 5184  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:02:24.0240 5184  FltMgr - ok
19:02:24.0427 5184  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:02:24.0583 5184  FontCache - ok
19:02:24.0677 5184  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:02:24.0724 5184  FontCache3.0.0.0 - ok
19:02:24.0739 5184  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:02:24.0786 5184  FsDepends - ok
19:02:24.0849 5184  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:02:24.0880 5184  Fs_Rec - ok
19:02:24.0973 5184  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:02:25.0020 5184  fvevol - ok
19:02:25.0083 5184  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:02:25.0114 5184  gagp30kx - ok
19:02:25.0192 5184  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:02:25.0223 5184  GEARAspiWDM - ok
19:02:25.0363 5184  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:02:25.0519 5184  gpsvc - ok
19:02:25.0629 5184  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:02:25.0660 5184  gupdate - ok
19:02:25.0816 5184  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:02:25.0847 5184  gupdatem - ok
19:02:25.0956 5184  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:02:25.0987 5184  gusvc - ok
19:02:26.0019 5184  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:02:26.0081 5184  hcw85cir - ok
19:02:26.0143 5184  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:02:26.0221 5184  HdAudAddService - ok
19:02:26.0284 5184  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:02:26.0377 5184  HDAudBus - ok
19:02:26.0393 5184  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:02:26.0471 5184  HidBatt - ok
19:02:26.0533 5184  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:02:26.0580 5184  HidBth - ok
19:02:26.0658 5184  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:02:26.0705 5184  HidIr - ok
19:02:26.0752 5184  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:02:26.0892 5184  hidserv - ok
19:02:26.0986 5184  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:02:27.0017 5184  HidUsb - ok
19:02:27.0079 5184  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:02:27.0220 5184  hkmsvc - ok
19:02:27.0267 5184  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:02:27.0360 5184  HomeGroupListener - ok
19:02:27.0391 5184  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:02:27.0485 5184  HomeGroupProvider - ok
19:02:27.0547 5184  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:02:27.0579 5184  HpSAMD - ok
19:02:27.0703 5184  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:02:27.0859 5184  HTTP - ok
19:02:27.0875 5184  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:02:27.0922 5184  hwpolicy - ok
19:02:27.0969 5184  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:02:28.0015 5184  i8042prt - ok
19:02:28.0093 5184  [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor          C:\Windows\system32\drivers\iaStor.sys
19:02:28.0125 5184  iaStor - ok
19:02:28.0249 5184  [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:02:28.0281 5184  IAStorDataMgrSvc - ok
19:02:28.0390 5184  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:02:28.0437 5184  iaStorV - ok
19:02:28.0780 5184  [ 6F3909A3D40CC9F4B28E03B027F918D8 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
19:02:28.0920 5184  IconMan_R ( UnsignedFile.Multi.Generic ) - warning
19:02:28.0920 5184  IconMan_R - detected UnsignedFile.Multi.Generic (1)
19:02:29.0092 5184  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:02:29.0170 5184  idsvc - ok
19:02:29.0419 5184  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130416.001\IDSvia64.sys
19:02:29.0479 5184  IDSVia64 - ok
19:02:30.0470 5184  [ EFE5A0AF39A8E179624117C521F1E012 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:02:31.0080 5184  igfx - ok
19:02:31.0130 5184  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:02:31.0170 5184  iirsp - ok
19:02:31.0220 5184  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:02:31.0361 5184  IKEEXT - ok
19:02:31.0517 5184  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:02:31.0626 5184  IntcDAud - ok
19:02:31.0658 5184  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:02:31.0689 5184  intelide - ok
19:02:31.0751 5184  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
19:02:31.0814 5184  intelppm - ok
19:02:31.0893 5184  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:02:32.0017 5184  IPBusEnum - ok
19:02:32.0064 5184  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:02:32.0173 5184  IpFilterDriver - ok
19:02:32.0329 5184  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:02:32.0423 5184  iphlpsvc - ok
19:02:32.0454 5184  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:02:32.0532 5184  IPMIDRV - ok
19:02:32.0563 5184  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:02:32.0673 5184  IPNAT - ok
19:02:32.0860 5184  [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:02:32.0922 5184  iPod Service - ok
19:02:32.0985 5184  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:02:33.0041 5184  IRENUM - ok
19:02:33.0111 5184  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:02:33.0141 5184  isapnp - ok
19:02:33.0181 5184  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:02:33.0221 5184  iScsiPrt - ok
19:02:33.0301 5184  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:02:33.0341 5184  kbdclass - ok
19:02:33.0381 5184  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:02:33.0501 5184  kbdhid - ok
19:02:33.0521 5184  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:02:33.0561 5184  KeyIso - ok
19:02:33.0601 5184  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:02:33.0631 5184  KSecDD - ok
19:02:33.0661 5184  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:02:33.0701 5184  KSecPkg - ok
