| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.01.2013, 23:08
| #16 |
 |  Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Oha dickes sorry  Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.09.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Schüler :: STMO24 [administrator]
24.01.2013 17:26:41
mbar-log-2013-01-24 (17-26-41).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30542
Time elapsed: 11 minute(s), 12 second(s)
Memory Processes Detected: 1
c:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 1552 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.09.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Schüler :: STMO24 [administrator]
24.01.2013 17:59:24
mbar-log-2013-01-24 (17-59-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30527
Time elapsed: 12 minute(s), 42 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 Lg momo |
|
25.01.2013, 12:07
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden 1. aswMBR
__________________Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
25.01.2013, 19:33
| #18 |
| | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden So ich hoff ich hab des jetz richtig gemacht.
__________________Bei aswMBR musste ich none einstellen sonst kam das was du schon gesagt hast hier mal der log Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-25 19:25:27
-----------------------------
19:25:27.686 OS Version: Windows x64 6.1.7601 Service Pack 1
19:25:27.686 Number of processors: 4 586 0x2505
19:25:27.686 ComputerName: STMO24 UserName:
19:25:29.359 Initialize success
19:25:36.612 AVAST engine defs: 13012500
19:25:42.133 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:25:42.138 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
19:25:42.162 Disk 0 MBR read successfully
19:25:42.167 Disk 0 MBR scan
19:25:42.176 Disk 0 Windows VISTA default MBR code
19:25:42.186 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1499 MB offset 2048
19:25:42.208 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294559 MB offset 3072000
19:25:42.239 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9186 MB offset 606328832
19:25:42.293 Disk 0 scanning C:\windows\system32\drivers
19:25:54.924 Service scanning
19:26:31.179 Modules scanning
19:26:31.195 Disk 0 trace - called modules:
19:26:31.229 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
19:26:31.242 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006504060]
19:26:31.252 3 CLASSPNP.SYS[fffff8800162b43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8006503060]
19:26:31.262 5 thpdrv.sys[fffff88001bcacc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006268050]
19:26:31.268 Scan finished successfully
19:28:10.443 Disk 0 MBR has been saved successfully to "C:\Users\Schüler\Desktop\MBR.dat"
19:28:10.451 The log file has been saved successfully to "C:\Users\Schüler\Desktop\aswMBR.txt"
Code:
ATTFilter 19:28:45.0647 5964 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:28:46.0963 5964 ============================================================
19:28:46.0963 5964 Current date / time: 2013/01/25 19:28:46.0963
19:28:46.0963 5964 SystemInfo:
19:28:46.0963 5964
19:28:46.0963 5964 OS Version: 6.1.7601 ServicePack: 1.0
19:28:46.0963 5964 Product type: Workstation
19:28:46.0963 5964 ComputerName: STMO24
19:28:46.0964 5964 UserName: Schüler
19:28:46.0964 5964 Windows directory: C:\windows
19:28:46.0964 5964 System windows directory: C:\windows
19:28:46.0964 5964 Running under WOW64
19:28:46.0964 5964 Processor architecture: Intel x64
19:28:46.0964 5964 Number of processors: 4
19:28:46.0964 5964 Page size: 0x1000
19:28:46.0964 5964 Boot type: Normal boot
19:28:46.0964 5964 ============================================================
19:28:47.0406 5964 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:28:47.0419 5964 ============================================================
19:28:47.0419 5964 \Device\Harddisk0\DR0:
19:28:47.0420 5964 MBR partitions:
19:28:47.0420 5964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE000, BlocksNum 0x23F4F800
19:28:47.0420 5964 ============================================================
19:28:47.0447 5964 C: <-> \Device\Harddisk0\DR0\Partition1
19:28:47.0447 5964 ============================================================
19:28:47.0447 5964 Initialize success
19:28:47.0447 5964 ============================================================
19:29:19.0020 6984 ============================================================
19:29:19.0020 6984 Scan started
19:29:19.0020 6984 Mode: Manual; SigCheck; TDLFS;
19:29:19.0020 6984 ============================================================
19:29:19.0230 6984 ================ Scan system memory ========================
19:29:19.0230 6984 System memory - ok
19:29:19.0231 6984 ================ Scan services =============================
19:29:19.0404 6984 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:29:19.0556 6984 1394ohci - ok
19:29:19.0612 6984 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:29:19.0649 6984 ACPI - ok
19:29:19.0677 6984 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:29:19.0776 6984 AcpiPmi - ok
19:29:19.0849 6984 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:29:19.0871 6984 AdobeARMservice - ok
19:29:19.0923 6984 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
19:29:19.0957 6984 adp94xx - ok
19:29:20.0009 6984 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
19:29:20.0042 6984 adpahci - ok
19:29:20.0100 6984 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
19:29:20.0124 6984 adpu320 - ok
19:29:20.0147 6984 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:29:20.0299 6984 AeLookupSvc - ok
19:29:20.0355 6984 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
19:29:20.0427 6984 AFD - ok
19:29:20.0493 6984 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
19:29:20.0576 6984 AgereSoftModem - ok
19:29:20.0613 6984 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
19:29:20.0643 6984 agp440 - ok
19:29:20.0686 6984 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:29:20.0730 6984 ALG - ok
19:29:20.0766 6984 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
19:29:20.0781 6984 aliide - ok
19:29:20.0786 6984 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
19:29:20.0800 6984 amdide - ok
19:29:20.0831 6984 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
19:29:20.0859 6984 AmdK8 - ok
19:29:20.0873 6984 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
19:29:20.0902 6984 AmdPPM - ok
19:29:20.0941 6984 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:29:20.0957 6984 amdsata - ok
19:29:20.0979 6984 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
19:29:20.0995 6984 amdsbs - ok
19:29:21.0011 6984 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:29:21.0024 6984 amdxata - ok
19:29:21.0122 6984 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:29:21.0148 6984 AntiVirSchedulerService - ok
19:29:21.0167 6984 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:29:21.0181 6984 AntiVirService - ok
19:29:21.0226 6984 [ 9FD4E8B6CA36B2593A1E253A41D2DFA3 ] ApfiltrService C:\windows\system32\drivers\Apfiltr.sys
19:29:21.0263 6984 ApfiltrService - ok
19:29:21.0326 6984 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\windows\system32\inetsrv\apphostsvc.dll
19:29:21.0378 6984 AppHostSvc - ok
19:29:21.0413 6984 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
19:29:21.0569 6984 AppID - ok
19:29:21.0610 6984 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:29:21.0700 6984 AppIDSvc - ok
19:29:21.0743 6984 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
19:29:21.0808 6984 Appinfo - ok
19:29:21.0841 6984 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
19:29:21.0894 6984 AppMgmt - ok
19:29:21.0917 6984 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
19:29:21.0929 6984 arc - ok
19:29:21.0942 6984 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
19:29:21.0955 6984 arcsas - ok
19:29:22.0072 6984 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:29:22.0092 6984 aspnet_state - ok
19:29:22.0129 6984 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:29:22.0215 6984 AsyncMac - ok
19:29:22.0243 6984 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
19:29:22.0254 6984 atapi - ok
19:29:22.0309 6984 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\windows\system32\DRIVERS\athrx.sys
19:29:22.0401 6984 athr - ok
19:29:22.0509 6984 [ A9DDCA3E344D3018D067AE089A0CCAF0 ] ATService C:\Program Files\Fingerprint Sensor\ATService.exe
19:29:22.0591 6984 ATService - ok
19:29:22.0649 6984 [ 474EE95924D3FDA71D834A3847136F11 ] ATSwpWDF C:\windows\system32\Drivers\ATSwpWDF.sys
19:29:22.0679 6984 ATSwpWDF - ok
19:29:22.0726 6984 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:29:22.0802 6984 AudioEndpointBuilder - ok
19:29:22.0812 6984 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:29:22.0860 6984 AudioSrv - ok
19:29:23.0064 6984 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
19:29:23.0250 6984 AVGIDSAgent - ok
19:29:23.0298 6984 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys
19:29:23.0309 6984 AVGIDSDriver - ok
19:29:23.0332 6984 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfiltera.sys
19:29:23.0341 6984 AVGIDSFilter - ok
19:29:23.0391 6984 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys
19:29:23.0413 6984 AVGIDSHA - ok
19:29:23.0465 6984 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
19:29:23.0496 6984 Avgldx64 - ok
19:29:23.0530 6984 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
19:29:23.0542 6984 Avgmfx64 - ok
19:29:23.0550 6984 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
19:29:23.0566 6984 avgntflt - ok
19:29:23.0588 6984 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
19:29:23.0598 6984 Avgrkx64 - ok
19:29:23.0620 6984 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
19:29:23.0639 6984 Avgtdia - ok
19:29:23.0662 6984 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:29:23.0675 6984 avgwd - ok
19:29:23.0719 6984 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
19:29:23.0733 6984 avipbb - ok
19:29:23.0746 6984 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
19:29:23.0758 6984 avkmgr - ok
19:29:23.0798 6984 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
19:29:23.0906 6984 AxInstSV - ok
19:29:23.0954 6984 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
19:29:24.0024 6984 b06bdrv - ok
19:29:24.0058 6984 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:29:24.0105 6984 b57nd60a - ok
19:29:24.0148 6984 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:29:24.0202 6984 BDESVC - ok
19:29:24.0214 6984 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:29:24.0257 6984 Beep - ok
19:29:24.0308 6984 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
19:29:24.0380 6984 BFE - ok
19:29:24.0419 6984 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
19:29:24.0484 6984 BITS - ok
19:29:24.0526 6984 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
19:29:24.0553 6984 blbdrive - ok
19:29:24.0590 6984 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:29:24.0631 6984 bowser - ok
19:29:24.0664 6984 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
19:29:24.0707 6984 BrFiltLo - ok
19:29:24.0732 6984 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