19:02:33.0771 5184  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:02:33.0911 5184  ksthunk - ok
19:02:33.0991 5184  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:02:34.0111 5184  KtmRm - ok
19:02:34.0201 5184  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:02:34.0321 5184  LanmanServer - ok
19:02:34.0391 5184  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:02:34.0511 5184  LanmanWorkstation - ok
19:02:34.0581 5184  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:02:34.0691 5184  lltdio - ok
19:02:34.0751 5184  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:02:34.0881 5184  lltdsvc - ok
19:02:34.0932 5184  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:02:35.0042 5184  lmhosts - ok
19:02:35.0172 5184  [ 98B16E756243BEA9410E32025B19C06F ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:02:35.0222 5184  LMS - ok
19:02:35.0312 5184  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:02:35.0342 5184  LSI_FC - ok
19:02:35.0362 5184  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:02:35.0402 5184  LSI_SAS - ok
19:02:35.0502 5184  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:02:35.0542 5184  LSI_SAS2 - ok
19:02:35.0602 5184  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:02:35.0632 5184  LSI_SCSI - ok
19:02:35.0662 5184  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:02:35.0782 5184  luafv - ok
19:02:35.0894 5184  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:02:35.0925 5184  MBAMProtector - ok
19:02:36.0143 5184  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:02:36.0237 5184  MBAMScheduler - ok
19:02:36.0330 5184  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:02:36.0408 5184  MBAMService - ok
19:02:36.0471 5184  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:02:36.0564 5184  Mcx2Svc - ok
19:02:36.0611 5184  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:02:36.0658 5184  megasas - ok
19:02:36.0705 5184  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:02:36.0752 5184  MegaSR - ok
19:02:36.0830 5184  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
19:02:36.0876 5184  MEIx64 - ok
19:02:36.0939 5184  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:02:37.0048 5184  MMCSS - ok
19:02:37.0095 5184  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:02:37.0220 5184  Modem - ok
19:02:37.0344 5184  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:02:37.0422 5184  monitor - ok
19:02:37.0500 5184  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:02:37.0532 5184  mouclass - ok
19:02:37.0641 5184  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:02:37.0688 5184  mouhid - ok
19:02:37.0703 5184  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:02:37.0750 5184  mountmgr - ok
19:02:37.0797 5184  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:02:37.0844 5184  mpio - ok
19:02:37.0859 5184  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:02:37.0984 5184  mpsdrv - ok
19:02:38.0093 5184  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:02:38.0249 5184  MpsSvc - ok
19:02:38.0280 5184  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:02:38.0374 5184  MRxDAV - ok
19:02:38.0436 5184  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:02:38.0546 5184  mrxsmb - ok
19:02:38.0608 5184  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:02:38.0670 5184  mrxsmb10 - ok
19:02:38.0702 5184  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:02:38.0748 5184  mrxsmb20 - ok
19:02:38.0795 5184  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:02:38.0826 5184  msahci - ok
19:02:38.0889 5184  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:02:38.0920 5184  msdsm - ok
19:02:38.0951 5184  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:02:39.0014 5184  MSDTC - ok
19:02:39.0092 5184  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:02:39.0201 5184  Msfs - ok
19:02:39.0310 5184  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:02:39.0435 5184  mshidkmdf - ok
19:02:39.0466 5184  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:02:39.0497 5184  msisadrv - ok
19:02:39.0575 5184  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:02:39.0685 5184  MSiSCSI - ok
19:02:39.0685 5184  msiserver - ok
19:02:39.0747 5184  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:02:39.0872 5184  MSKSSRV - ok
19:02:39.0919 5184  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:02:40.0029 5184  MSPCLOCK - ok
19:02:40.0076 5184  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:02:40.0200 5184  MSPQM - ok
19:02:40.0278 5184  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:02:40.0341 5184  MsRPC - ok
19:02:40.0403 5184  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:02:40.0450 5184  mssmbios - ok
19:02:40.0497 5184  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:02:40.0622 5184  MSTEE - ok
19:02:40.0653 5184  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:02:40.0700 5184  MTConfig - ok
19:02:40.0715 5184  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:02:40.0762 5184  Mup - ok
19:02:41.0152 5184  [ 8D11DA92F83D8C8281689739BEF05FD5 ] N360            C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe
19:02:41.0183 5184  N360 - ok
19:02:41.0261 5184  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:02:41.0417 5184  napagent - ok
19:02:41.0526 5184  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:02:41.0620 5184  NativeWifiP - ok
19:02:41.0823 5184  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130416.032\ENG64.SYS
19:02:41.0854 5184  NAVENG - ok
19:02:41.0979 5184  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130416.032\EX64.SYS
19:02:42.0135 5184  NAVEX15 - ok
19:02:42.0260 5184  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:02:42.0400 5184  NDIS - ok
19:02:42.0478 5184  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:02:42.0603 5184  NdisCap - ok
19:02:42.0650 5184  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:02:42.0774 5184  NdisTapi - ok
19:02:42.0837 5184  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:02:42.0946 5184  Ndisuio - ok
19:02:42.0977 5184  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:02:43.0118 5184  NdisWan - ok
19:02:43.0196 5184  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:02:43.0305 5184  NDProxy - ok
19:02:43.0367 5184  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:02:43.0476 5184  NetBIOS - ok
19:02:43.0508 5184  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:02:43.0617 5184  NetBT - ok
19:02:43.0632 5184  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:02:43.0664 5184  Netlogon - ok
19:02:43.0726 5184  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:02:43.0866 5184  Netman - ok
19:02:43.0929 5184  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:43.0976 5184  NetMsmqActivator - ok
19:02:43.0976 5184  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:44.0007 5184  NetPipeActivator - ok
19:02:44.0038 5184  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:02:44.0178 5184  netprofm - ok
19:02:44.0194 5184  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:44.0210 5184  NetTcpActivator - ok
19:02:44.0225 5184  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:44.0256 5184  NetTcpPortSharing - ok
19:02:44.0319 5184  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:02:44.0350 5184  nfrd960 - ok
19:02:44.0444 5184  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:02:44.0506 5184  NlaSvc - ok
19:02:44.0537 5184  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:02:44.0646 5184  Npfs - ok
19:02:44.0693 5184  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:02:44.0802 5184  nsi - ok
19:02:44.0802 5184  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:02:44.0912 5184  nsiproxy - ok
19:02:45.0005 5184  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:02:45.0130 5184  Ntfs - ok
19:02:45.0161 5184  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:02:45.0270 5184  Null - ok
19:02:45.0692 5184  [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:02:46.0300 5184  nvlddmkm - ok
19:02:46.0394 5184  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:02:46.0440 5184  nvraid - ok
19:02:46.0472 5184  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:02:46.0503 5184  nvstor - ok
19:02:46.0565 5184  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:02:46.0596 5184  nv_agp - ok
19:02:46.0628 5184  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:02:46.0674 5184  ohci1394 - ok
19:02:46.0768 5184  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:02:46.0799 5184  ose - ok
19:02:47.0064 5184  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:02:47.0408 5184  osppsvc - ok
19:02:47.0454 5184  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:02:47.0532 5184  p2pimsvc - ok
19:02:47.0579 5184  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:02:47.0657 5184  p2psvc - ok
19:02:47.0673 5184  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:02:47.0735 5184  Parport - ok
19:02:47.0766 5184  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:02:47.0813 5184  partmgr - ok
19:02:47.0844 5184  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:02:47.0907 5184  PcaSvc - ok
19:02:47.0985 5184  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:02:48.0032 5184  pccsmcfd - ok
19:02:48.0078 5184  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:02:48.0110 5184  pci - ok
19:02:48.0141 5184  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:02:48.0172 5184  pciide - ok
19:02:48.0219 5184  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:02:48.0250 5184  pcmcia - ok
19:02:48.0266 5184  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:02:48.0297 5184  pcw - ok
19:02:48.0328 5184  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:02:48.0453 5184  PEAUTH - ok
19:02:48.0546 5184  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:02:48.0593 5184  PerfHost - ok
19:02:48.0687 5184  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:02:48.0858 5184  pla - ok
19:02:48.0921 5184  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:02:48.0999 5184  PlugPlay - ok
19:02:49.0108 5184  [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
19:02:49.0170 5184  PMBDeviceInfoProvider - ok
19:02:49.0202 5184  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:02:49.0233 5184  PNRPAutoReg - ok
19:02:49.0280 5184  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:02:49.0311 5184  PNRPsvc - ok
19:02:49.0342 5184  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:02:49.0482 5184  PolicyAgent - ok
19:02:49.0529 5184  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:02:49.0654 5184  Power - ok
19:02:49.0701 5184  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:02:49.0810 5184  PptpMiniport - ok
19:02:49.0857 5184  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:02:49.0888 5184  Processor - ok
19:02:49.0966 5184  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:02:50.0028 5184  ProfSvc - ok
19:02:50.0044 5184  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:02:50.0075 5184  ProtectedStorage - ok
19:02:50.0122 5184  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:02:50.0231 5184  Psched - ok
19:02:50.0340 5184  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:02:50.0465 5184  ql2300 - ok
19:02:50.0481 5184  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:02:50.0512 5184  ql40xx - ok
19:02:50.0543 5184  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:02:50.0606 5184  QWAVE - ok
19:02:50.0637 5184  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:02:50.0684 5184  QWAVEdrv - ok