19:29:24.0760 6984 BrFiltUp - ok
19:29:24.0828 6984 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
19:29:24.0866 6984 Browser - ok
19:29:24.0880 6984 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:29:24.0910 6984 Brserid - ok
19:29:24.0934 6984 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:29:24.0975 6984 BrSerWdm - ok
19:29:24.0994 6984 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:29:25.0033 6984 BrUsbMdm - ok
19:29:25.0057 6984 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:29:25.0106 6984 BrUsbSer - ok
19:29:25.0144 6984 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
19:29:25.0187 6984 BTHMODEM - ok
19:29:25.0226 6984 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:29:25.0270 6984 bthserv - ok
19:29:25.0307 6984 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:29:25.0368 6984 cdfs - ok
19:29:25.0400 6984 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:29:25.0414 6984 cdrom - ok
19:29:25.0440 6984 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
19:29:25.0500 6984 CertPropSvc - ok
19:29:25.0610 6984 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
19:29:25.0638 6984 cfWiMAXService - ok
19:29:25.0670 6984 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
19:29:25.0741 6984 circlass - ok
19:29:25.0778 6984 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:29:25.0811 6984 CLFS - ok
19:29:25.0875 6984 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:29:25.0903 6984 clr_optimization_v2.0.50727_32 - ok
19:29:25.0935 6984 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:29:25.0952 6984 clr_optimization_v2.0.50727_64 - ok
19:29:26.0017 6984 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:29:26.0050 6984 clr_optimization_v4.0.30319_32 - ok
19:29:26.0063 6984 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:29:26.0080 6984 clr_optimization_v4.0.30319_64 - ok
19:29:26.0100 6984 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
19:29:26.0142 6984 CmBatt - ok
19:29:26.0169 6984 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
19:29:26.0182 6984 cmdide - ok
19:29:26.0228 6984 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
19:29:26.0276 6984 CNG - ok
19:29:26.0296 6984 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
19:29:26.0308 6984 Compbatt - ok
19:29:26.0361 6984 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
19:29:26.0399 6984 CompositeBus - ok
19:29:26.0412 6984 COMSysApp - ok
19:29:26.0440 6984 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:29:26.0453 6984 ConfigFree Service - ok
19:29:26.0466 6984 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
19:29:26.0482 6984 crcdisk - ok
19:29:26.0537 6984 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
19:29:26.0598 6984 CryptSvc - ok
19:29:26.0634 6984 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys
19:29:26.0699 6984 CSC - ok
19:29:26.0748 6984 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll
19:29:26.0812 6984 CscService - ok
19:29:26.0862 6984 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
19:29:26.0950 6984 DcomLaunch - ok
19:29:26.0998 6984 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:29:27.0073 6984 defragsvc - ok
19:29:27.0115 6984 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:29:27.0176 6984 DfsC - ok
19:29:27.0211 6984 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
19:29:27.0267 6984 Dhcp - ok
19:29:27.0278 6984 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:29:27.0344 6984 discache - ok
19:29:27.0378 6984 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
19:29:27.0390 6984 Disk - ok
19:29:27.0424 6984 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\windows\system32\drivers\dmvsc.sys
19:29:27.0476 6984 dmvsc - ok
19:29:27.0503 6984 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:29:27.0551 6984 Dnscache - ok
19:29:27.0571 6984 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
19:29:27.0642 6984 dot3svc - ok
19:29:27.0666 6984 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
19:29:27.0727 6984 DPS - ok
19:29:27.0762 6984 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:29:27.0814 6984 drmkaud - ok
19:29:27.0852 6984 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys
19:29:27.0869 6984 dtsoftbus01 - ok
19:29:27.0901 6984 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:29:27.0938 6984 DXGKrnl - ok
19:29:27.0967 6984 [ BF3AF22106627DFF3EF7BAB133C969EA ] e1kexpress C:\windows\system32\DRIVERS\e1k62x64.sys
19:29:27.0984 6984 e1kexpress - ok
19:29:28.0006 6984 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:29:28.0067 6984 EapHost - ok
19:29:28.0171 6984 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
19:29:28.0300 6984 ebdrv - ok
19:29:28.0357 6984 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
19:29:28.0416 6984 EFS - ok
19:29:28.0476 6984 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:29:28.0566 6984 ehRecvr - ok
19:29:28.0591 6984 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
19:29:28.0646 6984 ehSched - ok
19:29:28.0686 6984 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
19:29:28.0726 6984 elxstor - ok
19:29:28.0748 6984 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
19:29:28.0783 6984 ErrDev - ok
19:29:28.0821 6984 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:29:28.0876 6984 EventSystem - ok
19:29:28.0898 6984 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:29:28.0939 6984 exfat - ok
19:29:28.0955 6984 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:29:29.0008 6984 fastfat - ok
19:29:29.0042 6984 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
19:29:29.0109 6984 Fax - ok
19:29:29.0135 6984 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
19:29:29.0179 6984 fdc - ok
19:29:29.0211 6984 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:29:29.0261 6984 fdPHost - ok
19:29:29.0271 6984 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:29:29.0319 6984 FDResPub - ok
19:29:29.0359 6984 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:29:29.0372 6984 FileInfo - ok
19:29:29.0384 6984 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:29:29.0439 6984 Filetrace - ok
19:29:29.0471 6984 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
19:29:29.0483 6984 flpydisk - ok
19:29:29.0500 6984 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:29:29.0517 6984 FltMgr - ok
19:29:29.0549 6984 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
19:29:29.0625 6984 FontCache - ok
19:29:29.0662 6984 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:29:29.0679 6984 FontCache3.0.0.0 - ok
19:29:29.0697 6984 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:29:29.0716 6984 FsDepends - ok
19:29:29.0749 6984 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:29:29.0769 6984 Fs_Rec - ok
19:29:29.0813 6984 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:29:29.0841 6984 fvevol - ok
19:29:29.0875 6984 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
19:29:29.0889 6984 gagp30kx - ok
19:29:29.0931 6984 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
19:29:29.0984 6984 gpsvc - ok
19:29:30.0000 6984 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:29:30.0061 6984 hcw85cir - ok
19:29:30.0103 6984 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:29:30.0146 6984 HdAudAddService - ok
19:29:30.0170 6984 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
19:29:30.0207 6984 HDAudBus - ok
19:29:30.0235 6984 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\drivers\HECIx64.sys
19:29:30.0245 6984 HECIx64 - ok
19:29:30.0269 6984 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
19:29:30.0294 6984 HidBatt - ok
19:29:30.0328 6984 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
19:29:30.0382 6984 HidBth - ok
19:29:30.0420 6984 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
19:29:30.0455 6984 HidIr - ok
19:29:30.0486 6984 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
19:29:30.0530 6984 hidserv - ok
19:29:30.0569 6984 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:29:30.0598 6984 HidUsb - ok
19:29:30.0624 6984 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
19:29:30.0695 6984 hkmsvc - ok
19:29:30.0717 6984 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:29:30.0756 6984 HomeGroupListener - ok
19:29:30.0779 6984 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:29:30.0817 6984 HomeGroupProvider - ok
19:29:30.0848 6984 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:29:30.0863 6984 HpSAMD - ok
19:29:30.0919 6984 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:29:31.0008 6984 HTTP - ok
19:29:31.0048 6984 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:29:31.0061 6984 hwpolicy - ok
19:29:31.0091 6984 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
19:29:31.0107 6984 i8042prt - ok
19:29:31.0142 6984 [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor C:\windows\system32\drivers\iaStor.sys
19:29:31.0163 6984 iaStor - ok
19:29:31.0203 6984 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:29:31.0223 6984 iaStorV - ok
19:29:31.0310 6984 [ 93480110BE459273E4333DD23835DDAC ] IB Updater C:\Program Files\IB Updater\ExtensionUpdaterService.exe
19:29:31.0332 6984 IB Updater - ok
19:29:31.0402 6984 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:29:31.0453 6984 idsvc - ok
19:29:31.0690 6984 [ C02B4A9988A5BE86348C74D6F8CC7E81 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
19:29:32.0035 6984 igfx - ok
19:29:32.0074 6984 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
19:29:32.0091 6984 iirsp - ok
19:29:32.0142 6984 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
19:29:32.0243 6984 IKEEXT - ok
19:29:32.0276 6984 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\drivers\Impcd.sys
19:29:32.0325 6984 Impcd - ok
19:29:32.0427 6984 [ AAB8CD9CF65DAADFDFCECE067650AF13 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:29:32.0485 6984 IntcAzAudAddService - ok
19:29:32.0517 6984 [ 4429B91B0FE91F9BE8E24E93CC960368 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
19:29:32.0578 6984 IntcDAud - ok
19:29:32.0593 6984 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
19:29:32.0616 6984 intelide - ok
19:29:32.0648 6984 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
19:29:32.0677 6984 intelppm - ok
19:29:32.0719 6984 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:29:32.0785 6984 IPBusEnum - ok
19:29:32.0828 6984 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:29:32.0899 6984 IpFilterDriver - ok
19:29:32.0954 6984 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:29:33.0036 6984 iphlpsvc - ok
19:29:33.0047 6984 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:29:33.0084 6984 IPMIDRV - ok
19:29:33.0117 6984 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:29:33.0184 6984 IPNAT - ok
19:29:33.0213 6984 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:29:33.0250 6984 IRENUM - ok
19:29:33.0275 6984 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:29:33.0287 6984 isapnp - ok
19:29:33.0316 6984 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:29:33.0333 6984 iScsiPrt - ok
19:29:33.0364 6984 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
19:29:33.0388 6984 kbdclass - ok
19:29:33.0400 6984 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
19:29:33.0414 6984 kbdhid - ok