19:02:50.0699 5184  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:02:50.0808 5184  RasAcd - ok
19:02:50.0886 5184  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:02:50.0980 5184  RasAgileVpn - ok
19:02:51.0027 5184  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:02:51.0136 5184  RasAuto - ok
19:02:51.0152 5184  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:02:51.0261 5184  Rasl2tp - ok
19:02:51.0292 5184  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:02:51.0417 5184  RasMan - ok
19:02:51.0432 5184  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:02:51.0557 5184  RasPppoe - ok
19:02:51.0588 5184  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:02:51.0713 5184  RasSstp - ok
19:02:51.0729 5184  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:02:51.0854 5184  rdbss - ok
19:02:51.0869 5184  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:02:51.0932 5184  rdpbus - ok
19:02:51.0978 5184  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:02:52.0072 5184  RDPCDD - ok
19:02:52.0088 5184  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:02:52.0197 5184  RDPENCDD - ok
19:02:52.0228 5184  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:02:52.0322 5184  RDPREFMP - ok
19:02:52.0353 5184  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:02:52.0431 5184  RDPWD - ok
19:02:52.0478 5184  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:02:52.0524 5184  rdyboost - ok
19:02:52.0556 5184  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:02:52.0649 5184  RemoteAccess - ok
19:02:52.0680 5184  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:02:52.0790 5184  RemoteRegistry - ok
19:02:52.0868 5184  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:02:52.0914 5184  RFCOMM - ok
19:02:52.0977 5184  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:02:53.0086 5184  RpcEptMapper - ok
19:02:53.0102 5184  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:02:53.0148 5184  RpcLocator - ok
19:02:53.0195 5184  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:02:53.0304 5184  RpcSs - ok
19:02:53.0336 5184  [ 546D7F426776090B90EF5F195B6AE662 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
19:02:53.0382 5184  RSPCIESTOR - ok
19:02:53.0445 5184  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:02:53.0538 5184  rspndr - ok
19:02:53.0585 5184  [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:02:53.0648 5184  RTL8167 - ok
19:02:53.0710 5184  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:02:53.0741 5184  SamSs - ok
19:02:53.0772 5184  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:02:53.0804 5184  sbp2port - ok
19:02:53.0850 5184  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:02:53.0944 5184  SCardSvr - ok
19:02:53.0975 5184  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:02:54.0084 5184  scfilter - ok
19:02:54.0131 5184  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:02:54.0287 5184  Schedule - ok
19:02:54.0318 5184  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:02:54.0412 5184  SCPolicySvc - ok
19:02:54.0490 5184  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
19:02:54.0537 5184  sdbus - ok
19:02:54.0568 5184  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:02:54.0646 5184  SDRSVC - ok
19:02:54.0693 5184  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:02:54.0724 5184  SeaPort - ok
19:02:54.0771 5184  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:02:54.0880 5184  secdrv - ok
19:02:54.0911 5184  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:02:55.0005 5184  seclogon - ok
19:02:55.0020 5184  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:02:55.0130 5184  SENS - ok
19:02:55.0176 5184  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:02:55.0239 5184  SensrSvc - ok
19:02:55.0270 5184  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:02:55.0317 5184  Serenum - ok
19:02:55.0379 5184  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
19:02:55.0426 5184  Serial - ok
19:02:55.0488 5184  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:02:55.0535 5184  sermouse - ok
19:02:55.0613 5184  [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:02:55.0676 5184  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:02:55.0676 5184  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:02:55.0754 5184  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:02:55.0847 5184  SessionEnv - ok
19:02:55.0910 5184  [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP            C:\Windows\system32\drivers\SFEP.sys
19:02:55.0972 5184  SFEP - ok
19:02:56.0003 5184  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:02:56.0050 5184  sffdisk - ok
19:02:56.0081 5184  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:02:56.0128 5184  sffp_mmc - ok
19:02:56.0144 5184  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:02:56.0206 5184  sffp_sd - ok
19:02:56.0237 5184  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:02:56.0268 5184  sfloppy - ok
19:02:56.0346 5184  [ D5183ED285D2795491DC15BDDCBEE5AD ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
19:02:56.0424 5184  Sftfs - ok
19:02:56.0518 5184  [ BFDB58616FF5EA540A5F58301D50641E ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:02:56.0565 5184  sftlist - ok
19:02:56.0612 5184  [ 00F118B68C50D2206DD51634F9142B83 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:02:56.0643 5184  Sftplay - ok
19:02:56.0690 5184  [ 76A827DF5640BFE16A0CDBB4108ADECA ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:02:56.0721 5184  Sftredir - ok
19:02:56.0752 5184  [ 1B4C9701645086BAB8CAFFFCE30ED284 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
19:02:56.0768 5184  Sftvol - ok
19:02:56.0830 5184  [ B94C3C4DCA2093243C76CA218EDE2A97 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:02:56.0861 5184  sftvsa - ok
19:02:56.0892 5184  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:02:57.0017 5184  SharedAccess - ok
19:02:57.0048 5184  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:02:57.0189 5184  ShellHWDetection - ok
19:02:57.0251 5184  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:02:57.0282 5184  SiSRaid2 - ok
19:02:57.0298 5184  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:02:57.0329 5184  SiSRaid4 - ok
19:02:57.0376 5184  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:02:57.0485 5184  Smb - ok
19:02:57.0563 5184  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:02:57.0610 5184  SNMPTRAP - ok
19:02:57.0672 5184  [ DDF2EC98AF6FC70608A4F9CE4DB52758 ] SOHCImp         C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
19:02:57.0704 5184  SOHCImp - ok
19:02:57.0719 5184  [ 5FA03F5EA6EFEF6D17B4A1A48C40A23C ] SOHDs           C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
19:02:57.0750 5184  SOHDs - ok
19:02:57.0813 5184  [ 65E5659E9C2A0762D05657C0E22A7CA2 ] SpfService      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
19:02:57.0860 5184  SpfService - ok
19:02:57.0891 5184  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:02:57.0922 5184  spldr - ok
19:02:57.0969 5184  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:02:58.0047 5184  Spooler - ok
19:02:58.0172 5184  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:02:58.0421 5184  sppsvc - ok
19:02:58.0452 5184  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:02:58.0546 5184  sppuinotify - ok
19:02:58.0671 5184  [ B2FE88C5E621C8345CC9BAC5CFD366B0 ] SRTSP           C:\Windows\system32\drivers\N360x64\1401000.018\SRTSP64.SYS
19:02:58.0749 5184  SRTSP - ok
19:02:58.0811 5184  [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX          C:\Windows\system32\drivers\N360x64\1401000.018\SRTSPX64.SYS
19:02:58.0842 5184  SRTSPX - ok
19:02:58.0889 5184  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:02:58.0967 5184  srv - ok
19:02:58.0998 5184  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:02:59.0061 5184  srv2 - ok
19:02:59.0076 5184  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:02:59.0123 5184  srvnet - ok
19:02:59.0170 5184  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:02:59.0279 5184  SSDPSRV - ok
19:02:59.0295 5184  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:02:59.0388 5184  SstpSvc - ok
19:02:59.0466 5184  [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
19:02:59.0498 5184  ss_bbus - ok
19:02:59.0513 5184  [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
19:02:59.0544 5184  ss_bmdfl - ok
19:02:59.0560 5184  [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
19:02:59.0591 5184  ss_bmdm - ok
19:02:59.0622 5184  [ 677CDC98F8363ACCAAE783FDE1599C2A ] ss_bserd        C:\Windows\system32\DRIVERS\ss_bserd.sys
19:02:59.0654 5184  ss_bserd - ok
19:02:59.0685 5184  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:02:59.0716 5184  stexstor - ok
19:02:59.0778 5184  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:02:59.0888 5184  stisvc - ok
19:02:59.0919 5184  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:02:59.0934 5184  swenum - ok
19:02:59.0966 5184  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:03:00.0122 5184  swprv - ok
19:03:00.0262 5184  [ 688BBE78970E639BC1D66AE733394DCF ] SymDS           C:\Windows\system32\drivers\N360x64\1401000.018\SYMDS64.SYS
19:03:00.0324 5184  SymDS - ok
19:03:00.0496 5184  [ A17EE0D0D762CC9B56FB9218D7089AFB ] SymEFA          C:\Windows\system32\drivers\N360x64\1401000.018\SYMEFA64.SYS
19:03:00.0590 5184  SymEFA - ok
19:03:00.0652 5184  [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:03:00.0683 5184  SymEvent - ok
19:03:00.0777 5184  [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON         C:\Windows\system32\drivers\N360x64\1401000.018\Ironx64.SYS
19:03:00.0808 5184  SymIRON - ok
19:03:00.0886 5184  [ 1605EBD8CB86AFC4430116065995279A ] SymNetS         C:\Windows\system32\drivers\N360x64\1401000.018\SYMNETS.SYS
19:03:00.0948 5184  SymNetS - ok
19:03:01.0011 5184  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:03:01.0151 5184  SysMain - ok
19:03:01.0167 5184  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:03:01.0214 5184  TabletInputService - ok
19:03:01.0245 5184  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:03:01.0354 5184  TapiSrv - ok
19:03:01.0370 5184  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:03:01.0479 5184  TBS - ok
19:03:01.0604 5184  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:03:01.0744 5184  Tcpip - ok
19:03:01.0838 5184  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:03:01.0947 5184  TCPIP6 - ok
19:03:02.0009 5184  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:03:02.0040 5184  tcpipreg - ok
19:03:02.0072 5184  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:03:02.0134 5184  TDPIPE - ok
19:03:02.0165 5184  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:03:02.0196 5184  TDTCP - ok
19:03:02.0243 5184  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:03:02.0352 5184  tdx - ok
19:03:02.0384 5184  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:03:02.0415 5184  TermDD - ok
19:03:02.0462 5184  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:03:02.0586 5184  TermService - ok
19:03:02.0664 5184  [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
19:03:02.0696 5184  TFsExDisk - ok
19:03:02.0711 5184  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:03:02.0758 5184  Themes - ok
19:03:02.0805 5184  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:03:02.0898 5184  THREADORDER - ok
19:03:02.0914 5184  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:03:03.0023 5184  TrkWks - ok
19:03:03.0070 5184  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:03:03.0179 5184  TrustedInstaller - ok