19:29:33.0423 6984 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
19:29:33.0437 6984 KeyIso - ok
19:29:33.0473 6984 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:29:33.0486 6984 KSecDD - ok
19:29:33.0496 6984 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:29:33.0512 6984 KSecPkg - ok
19:29:33.0561 6984 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:29:33.0611 6984 ksthunk - ok
19:29:33.0643 6984 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:29:33.0703 6984 KtmRm - ok
19:29:33.0736 6984 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
19:29:33.0794 6984 LanmanServer - ok
19:29:33.0835 6984 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:29:33.0895 6984 LanmanWorkstation - ok
19:29:33.0929 6984 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:29:33.0982 6984 lltdio - ok
19:29:34.0011 6984 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:29:34.0072 6984 lltdsvc - ok
19:29:34.0099 6984 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:29:34.0159 6984 lmhosts - ok
19:29:34.0224 6984 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:29:34.0258 6984 LMS ( UnsignedFile.Multi.Generic ) - warning
19:29:34.0258 6984 LMS - detected UnsignedFile.Multi.Generic (1)
19:29:34.0285 6984 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
19:29:34.0309 6984 LSI_FC - ok
19:29:34.0336 6984 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
19:29:34.0352 6984 LSI_SAS - ok
19:29:34.0376 6984 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
19:29:34.0391 6984 LSI_SAS2 - ok
19:29:34.0410 6984 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
19:29:34.0426 6984 LSI_SCSI - ok
19:29:34.0457 6984 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:29:34.0513 6984 luafv - ok
19:29:34.0536 6984 McAfee SiteAdvisor Service - ok
19:29:34.0564 6984 McMPFSvc - ok
19:29:34.0586 6984 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:29:34.0623 6984 Mcx2Svc - ok
19:29:34.0637 6984 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
19:29:34.0650 6984 megasas - ok
19:29:34.0663 6984 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
19:29:34.0681 6984 MegaSR - ok
19:29:34.0736 6984 Microsoft SharePoint Workspace Audit Service - ok
19:29:34.0764 6984 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:29:34.0829 6984 MMCSS - ok
19:29:34.0852 6984 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:29:34.0908 6984 Modem - ok
19:29:34.0933 6984 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:29:34.0963 6984 monitor - ok
19:29:34.0992 6984 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:29:35.0007 6984 mouclass - ok
19:29:35.0030 6984 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:29:35.0043 6984 mouhid - ok
19:29:35.0057 6984 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:29:35.0070 6984 mountmgr - ok
19:29:35.0097 6984 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
19:29:35.0112 6984 mpio - ok
19:29:35.0133 6984 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:29:35.0174 6984 mpsdrv - ok
19:29:35.0213 6984 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
19:29:35.0274 6984 MpsSvc - ok
19:29:35.0288 6984 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:29:35.0320 6984 MRxDAV - ok
19:29:35.0359 6984 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:29:35.0426 6984 mrxsmb - ok
19:29:35.0451 6984 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:29:35.0473 6984 mrxsmb10 - ok
19:29:35.0478 6984 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:29:35.0494 6984 mrxsmb20 - ok
19:29:35.0518 6984 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
19:29:35.0529 6984 msahci - ok
19:29:35.0543 6984 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:29:35.0557 6984 msdsm - ok
19:29:35.0586 6984 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:29:35.0613 6984 MSDTC - ok
19:29:35.0653 6984 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:29:35.0742 6984 Msfs - ok
19:29:35.0761 6984 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:29:35.0814 6984 mshidkmdf - ok
19:29:35.0844 6984 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:29:35.0856 6984 msisadrv - ok
19:29:35.0889 6984 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:29:35.0947 6984 MSiSCSI - ok
19:29:35.0951 6984 msiserver - ok
19:29:35.0988 6984 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:29:36.0057 6984 MSKSSRV - ok
19:29:36.0074 6984 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:29:36.0130 6984 MSPCLOCK - ok
19:29:36.0134 6984 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:29:36.0180 6984 MSPQM - ok
19:29:36.0208 6984 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:29:36.0227 6984 MsRPC - ok
19:29:36.0243 6984 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
19:29:36.0261 6984 mssmbios - ok
19:29:36.0293 6984 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:29:36.0351 6984 MSTEE - ok
19:29:36.0384 6984 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
19:29:36.0399 6984 MTConfig - ok
19:29:36.0430 6984 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:29:36.0443 6984 Mup - ok
19:29:36.0496 6984 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
19:29:36.0577 6984 napagent - ok
19:29:36.0632 6984 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:29:36.0693 6984 NativeWifiP - ok
19:29:36.0765 6984 [ 2989174DF02E0AEF54BAE90674FB445F ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
19:29:36.0805 6984 NAUpdate - ok
19:29:36.0851 6984 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
19:29:36.0882 6984 NDIS - ok
19:29:36.0923 6984 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:29:36.0980 6984 NdisCap - ok
19:29:37.0014 6984 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:29:37.0052 6984 NdisTapi - ok
19:29:37.0061 6984 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:29:37.0109 6984 Ndisuio - ok
19:29:37.0132 6984 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:29:37.0180 6984 NdisWan - ok
19:29:37.0210 6984 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:29:37.0291 6984 NDProxy - ok
19:29:37.0316 6984 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:29:37.0374 6984 NetBIOS - ok
19:29:37.0392 6984 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:29:37.0430 6984 NetBT - ok
19:29:37.0445 6984 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
19:29:37.0458 6984 Netlogon - ok
19:29:37.0484 6984 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:29:37.0539 6984 Netman - ok
19:29:37.0614 6984 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:37.0632 6984 NetMsmqActivator - ok
19:29:37.0649 6984 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:37.0665 6984 NetPipeActivator - ok
19:29:37.0689 6984 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:29:37.0757 6984 netprofm - ok
19:29:37.0777 6984 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:37.0793 6984 NetTcpActivator - ok
19:29:37.0798 6984 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:29:37.0813 6984 NetTcpPortSharing - ok
19:29:37.0833 6984 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
19:29:37.0845 6984 nfrd960 - ok
19:29:37.0883 6984 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
19:29:37.0916 6984 NlaSvc - ok
19:29:37.0947 6984 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:29:37.0989 6984 Npfs - ok
19:29:38.0018 6984 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:29:38.0061 6984 nsi - ok
19:29:38.0070 6984 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:29:38.0129 6984 nsiproxy - ok
19:29:38.0210 6984 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:29:38.0272 6984 Ntfs - ok
19:29:38.0298 6984 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:29:38.0348 6984 Null - ok
19:29:38.0382 6984 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
19:29:38.0397 6984 nvraid - ok
19:29:38.0416 6984 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
19:29:38.0430 6984 nvstor - ok
19:29:38.0457 6984 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:29:38.0472 6984 nv_agp - ok
19:29:38.0490 6984 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:29:38.0522 6984 ohci1394 - ok
19:29:38.0611 6984 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:29:38.0641 6984 ose - ok
19:29:38.0792 6984 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:29:38.0962 6984 osppsvc - ok
19:29:38.0987 6984 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:29:39.0030 6984 p2pimsvc - ok
19:29:39.0048 6984 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:29:39.0072 6984 p2psvc - ok
19:29:39.0095 6984 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
19:29:39.0128 6984 Parport - ok
19:29:39.0161 6984 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
19:29:39.0175 6984 partmgr - ok
19:29:39.0202 6984 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:29:39.0239 6984 PcaSvc - ok
19:29:39.0262 6984 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
19:29:39.0278 6984 pci - ok
19:29:39.0295 6984 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
19:29:39.0309 6984 pciide - ok
19:29:39.0337 6984 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
19:29:39.0352 6984 pcmcia - ok
19:29:39.0379 6984 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:29:39.0391 6984 pcw - ok
19:29:39.0411 6984 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:29:39.0475 6984 PEAUTH - ok
19:29:39.0525 6984 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
19:29:39.0597 6984 PeerDistSvc - ok
19:29:39.0677 6984 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:29:39.0726 6984 PerfHost - ok
19:29:39.0771 6984 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
19:29:39.0788 6984 PGEffect - ok
19:29:39.0852 6984 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
19:29:39.0944 6984 pla - ok
19:29:39.0988 6984 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:29:40.0048 6984 PlugPlay - ok
19:29:40.0061 6984 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:29:40.0087 6984 PNRPAutoReg - ok
19:29:40.0109 6984 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:29:40.0130 6984 PNRPsvc - ok
19:29:40.0154 6984 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:29:40.0215 6984 PolicyAgent - ok
19:29:40.0252 6984 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
19:29:40.0321 6984 Power - ok
19:29:40.0362 6984 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:29:40.0414 6984 PptpMiniport - ok
19:29:40.0449 6984 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
19:29:40.0499 6984 Processor - ok
19:29:40.0552 6984 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
19:29:40.0620 6984 ProfSvc - ok
19:29:40.0634 6984 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:29:40.0650 6984 ProtectedStorage - ok
19:29:40.0697 6984 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:29:40.0781 6984 Psched - ok
19:29:40.0859 6984 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
19:29:40.0917 6984 ql2300 - ok
19:29:40.0933 6984 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
19:29:40.0946 6984 ql40xx - ok
19:29:40.0972 6984 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:29:40.0994 6984 QWAVE - ok
19:29:41.0009 6984 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:29:41.0043 6984 QWAVEdrv - ok
19:29:41.0061 6984 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:29:41.0112 6984 RasAcd - ok
19:29:41.0152 6984 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:29:41.0191 6984 RasAgileVpn - ok
19:29:41.0211 6984 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:29:41.0268 6984 RasAuto - ok
19:29:41.0291 6984 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:29:41.0355 6984 Rasl2tp - ok
19:29:41.0379 6984 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
19:29:41.0422 6984 RasMan - ok
19:29:41.0452 6984 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:29:41.0507 6984 RasPppoe - ok
19:29:41.0525 6984 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:29:41.0585 6984 RasSstp - ok
19:29:41.0621 6984 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:29:41.0678 6984 rdbss - ok
19:29:41.0704 6984 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
19:29:41.0738 6984 rdpbus - ok
19:29:41.0767 6984 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:29:41.0808 6984 RDPCDD - ok
19:29:41.0824 6984 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
19:29:41.0846 6984 RDPDR - ok
19:29:41.0862 6984 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:29:41.0916 6984 RDPENCDD - ok
19:29:41.0934 6984 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:29:41.0971 6984 RDPREFMP - ok
19:29:42.0011 6984 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:29:42.0057 6984 RDPWD - ok
19:29:42.0094 6984 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:29:42.0114 6984 rdyboost - ok
19:29:42.0133 6984 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:29:42.0174 6984 RemoteAccess - ok
19:29:42.0207 6984 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:29:42.0267 6984 RemoteRegistry - ok
19:29:42.0301 6984 [ F50F87C83C2847040BB6C38210612CB2 ] rimspci C:\windows\system32\drivers\rimspe64.sys
19:29:42.0348 6984 rimspci - ok
19:29:42.0383 6984 [ 9F6E1E02FEA93180585DB20315F16889 ] risdpcie C:\windows\system32\drivers\risdpe64.sys
19:29:42.0417 6984 risdpcie - ok
19:29:42.0448 6984 [ 6A1CD4674505E6791390A1AB71DA1FBE ] rixdpcie C:\windows\system32\drivers\rixdpe64.sys
19:29:42.0505 6984 rixdpcie - ok
19:29:42.0530 6984 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:29:42.0596 6984 RpcEptMapper - ok
19:29:42.0618 6984 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:29:42.0651 6984 RpcLocator - ok
19:29:42.0680 6984 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
19:29:42.0728 6984 RpcSs - ok
19:29:42.0761 6984 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:29:42.0801 6984 rspndr - ok
19:29:42.0822 6984 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys
19:29:42.0854 6984 s3cap - ok
19:29:42.0877 6984 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
19:29:42.0891 6984 SamSs - ok
19:29:42.0917 6984 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:29:42.0931 6984 sbp2port - ok
19:29:42.0961 6984 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:29:43.0019 6984 SCardSvr - ok
19:29:43.0050 6984 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:29:43.0119 6984 scfilter - ok
19:29:43.0152 6984 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
19:29:43.0225 6984 Schedule - ok
19:29:43.0249 6984 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
19:29:43.0287 6984 SCPolicySvc - ok
19:29:43.0329 6984 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
19:29:43.0374 6984 sdbus - ok
19:29:43.0401 6984 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:29:43.0426 6984 SDRSVC - ok
19:29:43.0452 6984 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:29:43.0491 6984 secdrv - ok
19:29:43.0506 6984 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
19:29:43.0545 6984 seclogon - ok
19:29:43.0553 6984 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
19:29:43.0613 6984 SENS - ok
19:29:43.0647 6984 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:29:43.0702 6984 SensrSvc - ok
19:29:43.0716 6984 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
19:29:43.0753 6984 Serenum - ok
19:29:43.0769 6984 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
19:29:43.0794 6984 Serial - ok
19:29:43.0823 6984 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
19:29:43.0853 6984 sermouse - ok
19:29:43.0894 6984 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
19:29:43.0966 6984 SessionEnv - ok
19:29:43.0984 6984 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:29:43.0999 6984 sffdisk - ok
19:29:44.0024 6984 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:29:44.0052 6984 sffp_mmc - ok
19:29:44.0077 6984 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:29:44.0112 6984 sffp_sd - ok
19:29:44.0142 6984 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
19:29:44.0170 6984 sfloppy - ok
19:29:44.0205 6984 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:29:44.0265 6984 SharedAccess - ok
19:29:44.0291 6984 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:29:44.0358 6984 ShellHWDetection - ok
19:29:44.0378 6984 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
19:29:44.0391 6984 SiSRaid2 - ok
19:29:44.0424 6984 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
19:29:44.0436 6984 SiSRaid4 - ok
19:29:44.0468 6984 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:29:44.0526 6984 Smb - ok
19:29:44.0564 6984 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:29:44.0597 6984 SNMPTRAP - ok
19:29:44.0614 6984 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:29:44.0627 6984 spldr - ok
19:29:44.0657 6984 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
19:29:44.0698 6984 Spooler - ok
19:29:44.0801 6984 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
19:29:44.0964 6984 sppsvc - ok
19:29:44.0982 6984 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:29:45.0021 6984 sppuinotify - ok
19:29:45.0054 6984 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
19:29:45.0116 6984 srv - ok
19:29:45.0136 6984 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:29:45.0173 6984 srv2 - ok
19:29:45.0193 6984 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:29:45.0211 6984 srvnet - ok
19:29:45.0241 6984 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:29:45.0291 6984 SSDPSRV - ok
19:29:45.0301 6984 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:29:45.0342 6984 SstpSvc - ok
19:29:45.0372 6984 Steam Client Service - ok
19:29:45.0391 6984 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
19:29:45.0403 6984 stexstor - ok
19:29:45.0437 6984 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
19:29:45.0486 6984 stisvc - ok
19:29:45.0508 6984 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys
19:29:45.0522 6984 storflt - ok
19:29:45.0545 6984 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll
19:29:45.0583 6984 StorSvc - ok
19:29:45.0610 6984 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys
19:29:45.0625 6984 storvsc - ok
19:29:45.0652 6984 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
19:29:45.0666 6984 swenum - ok
19:29:45.0705 6984 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:29:45.0759 6984 swprv - ok
19:29:45.0810 6984 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
19:29:45.0870 6984 SysMain - ok
19:29:45.0900 6984 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:29:45.0940 6984 TabletInputService - ok
19:29:45.0960 6984 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
19:29:46.0019 6984 TapiSrv - ok
19:29:46.0038 6984 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:29:46.0077 6984 TBS - ok
19:29:46.0160 6984 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:29:46.0223 6984 Tcpip - ok
19:29:46.0259 6984 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:29:46.0302 6984 TCPIP6 - ok
19:29:46.0340 6984 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:29:46.0355 6984 tcpipreg - ok
19:29:46.0381 6984 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
19:29:46.0401 6984 tdcmdpst - ok
19:29:46.0429 6984 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:29:46.0470 6984 TDPIPE - ok
19:29:46.0490 6984 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:29:46.0516 6984 TDTCP - ok
19:29:46.0545 6984 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:29:46.0589 6984 tdx - ok
19:29:46.0638 6984 [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
19:29:46.0651 6984 TemproMonitoringService - ok
19:29:46.0678 6984 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
19:29:46.0695 6984 TermDD - ok
19:29:46.0739 6984 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
19:29:46.0813 6984 TermService - ok
19:29:46.0827 6984 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:29:46.0846 6984 Themes - ok
19:29:46.0898 6984 [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
19:29:46.0921 6984 Thpdrv - ok
19:29:46.0966 6984 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\drivers\Thpevm.SYS
19:29:46.0986 6984 Thpevm - ok
19:29:47.0015 6984 [ 9B032A63A0553A2D872815C64A0288BE ] Thpsrv C:\windows\system32\ThpSrv.exe
19:29:47.0049 6984 Thpsrv ( UnsignedFile.Multi.Generic ) - warning
19:29:47.0049 6984 Thpsrv - detected UnsignedFile.Multi.Generic (1)
19:29:47.0075 6984 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:29:47.0116 6984 THREADORDER - ok
19:29:47.0164 6984 [ 199C2E87D9A5EC58D0BCD94E893BF629 ] TIEHDUSB C:\windows\system32\DRIVERS\tiehdusb.sys
19:29:47.0214 6984 TIEHDUSB - ok
19:29:47.0270 6984 [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:29:47.0291 6984 TMachInfo - ok
19:29:47.0319 6984 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
19:29:47.0343 6984 TODDSrv - ok
19:29:47.0418 6984 [ BF289F175C1307B4B72D1A17806EF83C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:29:47.0442 6984 TosCoSrv - ok
19:29:47.0511 6984 [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
19:29:47.0527 6984 TOSHIBA Bluetooth Service - ok
19:29:47.0602 6984 [ 0437D8936DF27FF6BA3BFDC4EB6A802D ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:29:47.0629 6984 TOSHIBA eco Utility Service - ok
19:29:47.0658 6984 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:29:47.0671 6984 TOSHIBA HDD SSD Alert Service - ok
19:29:47.0701 6984 [ 755E5CA34D6186FC0E1430CD47E6E97C ] toshidpt C:\windows\system32\drivers\Toshidpt.sys
19:29:47.0711 6984 toshidpt - ok
19:29:47.0739 6984 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\windows\system32\drivers\tosporte.sys
19:29:47.0750 6984 tosporte - ok
19:29:47.0762 6984 Tosrfcom - ok
19:29:47.0796 6984 [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec C:\windows\system32\drivers\tosrfec.sys
19:29:47.0806 6984 tosrfec - ok
19:29:47.0844 6984 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
19:29:47.0867 6984 tos_sps64 - ok
19:29:47.0899 6984 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
19:29:47.0913 6984 TPM - ok
19:29:47.0941 6984 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:29:47.0994 6984 TrkWks - ok
19:29:48.0048 6984 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:29:48.0116 6984 TrustedInstaller - ok
19:29:48.0128 6984 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:29:48.0182 6984 tssecsrv - ok
19:29:48.0208 6984 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:29:48.0233 6984 TsUsbFlt - ok
19:29:48.0262 6984 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
19:29:48.0288 6984 TsUsbGD - ok