19:03:03.0210 5184  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:03:03.0304 5184  tssecsrv - ok
19:03:03.0351 5184  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:03:03.0413 5184  TsUsbFlt - ok
19:03:03.0444 5184  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:03:03.0476 5184  TsUsbGD - ok
19:03:03.0632 5184  [ 25E302D93CBDFA1D1269FE3C41B94390 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
19:03:03.0788 5184  TuneUp.UtilitiesSvc - ok
19:03:03.0834 5184  [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
19:03:03.0866 5184  TuneUpUtilitiesDrv - ok
19:03:03.0928 5184  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:03:04.0037 5184  tunnel - ok
19:03:04.0053 5184  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:03:04.0084 5184  uagp35 - ok
19:03:04.0146 5184  [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor     C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
19:03:04.0178 5184  uCamMonitor - ok
19:03:04.0209 5184  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:03:04.0334 5184  udfs - ok
19:03:04.0365 5184  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:03:04.0412 5184  UI0Detect - ok
19:03:04.0474 5184  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:03:04.0505 5184  uliagpkx - ok
19:03:04.0568 5184  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:03:04.0614 5184  umbus - ok
19:03:04.0677 5184  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:03:04.0724 5184  UmPass - ok
19:03:04.0848 5184  [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:03:05.0020 5184  UNS - ok
19:03:05.0067 5184  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:03:05.0192 5184  upnphost - ok
19:03:05.0254 5184  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
19:03:05.0316 5184  USBAAPL64 - ok
19:03:05.0363 5184  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:03:05.0410 5184  usbccgp - ok
19:03:05.0472 5184  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:03:05.0519 5184  usbcir - ok
19:03:05.0566 5184  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:03:05.0597 5184  usbehci - ok
19:03:05.0675 5184  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:03:05.0738 5184  usbhub - ok
19:03:05.0769 5184  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:03:05.0816 5184  usbohci - ok
19:03:05.0878 5184  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:03:05.0925 5184  usbprint - ok
19:03:05.0987 5184  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:03:06.0018 5184  usbscan - ok
19:03:06.0050 5184  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:03:06.0112 5184  USBSTOR - ok
19:03:06.0128 5184  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:03:06.0174 5184  usbuhci - ok
19:03:06.0237 5184  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:03:06.0299 5184  usbvideo - ok
19:03:06.0330 5184  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:03:06.0440 5184  UxSms - ok
19:03:06.0518 5184  [ DCB1F83AD167D16D263CE57C94E9EEDF ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
19:03:06.0533 5184  VAIO Event Service - ok
19:03:06.0564 5184  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:03:06.0596 5184  VaultSvc - ok
19:03:06.0674 5184  [ D00058C1FFF3F3DE990444A5734E9639 ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
19:03:06.0767 5184  VCFw - ok
19:03:06.0845 5184  [ 4B7ED2D6F738219068361BB14D19CBDE ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
19:03:06.0923 5184  VcmIAlzMgr - ok
19:03:06.0970 5184  [ 2F06D134554BA84FE253DBC481DCFE6D ] VcmINSMgr       C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
19:03:07.0032 5184  VcmINSMgr - ok
19:03:07.0079 5184  [ 32A3735F6874B7783C6209ED5CA36D9D ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
19:03:07.0110 5184  VcmXmlIfHelper - ok
19:03:07.0157 5184  [ D347D3ABE070AA09C22FC37121555D52 ] VCService       C:\Program Files\Sony\VAIO Care\VCService.exe
19:03:07.0173 5184  VCService - ok
19:03:07.0266 5184  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:03:07.0298 5184  vdrvroot - ok
19:03:07.0360 5184  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:03:07.0500 5184  vds - ok
19:03:07.0516 5184  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:03:07.0563 5184  vga - ok
19:03:07.0594 5184  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:03:07.0703 5184  VgaSave - ok
19:03:07.0734 5184  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:03:07.0766 5184  vhdmp - ok
19:03:07.0812 5184  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:03:07.0844 5184  viaide - ok
19:03:07.0906 5184  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:03:07.0937 5184  volmgr - ok
19:03:07.0968 5184  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:03:08.0015 5184  volmgrx - ok
19:03:08.0046 5184  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:03:08.0093 5184  volsnap - ok
19:03:08.0124 5184  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:03:08.0156 5184  vsmraid - ok
19:03:08.0234 5184  [ 0ED394BFBA3EB4740F063E0BA5EC7104 ] VSNService      C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
19:03:08.0327 5184  VSNService - ok
19:03:08.0405 5184  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:03:08.0577 5184  VSS - ok
19:03:08.0639 5184  [ 9C665557B314EAD129555599D94233DB ] VUAgent         C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
19:03:08.0717 5184  VUAgent - ok
19:03:08.0748 5184  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:03:08.0811 5184  vwifibus - ok
19:03:08.0826 5184  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:03:08.0904 5184  vwififlt - ok
19:03:08.0936 5184  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:03:09.0076 5184  W32Time - ok
19:03:09.0107 5184  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:03:09.0154 5184  WacomPen - ok