19:29:48.0320 6984 [ B95378E4245105980B7B91432872589E ] TTPDSrv C:\windows\System32\TTPDSRV.exe
19:29:48.0345 6984 TTPDSrv ( UnsignedFile.Multi.Generic ) - warning
19:29:48.0345 6984 TTPDSrv - detected UnsignedFile.Multi.Generic (1)
19:29:48.0396 6984 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:29:48.0467 6984 tunnel - ok
19:29:48.0513 6984 [ EFFCE6E033EBDD0F3C0F14A413558F65 ] TVALZ C:\windows\system32\drivers\TVALZ.SYS
19:29:48.0532 6984 TVALZ - ok
19:29:48.0554 6984 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
19:29:48.0568 6984 uagp35 - ok
19:29:48.0597 6984 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:29:48.0653 6984 udfs - ok
19:29:48.0680 6984 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:29:48.0707 6984 UI0Detect - ok
19:29:48.0738 6984 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:29:48.0752 6984 uliagpkx - ok
19:29:48.0793 6984 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:29:48.0820 6984 umbus - ok
19:29:48.0861 6984 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
19:29:48.0888 6984 UmPass - ok
19:29:48.0908 6984 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll
19:29:48.0935 6984 UmRdpService - ok
19:29:49.0071 6984 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:29:49.0130 6984 UNS ( UnsignedFile.Multi.Generic ) - warning
19:29:49.0130 6984 UNS - detected UnsignedFile.Multi.Generic (1)
19:29:49.0164 6984 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:29:49.0226 6984 upnphost - ok
19:29:49.0249 6984 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:29:49.0294 6984 usbccgp - ok
19:29:49.0337 6984 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:29:49.0357 6984 usbcir - ok
19:29:49.0375 6984 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
19:29:49.0401 6984 usbehci - ok
19:29:49.0439 6984 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\drivers\usbhub.sys
19:29:49.0471 6984 usbhub - ok
19:29:49.0487 6984 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
19:29:49.0514 6984 usbohci - ok
19:29:49.0541 6984 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
19:29:49.0573 6984 usbprint - ok
19:29:49.0607 6984 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
19:29:49.0627 6984 usbscan - ok
19:29:49.0650 6984 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:29:49.0685 6984 USBSTOR - ok
19:29:49.0697 6984 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:29:49.0724 6984 usbuhci - ok
19:29:49.0762 6984 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
19:29:49.0791 6984 usbvideo - ok
19:29:49.0810 6984 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:29:49.0868 6984 UxSms - ok
19:29:49.0889 6984 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
19:29:49.0901 6984 VaultSvc - ok
19:29:49.0932 6984 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:29:49.0945 6984 vdrvroot - ok
19:29:49.0964 6984 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
19:29:50.0028 6984 vds - ok
19:29:50.0058 6984 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:29:50.0074 6984 vga - ok
19:29:50.0084 6984 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:29:50.0132 6984 VgaSave - ok
19:29:50.0164 6984 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:29:50.0180 6984 vhdmp - ok
19:29:50.0201 6984 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
19:29:50.0214 6984 viaide - ok
19:29:50.0277 6984 [ F307DA7E96BC760B4628E204E234DCD0 ] Virtual Router C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
19:29:50.0294 6984 Virtual Router ( UnsignedFile.Multi.Generic ) - warning
19:29:50.0294 6984 Virtual Router - detected UnsignedFile.Multi.Generic (1)
19:29:50.0329 6984 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys
19:29:50.0358 6984 vmbus - ok
19:29:50.0376 6984 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
19:29:50.0413 6984 VMBusHID - ok
19:29:50.0444 6984 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:29:50.0468 6984 volmgr - ok
19:29:50.0500 6984 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:29:50.0518 6984 volmgrx - ok
19:29:50.0550 6984 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
19:29:50.0586 6984 volsnap - ok
19:29:50.0609 6984 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
19:29:50.0627 6984 vsmraid - ok
19:29:50.0686 6984 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
19:29:50.0758 6984 VSS - ok
19:29:50.0794 6984 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:29:50.0849 6984 vwifibus - ok
19:29:50.0885 6984 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:29:50.0917 6984 vwififlt - ok
19:29:50.0965 6984 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
19:29:51.0002 6984 vwifimp - ok
19:29:51.0033 6984 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:29:51.0079 6984 W32Time - ok
19:29:51.0147 6984 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\windows\system32\inetsrv\iisw3adm.dll
19:29:51.0169 6984 W3SVC - ok
19:29:51.0184 6984 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
19:29:51.0208 6984 WacomPen - ok
19:29:51.0246 6984 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:29:51.0301 6984 WANARP - ok
19:29:51.0305 6984 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:29:51.0346 6984 Wanarpv6 - ok
19:29:51.0380 6984 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\windows\system32\inetsrv\iisw3adm.dll
19:29:51.0397 6984 WAS - ok
19:29:51.0440 6984 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
19:29:51.0522 6984 wbengine - ok
19:29:51.0544 6984 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:29:51.0581 6984 WbioSrvc - ok
19:29:51.0614 6984 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
19:29:51.0657 6984 wcncsvc - ok
19:29:51.0680 6984 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:29:51.0717 6984 WcsPlugInService - ok
19:29:51.0744 6984 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
19:29:51.0757 6984 Wd - ok
19:29:51.0809 6984 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:29:51.0842 6984 Wdf01000 - ok
19:29:51.0860 6984 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:29:51.0964 6984 WdiServiceHost - ok
19:29:51.0967 6984 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:29:51.0991 6984 WdiSystemHost - ok
19:29:52.0020 6984 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
19:29:52.0061 6984 WebClient - ok
19:29:52.0087 6984 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:29:52.0147 6984 Wecsvc - ok
19:29:52.0171 6984 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:29:52.0227 6984 wercplsupport - ok
19:29:52.0263 6984 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:29:52.0304 6984 WerSvc - ok
19:29:52.0334 6984 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:29:52.0370 6984 WfpLwf - ok
19:29:52.0376 6984 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:29:52.0388 6984 WIMMount - ok
19:29:52.0418 6984 WinDefend - ok
19:29:52.0425 6984 WinHttpAutoProxySvc - ok
19:29:52.0479 6984 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:29:52.0556 6984 Winmgmt - ok
19:29:52.0631 6984 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
19:29:52.0721 6984 WinRM - ok
19:29:52.0776 6984 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUSB.sys
19:29:52.0817 6984 WinUsb - ok
19:29:52.0862 6984 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:29:52.0914 6984 Wlansvc - ok
19:29:52.0978 6984 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:29:53.0002 6984 wlcrasvc - ok
19:29:53.0100 6984 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:29:53.0171 6984 wlidsvc - ok
19:29:53.0186 6984 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
19:29:53.0218 6984 WmiAcpi - ok
19:29:53.0260 6984 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:29:53.0305 6984 wmiApSrv - ok
19:29:53.0335 6984 WMPNetworkSvc - ok
19:29:53.0366 6984 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:29:53.0386 6984 WPCSvc - ok
19:29:53.0403 6984 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:29:53.0419 6984 WPDBusEnum - ok
19:29:53.0435 6984 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:29:53.0473 6984 ws2ifsl - ok
19:29:53.0489 6984 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
19:29:53.0530 6984 wscsvc - ok
19:29:53.0533 6984 WSearch - ok
19:29:53.0616 6984 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
19:29:53.0708 6984 wuauserv - ok
19:29:53.0745 6984 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:29:53.0769 6984 WudfPf - ok
19:29:53.0795 6984 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:29:53.0812 6984 WUDFRd - ok
19:29:53.0821 6984 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:29:53.0849 6984 wudfsvc - ok
19:29:53.0885 6984 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
19:29:53.0929 6984 WwanSvc - ok
19:29:53.0969 6984 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
19:29:53.0994 6984 xusb21 - ok
19:29:54.0018 6984 ================ Scan global ===============================
19:29:54.0031 6984 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:29:54.0075 6984 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
19:29:54.0083 6984 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
19:29:54.0111 6984 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:29:54.0135 6984 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:29:54.0139 6984 [Global] - ok
19:29:54.0140 6984 ================ Scan MBR ==================================
19:29:54.0150 6984 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
19:29:54.0448 6984 \Device\Harddisk0\DR0 - ok
19:29:54.0449 6984 ================ Scan VBR ==================================
19:29:54.0484 6984 [ 74B7DD403BD247B57B97A75B11520358 ] \Device\Harddisk0\DR0\Partition1
19:29:54.0486 6984 \Device\Harddisk0\DR0\Partition1 - ok
19:29:54.0487 6984 ============================================================
19:29:54.0487 6984 Scan finished
19:29:54.0487 6984 ============================================================
19:29:54.0515 6828 Detected object count: 5
19:29:54.0515 6828 Actual detected object count: 5
19:30:26.0043 6828 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:26.0044 6828 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:26.0045 6828 Thpsrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:26.0045 6828 Thpsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:26.0047 6828 TTPDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:26.0047 6828 TTPDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:26.0049 6828 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:26.0049 6828 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:26.0051 6828 Virtual Router ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:26.0051 6828 Virtual Router ( UnsignedFile.Multi.Generic ) - User select action: Skip
lg momo |
|
26.01.2013, 19:55
| #19 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.01.2013, 20:43
| #20 |
| | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden So hier mal die combofix log Code:
ATTFilter ComboFix 13-01-27.03 - Schüler 27.01.2013 20:09:28.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.5872.3933 [GMT 1:00]
ausgeführt von:: c:\users\Schüler\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\programdata\reyalpclv.pad
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-27 bis 2013-01-27 ))))))))))))))))))))))))))))))
.