19:03:09.0201 5184  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:03:09.0310 5184  WANARP - ok
19:03:09.0326 5184  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:03:09.0419 5184  Wanarpv6 - ok
19:03:09.0544 5184  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:03:09.0669 5184  WatAdminSvc - ok
19:03:09.0747 5184  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:03:09.0887 5184  wbengine - ok
19:03:09.0903 5184  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:03:09.0950 5184  WbioSrvc - ok
19:03:09.0965 5184  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:03:10.0043 5184  wcncsvc - ok
19:03:10.0059 5184  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:03:10.0121 5184  WcsPlugInService - ok
19:03:10.0152 5184  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:03:10.0184 5184  Wd - ok
19:03:10.0230 5184  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:03:10.0308 5184  Wdf01000 - ok
19:03:10.0324 5184  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:03:10.0464 5184  WdiServiceHost - ok
19:03:10.0464 5184  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:03:10.0527 5184  WdiSystemHost - ok
19:03:10.0558 5184  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:03:10.0636 5184  WebClient - ok
19:03:10.0636 5184  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:03:10.0761 5184  Wecsvc - ok
19:03:10.0792 5184  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:03:10.0886 5184  wercplsupport - ok
19:03:10.0917 5184  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:03:11.0010 5184  WerSvc - ok
19:03:11.0057 5184  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:03:11.0151 5184  WfpLwf - ok
19:03:11.0182 5184  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:03:11.0198 5184  WIMMount - ok
19:03:11.0229 5184  WinDefend - ok
19:03:11.0244 5184  WinHttpAutoProxySvc - ok
19:03:11.0291 5184  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:03:11.0400 5184  Winmgmt - ok
19:03:11.0494 5184  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:03:11.0681 5184  WinRM - ok
19:03:11.0759 5184  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:03:11.0806 5184  WinUsb - ok
19:03:11.0868 5184  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:03:11.0978 5184  Wlansvc - ok
19:03:12.0071 5184  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:03:12.0102 5184  wlcrasvc - ok
19:03:12.0196 5184  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:03:12.0336 5184  wlidsvc - ok
19:03:12.0352 5184  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:03:12.0399 5184  WmiAcpi - ok
19:03:12.0430 5184  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:03:12.0477 5184  wmiApSrv - ok
19:03:12.0524 5184  WMPNetworkSvc - ok
19:03:12.0570 5184  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:03:12.0680 5184  WPCSvc - ok
19:03:12.0695 5184  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:03:12.0773 5184  WPDBusEnum - ok
19:03:12.0789 5184  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:03:12.0882 5184  ws2ifsl - ok
19:03:12.0914 5184  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:03:12.0960 5184  wscsvc - ok
19:03:12.0976 5184  WSearch - ok
19:03:13.0085 5184  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:03:13.0257 5184  wuauserv - ok
19:03:13.0288 5184  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:03:13.0350 5184  WudfPf - ok
19:03:13.0382 5184  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:03:13.0444 5184  wudfsvc - ok
19:03:13.0491 5184  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:03:13.0553 5184  WwanSvc - ok
19:03:13.0600 5184  ================ Scan global ===============================
19:03:13.0631 5184  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:03:13.0678 5184  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:03:13.0709 5184  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:03:13.0740 5184  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:03:13.0772 5184  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:03:13.0787 5184  [Global] - ok
19:03:13.0787 5184  ================ Scan MBR ==================================
19:03:13.0803 5184  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:03:14.0380 5184  \Device\Harddisk0\DR0 - ok
19:03:14.0380 5184  ================ Scan VBR ==================================
19:03:14.0411 5184  [ 0FD1B24EED5EE77991202DC2534D943B ] \Device\Harddisk0\DR0\Partition1
19:03:14.0427 5184  \Device\Harddisk0\DR0\Partition1 - ok
19:03:14.0427 5184  [ C058F164B2CEE17F9BA93C822CE398FA ] \Device\Harddisk0\DR0\Partition2
19:03:14.0427 5184  \Device\Harddisk0\DR0\Partition2 - ok
19:03:14.0442 5184  ============================================================
19:03:14.0442 5184  Scan finished
19:03:14.0442 5184  ============================================================
19:03:14.0458 7164  Detected object count: 4
19:03:14.0458 7164  Actual detected object count: 4
19:03:24.0957 7164  Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user
19:03:24.0957 7164  Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:03:24.0957 7164  AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:03:24.0957 7164  AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:03:24.0957 7164  IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
19:03:24.0957 7164  IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:03:24.0957 7164  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:03:24.0957 7164  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 18.04.2013, 12:43   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Standard

GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.04.2013, 14:46   #13
tommi1991
 
GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Standard

GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?