.
2013-01-27 19:18 . 2013-01-27 19:18 -------- d-----w- c:\users\setup\AppData\Local\temp
2013-01-27 19:18 . 2013-01-27 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-24 16:12 . 2013-01-24 16:12 -------- d-----w- c:\programdata\Malwarebytes
2013-01-22 18:57 . 2013-01-22 18:57 -------- d-----w- c:\program files (x86)\Trojan Remover
2013-01-22 18:57 . 2013-01-22 18:57 -------- d-----w- c:\programdata\Simply Super Software
2013-01-22 18:41 . 2013-01-24 16:45 -------- d-----w- c:\users\Schüler\AppData\Roaming\Dropbox
2013-01-10 16:02 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-10 16:02 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-10 15:47 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 23:01 . 2012-06-01 05:36 192000 ----a-w- c:\windows\system32\iisRtl.dll
2013-01-09 23:00 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 23:00 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 23:00 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 23:00 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-09 22:47 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 22:47 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 18:57 . 2013-01-08 19:27 -------- d-----w- c:\users\Schüler\AppData\Local\ApplicationHistory
2013-01-08 18:56 . 2013-01-08 18:56 -------- d-----w- c:\program files (x86)\Common Files\SpellEx
2013-01-08 17:20 . 2013-01-08 18:56 -------- d-----w- c:\program files (x86)\Common Files\TI Shared
2013-01-08 17:20 . 2013-01-08 17:20 -------- d-----w- c:\program files\DIFX
2013-01-08 17:20 . 2009-09-03 15:30 128512 ----a-w- c:\windows\system32\drivers\tiehdusb.sys
2013-01-08 17:20 . 2013-01-08 18:56 -------- d-----w- c:\program files (x86)\TI Education
2013-01-08 17:17 . 2013-01-08 17:17 -------- d-----w- c:\windows\SysWow64\BestPractices
2013-01-08 17:17 . 2013-01-08 17:17 -------- d-----w- c:\windows\system32\BestPractices
2013-01-08 17:17 . 2013-01-08 17:17 -------- d-----w- C:\inetpub
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 23:01 . 2011-09-21 11:11 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-21 22:56 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 22:56 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:56 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:56 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-11 16:42 . 2012-10-11 13:28 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 16:42 . 2012-10-11 13:28 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-30 04:45 . 2013-01-10 15:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-20 07:30 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-20 07:30 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-20 07:30 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-20 07:30 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-20 07:30 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-20 07:30 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-20 07:30 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-20 07:30 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-20 07:30 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-20 07:30 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-20 07:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-20 07:30 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-20 07:30 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-20 07:30 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-20 07:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-20 07:30 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-20 07:30 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-20 07:30 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-20 07:30 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-20 07:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-20 07:30 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-20 07:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-18 21:04 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-18 21:04 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-18 20:48 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-18 20:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-12-18 617880]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2012-12-18 12:37 617880 ----a-w- c:\users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2012-11-26 13:39 170840 ----a-w- c:\program files\IB Updater\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-12-18 617880]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Schüler\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Schüler\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Schüler\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"SDP"="c:\program files (x86)\FilesFrog Update Checker\update_checker.exe" [2012-10-03 201808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]
"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 80840]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-09-14 1247504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-6-19 1470848]
Virtual Router Manager.lnk - c:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe [2012-12-24 22486]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 TTPDSrv;TOSHIBA Touch Pad Service;c:\windows\System32\TTPDSRV.exe [2007-11-07 73728]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-05-08 482384]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-06-17 2734912]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [2012-11-26 188760]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys [2010-06-23 64512]
S2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe64.sys [2010-05-07 80384]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys [2009-07-04 55808]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-06-17 770152]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-15 283200]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-07-20 342704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-31 317440]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 62386849
*NewlyCreated* - ASWMBR
*Deregistered* - 62386849
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon]
@="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}"
[HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}]
2010-03-02 08:24 153520 ----a-w- c:\program files\TOSHIBA\TFPU\TFPUOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Schüler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Schüler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Schüler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Schüler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-30 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-30 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-30 417304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-30 8305664]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-01-06 315392]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TFPUPWDBankService"="c:\program files\TOSHIBA\TFPU\TFPUPWDBank.exe" [2010-03-02 925104]
"TFPUService"="c:\program files\TOSHIBA\TFPU\TFPUTaskMonitor.exe" [2010-11-04 789368]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-06-19 150992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Schüler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6PQTFXqx0t&&i=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQTFXqx0t&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 6cf4ed55000000000000e89d87e2202d
FF - user.js: extensions.incredibar_i.instlDay - 15698
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:37
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQTFXqx0t
FF - user.js: extensions.incredibar_i.upn2n - 92544151074464289
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
Toolbar-Locked - (no file)
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKLM-Run-TNRotate - %ProgramFiles(x86)%\TOSHIBA\TNRotate\TNRotate.exe
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2571110905-46770084-1883573713-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:44,42,17,c8,f8,86,41,23,8c,e8,61,c6,22,2f,72,bb,b2,84,c3,10,2a,49,31,
8d,d2,79,ee,2c,74,1e,b4,a4,de,40,fd,79,40,f5,ec,d5,8b,3d,2b,1e,2b,db,c1,e1,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-2571110905-46770084-1883573713-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:75,fa,cf,9b,d0,6e,d1,58,1e,62,12,f7,cc,c2,3d,26,02,e8,c1,91,74,
96,3c,75,cb,ac,8c,88,f3,67,f2,73,12,29,7e,74,a5,f0,09,a1,0d,3e,1a,e3,5c,e4,\
"rkeysecu"=hex:05,65,e7,eb,f6,85,f6,b6,ee,cd,c8,81,0c,38,80,b2
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-27 20:39:16
ComboFix-quarantined-files.txt 2013-01-27 19:39
.
Vor Suchlauf: 9 Verzeichnis(se), 219.176.521.728 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 219.025.416.192 Bytes frei
.
- - End Of File - - 845D105180BBFB6D6D6927EB09ED6E93
|
|
28.01.2013, 11:59
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werdenZitat:
 Warum hast du AVG und AntiVir gleichzeitig installiert?!
__________________ --> Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden |
|
28.01.2013, 14:19
| #22 |
| | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Weil ich als ich anfangs dieses problem hatte alle möglichen programme versucht habe aber es hat keines was gebracht da hab ich dann warscheinlich beim deinstallieren was übersehen welches soll ich deiner meinung nach deinstallieren? lg momo |
|
28.01.2013, 14:28
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Deinstalliere beide, wenn wir fertig sind kannst du dich zwischen Avast oder MSE entscheiden
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.01.2013, 14:43
| #24 |
| | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Ok habe beide deinstalliert lg momo |
|
28.01.2013, 15:12
| #26 |
| | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Hier die Log Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-28 15:11:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\SCHLER~1\AppData\Local\Temp\pgldypog.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes [62, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075621401 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075621419 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075621431 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007562144a 2 bytes [62, 75]
.text ... * 9
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000756214dd 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007562150d 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007562153d 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075621555 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007562156d 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075621585 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007562159d 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000756215b5 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000756215cd 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes [62, 75]
.text C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe[3924] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes [62, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1280] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\KERNELBASE.dll!HeapCreate 0000000076d5549c 5 bytes JMP 0000000100080800
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes [62, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes [62, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3404] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes [62, 75]
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes [62, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5312] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes [62, 75]
---- User IAT/EAT - GMER 2.0 ----
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef1742750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef1742b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef1747de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef1748130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef1741908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef1741c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef17481d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef1742878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef1747a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef1746c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef17477bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef1747064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef1746544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1964] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef1745e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
---- Threads - GMER 2.0 ----
Thread C:\windows\System32\svchost.exe [1536:2848] 000007feec7e9688
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:4016] 00000000725862ee
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5080] 0000000077d82e25
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5092] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5096] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5100] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5104] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5108] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:2784] 0000000070f50510
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:1768] 000000006b44a510
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:2736] 000000006bc528ad
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:2080] 0000000077d83e45
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:4392] 0000000077d83e45
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:3556] 000000006b44a510
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:4404] 000000006b44a510
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:2084] 000000006b44a510
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:4008] 0000000070f50510
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:2192] 0000000070f50510
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:2488] 00000000380b5990
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5168] 0000000070f50510
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5296] 0000000070f50510
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5376] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5388] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5392] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5396] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5400] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5404] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5408] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5412] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5416] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5420] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5424] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:5976] 0000000070f50510
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:6064] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:6068] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:6072] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:6076] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:6100] 000000007146b420
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:6104] 0000000070f50510
Thread C:\Program Files (x86)\Steam\Steam.exe [3892:6112] 0000000070f50510
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3676:4136] 000007fefc542a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3676:4292] 000007fef4a65124
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\windows\System32\svchost.exe [1536] 000007feffdc0000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [3676] 000007fefdde0000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B5057D49-4CBD-4F43-9CF8-53FE6B2961CF}@InterfaceName isatap.{C08C66FC-E658-4A97-90E5-CA7C17CC3D07}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B5057D49-4CBD-4F43-9CF8-53FE6B2961CF}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 435
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Sch\xb3ler\Desktop\ComboFix.exe 1
---- EOF - GMER 2.0 ----
|
|
28.01.2013, 16:29
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.01.2013, 16:49
| #28 |
| | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werdenCode:
ATTFilter # AdwCleaner v2.109 - Datei am 28/01/2013 um 16:49:12 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Schüler - STMO24
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Schüler\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : IB Updater
***** [Dateien / Ordner] *****
Datei Gefunden : C:\END
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gefunden : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\searchplugins\MyStart Search.xml
Ordner Gefunden : C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gefunden : C:\Program Files\IB Updater
Ordner Gefunden : C:\Users\Schüler\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Schüler\AppData\LocalLow\CT2625848
Ordner Gefunden : C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gefunden : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Ordner Gefunden : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\extensions\ffxtlbr@incredibar.com
Ordner Gefunden : C:\Users\Schüler\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Somoto
Schlüssel Gefunden : HKCU\Software\WNLT
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\I
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SmartBar.CT2625848
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{63BEF061-5EFC-4753-9806-ED0573BC7C4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\IB Updater
Schlüssel Gefunden : HKLM\Software\incredibar.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-2571110905-46770084-1883573713-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26
-\\ Mozilla Firefox v6.0.2 (de)
Datei : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\prefs.js
Gefunden : user_pref("CT2625848.autoDisableScopes", -1);
Gefunden : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26");
Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26");
Gefunden : user_pref("browser.search.defaultenginename", "MyStart Search");
Gefunden : user_pref("browser.search.selectedEngine", "MyStart Search");
Gefunden : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6PQTFXqx0t&&i=26&search="[...]