Eine Frage: Ich hab gelesen, dass durch Combifix irgendwelche Dateien vom PC gelöscht werden? Stimmt das? Weil ich hab meine Dateien bis jetzt noch nicht gesichert...

Alt 20.04.2013, 17:53   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Standard

GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?



Private Daten löscht CF nicht
Dir ist aber klar, das man eh immer regelmäßig Backups macht?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?
achtung, automatisch, beiträge, beste, computer, entdeck, entfernen, entfernt, fenster, hochfahren, infizierte, internen, malwarebytes, probleme, sieben, starten, surfen, trojan.fakems, trojan.fakems.prgen, trojan.ransom.svd



Ähnliche Themen: GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?


  1. Weißer Bildschirm Win7, FRST.txt erstellt, weiteres Vorgehen
    Log-Analyse und Auswertung - 12.08.2013 (15)
  2. "Trojan.Downloader.Agent" von Avast und Malwarebytsgefunden - Infizierung? Weiteres Vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (13)
  3. Auf Paypal Phishing-Mail reingefallen - weiteres Vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (23)
  4. Bundestrojaner weiteres vorgehen
    Log-Analyse und Auswertung - 25.05.2013 (6)
  5. GUV Trojaner auf Windows 7 - Ein weiteres Mal
    Log-Analyse und Auswertung - 25.11.2012 (12)
  6. Computer ist angeblich gesperrt und wird erst wieder entsperrt, wenn man Geld bezahlt.
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (6)
  7. "js/expack.th" gefunden und in quarantäne / dateiendung unbekannt? / weiteres Vorgehen?
    Log-Analyse und Auswertung - 19.10.2012 (5)
  8. Zone Alarm Antivirus findet Trojaner (mor.exe) - weiteres Vorgehen
    Log-Analyse und Auswertung - 05.08.2012 (10)
  9. Verschlüsselungstrojaner - OTLPE Scan erfolgreich und OTL-Datei, weiteres Vorgehen?
    Log-Analyse und Auswertung - 08.06.2012 (5)
  10. Windows wurde gesperrt, kann nur kostenpflichtig wieder entsperrt werden.
    Log-Analyse und Auswertung - 19.12.2011 (23)
  11. OTLPE Logfile erstellt - Bundespolizei Trojaner - Weiteres Vorgehen?
    Log-Analyse und Auswertung - 13.09.2011 (5)
  12. Antimalware Doctor - weiteres Vorgehen
    Plagegeister aller Art und deren Bekämpfung - 15.08.2010 (8)
  13. Trojanisches Pferd TR/Dropper.Gen - Infektion, weiteres Vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 13.01.2010 (1)
  14. SpywareDetected-Hijack Ergebniss-weiteres Vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 25.07.2008 (4)
  15. Entsperrt yogi61!
    Mülltonne - 05.01.2008 (0)
  16. TR/Agent.CME und DR/Altnet gefunden - weiteres Vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 30.07.2007 (30)
  17. Weiteres Vorgehen nach escan
    Log-Analyse und Auswertung - 21.02.2005 (2)

Zum Thema GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? - Liebes Team von trojaner-board.de, gestern Abend habe ich mir beim Surfen im Internen auf meinem PC den GVU-Trojaner eingefangen. Es hat sich ein Fenster geöffnet mit dem Logo der Bundespolizei - GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?...
Archiv
Du betrachtest: GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.