*************************
AdwCleaner[R1].txt - [10728 octets] - [28/01/2013 16:49:12]
########## EOF - C:\AdwCleaner[R1].txt - [10789 octets] ##########
|
|
28.01.2013, 16:50
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.01.2013, 18:42
| #30 |
| | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden adwcleaner. Code:
ATTFilter # AdwCleaner v2.109 - Datei am 28/01/2013 um 17:07:38 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Schüler - STMO24
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Schüler\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : IB Updater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\searchplugins\MyStart Search.xml
Ordner Gelöscht : C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gelöscht : C:\Program Files\IB Updater
Ordner Gelöscht : C:\Users\Schüler\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Schüler\AppData\LocalLow\CT2625848
Ordner Gelöscht : C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gelöscht : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Ordner Gelöscht : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\extensions\ffxtlbr@incredibar.com
Ordner Gelöscht : C:\Users\Schüler\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartBar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{63BEF061-5EFC-4753-9806-ED0573BC7C4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26 --> hxxp://www.google.com
-\\ Mozilla Firefox v6.0.2 (de)
Datei : C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\prefs.js
C:\Users\Schüler\AppData\Roaming\Mozilla\Firefox\Profiles\vpfujy5y.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2625848.autoDisableScopes", -1);
Gelöscht : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26");
Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26");
Gelöscht : user_pref("browser.search.defaultenginename", "MyStart Search");
Gelöscht : user_pref("browser.search.selectedEngine", "MyStart Search");
Gelöscht : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6PQTFXqx0t&&i=26&search="[...]
*************************
AdwCleaner[R1].txt - [10819 octets] - [28/01/2013 16:49:12]
AdwCleaner[S1].txt - [10683 octets] - [28/01/2013 17:07:38]
########## EOF - C:\AdwCleaner[S1].txt - [10744 octets] ##########
Code:
ATTFilter OTL logfile created on: 28.01.2013 18:10:17 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Schüler\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,73 Gb Total Physical Memory | 4,07 Gb Available Physical Memory | 71,02% Memory free 11,47 Gb Paging File | 9,52 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287,66 Gb Total Space | 204,25 Gb Free Space | 71,01% Space Free | Partition Type: NTFS Computer Name: STMO24 | User Name: Schüler | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Schüler\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\sdl.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () ========== Services (SafeList) ========== SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (TTPDSrv) -- C:\Windows\SysNative\TTPDSRV.exe (TOSHIBA Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (Virtual Router) -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe (Chris Pietschmann (hxxp://pietschsoft.com)) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC) DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (TIEHDUSB) -- C:\Windows\SysNative\drivers\tiehdusb.sys (Texas Instruments) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC) DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation) DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (toshidpt) -- C:\Windows\SysNative\drivers\Toshidpt.sys (TOSHIBA Corporation.) DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{39AC0BA7-DB5E-4EE0-B51A-0C21AB25DFD9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{39AC0BA7-DB5E-4EE0-B51A-0C21AB25DFD9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data] IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes\{148AC8F6-93F1-4CDF-BCA3-DE726CA98804}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes\{4D4EA4F7-B725-45AA-AC8B-F841699F782D}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes\{B304D871-4BB1-4097-89D0-4CEFBDFD3A55}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.18 21:47:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.27 09:42:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.04 13:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schüler\AppData\Roaming\mozilla\Extensions [2013.01.28 17:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schüler\AppData\Roaming\mozilla\Firefox\Profiles\vpfujy5y.default\extensions [2011.09.27 09:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.09.27 09:43:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Programme\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll (TODO: <Company name>) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA) O4:64bit: - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA) O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe () O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-21-2571110905-46770084-1883573713-1001..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2571110905-46770084-1883573713-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Schüler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Schüler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = schuladmin.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6306A8E-9754-4809-A772-A2EC85A87062}: DhcpNameServer = 172.16.128.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE04F0DA-C1E4-48F0-813E-CDA004619CB7}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.28 14:39:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.28 14:32:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.27 20:39:40 | 000,000,000 | ---D | C] -- C:\windows\temp [2013.01.26 20:10:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013.01.26 20:10:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013.01.26 20:10:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013.01.26 20:10:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.26 20:10:01 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013.01.26 20:03:45 | 005,027,618 | R--- | C] (Swearware) -- C:\Users\Schüler\Desktop\ComboFix.exe [2013.01.25 17:19:14 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Schüler\Desktop\tdsskiller.exe [2013.01.25 17:18:16 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Schüler\Desktop\aswMBR.exe [2013.01.24 17:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.24 17:12:41 | 000,000,000 | ---D | C] -- C:\Users\Schüler\Desktop\mbar [2013.01.23 21:10:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schüler\Desktop\OTL.exe [2013.01.22 19:58:12 | 000,000,000 | ---D | C] -- C:\Users\Schüler\Documents\Simply Super Software [2013.01.22 19:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.01.22 19:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2013.01.22 19:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2013.01.22 19:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.01.22 19:45:31 | 000,000,000 | R--D | C] -- C:\Users\Schüler\Desktop\Dropbox [2013.01.22 19:41:39 | 000,000,000 | ---D | C] -- C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.01.22 19:41:14 | 000,000,000 | ---D | C] -- C:\Users\Schüler\AppData\Roaming\Dropbox [2013.01.10 17:02:02 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2013.01.10 17:02:02 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll [2013.01.10 16:49:14 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll [2013.01.10 16:49:14 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs [2013.01.10 16:49:14 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs [2013.01.10 16:49:14 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs [2013.01.10 16:49:14 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs [2013.01.10 16:49:14 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs [2013.01.10 16:49:14 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs [2013.01.10 16:49:14 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs [2013.01.10 16:49:14 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs [2013.01.10 16:49:14 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs [2013.01.10 16:49:14 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs [2013.01.10 16:49:14 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs [2013.01.10 16:49:14 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs [2013.01.10 16:49:14 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs [2013.01.10 16:49:14 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs [2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs [2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs [2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs [2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs [2013.01.10 16:49:14 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs [2013.01.10 16:49:14 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs [2013.01.10 16:49:13 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll [2013.01.10 16:49:13 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll [2013.01.10 16:49:13 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll [2013.01.10 16:49:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs [2013.01.10 16:49:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs [2013.01.10 16:49:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs [2013.01.10 16:49:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs [2013.01.10 16:49:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs [2013.01.10 16:49:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs [2013.01.10 16:49:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs [2013.01.10 16:49:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs [2013.01.10 16:47:35 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2013.01.10 16:47:35 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2013.01.10 16:47:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2013.01.10 16:47:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2013.01.10 16:47:33 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2013.01.10 16:47:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2013.01.10 16:47:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2013.01.10 16:47:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2013.01.10 16:47:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2013.01.10 16:47:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.10 16:47:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.10 16:47:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.10 16:47:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2013.01.10 16:47:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.10 16:47:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.10 16:47:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.10 16:47:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2013.01.10 16:47:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2013.01.10 16:47:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.10 16:47:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.10 16:47:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2013.01.10 00:01:27 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisRtl.dll [2013.01.10 00:01:27 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisRtl.dll [2013.01.10 00:01:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admwprox.dll [2013.01.10 00:01:27 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admwprox.dll [2013.01.10 00:01:26 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ahadmin.dll [2013.01.10 00:01:26 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ahadmin.dll [2013.01.10 00:01:26 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisreset.exe [2013.01.10 00:01:26 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisreset.exe [2013.01.10 00:01:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wamregps.dll [2013.01.10 00:01:26 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisrstap.dll [2013.01.10 00:01:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wamregps.dll [2013.01.10 00:01:26 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisrstap.dll [2013.01.10 00:00:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2013.01.10 00:00:39 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll [2013.01.09 23:47:39 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe [2013.01.08 19:57:26 | 000,000,000 | ---D | C] -- C:\Users\Schüler\AppData\Local\ApplicationHistory [2013.01.08 19:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpellEx [2013.01.08 18:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools [2013.01.08 18:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TI Shared [2013.01.08 18:20:55 | 000,000,000 | ---D | C] -- C:\Users\Schüler\Documents\MyTIData [2013.01.08 18:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2013.01.08 18:20:49 | 000,128,512 | ---- | C] (Texas Instruments) -- C:\windows\SysNative\drivers\tiehdusb.sys [2013.01.08 18:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TI Education [2013.01.08 18:17:58 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\BestPractices [2013.01.08 18:17:55 | 000,000,000 | ---D | C] -- C:\inetpub [2013.01.08 18:17:55 | 000,000,000 | ---D | C] -- C:\windows\SysNative\BestPractices [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.28 17:16:19 | 000,027,344 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.28 17:16:19 | 000,027,344 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.28 17:08:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.01.28 17:08:47 | 323,293,183 | -HS- | M] () -- C:\hiberfil.sys [2013.01.28 16:48:49 | 000,580,235 | ---- | M] () -- C:\Users\Schüler\Desktop\adwcleaner.exe [2013.01.28 14:58:11 | 000,365,568 | ---- | M] () -- C:\Users\Schüler\Desktop\gmer-2.0.18444.exe [2013.01.27 20:06:56 | 005,027,618 | R--- | M] (Swearware) -- C:\Users\Schüler\Desktop\ComboFix.exe [2013.01.25 19:28:10 | 000,000,512 | ---- | M] () -- C:\Users\Schüler\Desktop\MBR.dat [2013.01.25 17:20:33 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Schüler\Desktop\aswMBR.exe [2013.01.25 17:19:47 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Schüler\Desktop\tdsskiller.exe [2013.01.24 17:15:08 | 001,827,682 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.01.24 17:15:08 | 000,781,116 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.01.24 17:15:08 | 000,721,956 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.01.24 17:15:08 | 000,179,592 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.01.24 17:15:08 | 000,146,546 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.01.24 17:12:26 | 013,462,931 | ---- | M] () -- C:\Users\Schüler\Desktop\mbar-1.01.0.1016.zip [2013.01.23 21:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schüler\Desktop\OTL.exe [2013.01.22 19:45:31 | 000,001,014 | ---- | M] () -- C:\Users\Schüler\Desktop\Dropbox.lnk [2013.01.22 19:41:49 | 000,001,024 | ---- | M] () -- C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.14 21:22:10 | 001,801,962 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013.01.10 17:03:16 | 000,000,000 | -H-- | M] () -- C:\Users\Schüler\Documents\Default.rdp [2013.01.10 16:36:50 | 000,425,656 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.01.08 19:57:26 | 000,000,095 | ---- | M] () -- C:\Users\Schüler\AppData\Local\fusioncache.dat [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.28 16:48:36 | 000,580,235 | ---- | C] () -- C:\Users\Schüler\Desktop\adwcleaner.exe [2013.01.28 14:57:58 | 000,365,568 | ---- | C] () -- C:\Users\Schüler\Desktop\gmer-2.0.18444.exe [2013.01.26 20:10:19 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013.01.26 20:10:19 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013.01.26 20:10:19 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013.01.26 20:10:19 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013.01.26 20:10:19 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013.01.25 19:28:10 | 000,000,512 | ---- | C] () -- C:\Users\Schüler\Desktop\MBR.dat [2013.01.24 17:06:13 | 013,462,931 | ---- | C] () -- C:\Users\Schüler\Desktop\mbar-1.01.0.1016.zip [2013.01.22 19:45:31 | 000,001,014 | ---- | C] () -- C:\Users\Schüler\Desktop\Dropbox.lnk [2013.01.22 19:41:49 | 000,001,024 | ---- | C] () -- C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.10 17:03:16 | 000,000,000 | -H-- | C] () -- C:\Users\Schüler\Documents\Default.rdp [2013.01.08 19:57:26 | 000,000,095 | ---- | C] () -- C:\Users\Schüler\AppData\Local\fusioncache.dat [2013.01.08 17:58:05 | 001,801,962 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.10.15 22:06:12 | 000,007,598 | ---- | C] () -- C:\Users\Schüler\AppData\Local\Resmon.ResmonCfg [2012.10.02 11:36:40 | 000,002,604 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.08.05 08:47:28 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.01.2013 18:10:17 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Schüler\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,73 Gb Total Physical Memory | 4,07 Gb Available Physical Memory | 71,02% Memory free
11,47 Gb Paging File | 9,52 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,66 Gb Total Space | 204,25 Gb Free Space | 71,01% Space Free | Partition Type: NTFS
Computer Name: STMO24 | User Name: Schüler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B7E3E6-5FE4-46A9-BF49-C6D147DA7A50}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{02C15CF6-8AE4-4FF4-AFC1-AF96482B88FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8C69B085-7AFE-4240-B9C6-361C0F170B01}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B49787F-0F0D-46E7-A7D4-943843923B34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{0DEEB486-95AF-4145-ABBB-91EEBF50280B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1CE4E265-A69D-4D47-BB56-F8A0BD813C51}" = protocol=17 | dir=in | app=c:\users\schüler\appdata\roaming\dropbox\bin\dropbox.exe |
"{1EF6E5B6-33F9-4A34-BB75-11FD3442CE33}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{301A6BE5-EAE6-4CD7-A9D3-F227EA891CBC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{30EB8756-851E-4C5D-AB9E-8BDC9FA0C126}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{3C5CC506-849C-49C4-BA5E-C53F9DD5CD89}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{45CCF574-BCBF-4FEC-87BA-C3915F72193E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{51372ED5-7434-4D8F-AAA3-3DCB5B553511}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{593EFAE6-ED6C-415E-83F9-ACA0CF102527}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe |
"{5AA6851D-BB4A-4C9B-83E7-78F8D1895056}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{5F7BA0FD-C5DA-46BA-9352-2EAA50079611}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{6BC47E69-A5B3-46DE-9D5B-601948A6FAB2}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{6E0DBC68-E828-4624-A020-05BFEEED69EB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{719DEE4A-58AB-4B70-8134-6D749C0E7C68}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7680A408-1AEE-4997-9EB0-AB74975AE07F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{77CE6EBC-75C0-41BA-B1DB-DFC302D03BCA}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{8674AC11-D7DA-4C7C-AF23-FB96AC366202}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{874A2D9A-AC22-4F24-A73F-C5826FB64EEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8839C9FD-9DF0-4F9B-B86C-4EDDEDC09EFE}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe |
"{89311225-154B-48C2-88BD-039E89A10F2E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{89760F72-3687-4A80-AFE4-07377576EFA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{96C02AF4-004D-4A11-B6D1-7A5CF9156FE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{9719EB81-4109-45DB-82E8-E357AC27B185}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{996C6343-1AFF-4F79-9A95-97DE2ED8706A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{9BEB9FB6-B3C2-4D26-99E9-444407807953}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9D45C11F-5A5C-420E-B3D1-6D21C25E303E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{9E51B848-2C88-4634-91B6-523D8E18A78F}" = protocol=6 | dir=in | app=c:\users\schüler\appdata\roaming\dropbox\bin\dropbox.exe |
"{A91476B6-D67A-405F-BB8F-8B2018EDB110}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{AC909476-8B13-48B2-9526-7DCFDC3CF536}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{B09D6C6A-272A-4160-B38A-E9D66BB529B3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B164D6DD-E77E-4DEF-B87A-4943753BA5AD}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{B33DE628-5FD6-4270-9AA9-3EA820C90A36}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B52EA13A-E829-421E-997B-53AB8948FE87}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B6EB20E3-5AEE-4A02-B375-FBA01691D581}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\kfed.exe |
"{BD45F04F-F5C9-4892-9BE5-32E35217E7A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{D7BCA529-B18C-4852-A5EB-3866E5C7D9B6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D94B929E-572B-4542-81A3-4267DB4EB589}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\kfed.exe |
"{DD1F830D-9F6E-478F-8C77-69CD890A5A92}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{DFC3333D-9E71-4807-9336-F8D30728E9FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{E01B3B1D-804D-4515-8112-1780C577EC73}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F6A7F02F-E041-4AED-BC51-CA4AB9F962CE}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{F7631134-9FB2-4019-8011-1E4F652AC50F}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"TCP Query User{E1213568-E1FE-46E2-B0C2-487FFF0B478A}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{C9A58F3F-F2D5-4C86-8FA2-D2B0047B0AF1}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series" = Canon MX360 series MP Drivers
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"Opera 12.12.1707" = Opera 12.12
"PROSet" = Intel(R) Network Connections Drivers
"TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility
"VLC media player" = VLC media player 2.0.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.12.03.02
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Sicherheits-Assistent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}" = TOSHIBA ConfigFree
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5782EFD2-603D-4AFA-87EF-7CB54044839C}" = Winfunktion Mathematik plus 17
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDFB4DC-E149-4897-B616-4811C718E54F}" = TOSHIBA 180 Degrees Rotation Utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DAEMON Tools Pro" = DAEMON Tools Pro
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"GeoGebra" = GeoGebra
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Steam App 11020" = TrackMania Nations Forever
"Steam App 1250" = Killing Floor
"Steam App 1260" = Killing Floor SDK
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 50620" = Darksiders
"Trojan Remover_is1" = Trojan Remover 6.8.5
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.10.2012 13:05:29 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 23.10.2012 05:05:50 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 23.10.2012 18:00:30 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 24.10.2012 11:54:12 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 25.10.2012 02:41:19 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 26.10.2012 09:41:22 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 26.10.2012 11:17:20 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 28.10.2012 10:14:49 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 29.10.2012 09:41:16 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 30.10.2012 10:17:54 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 03.12.2012 13:27:30 | Computer Name = stmo24.schuladmin.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 03.12.2012 17:27:40 | Computer Name = stmo24.schuladmin.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne SCHULADMIN aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 04.12.2012 08:28:17 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 04.12.2012 08:28:17 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
Error - 04.12.2012 08:28:17 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Touch Pad Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 04.12.2012 08:28:31 | Computer Name = stmo24.schuladmin.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne SCHULADMIN aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 04.12.2012 08:28:40 | Computer Name = stmo24.schuladmin.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 04.12.2012 14:04:56 | Computer Name = stmo24.schuladmin.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne SCHULADMIN aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 04.12.2012 14:04:55 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 04.12.2012 14:04:55 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
< End of report >
|
|
| Themen zu Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden |
| anhang, bilder, datei, dringend, eingabeaufforderung, externe festplatte, fehlermeldung, festplatte, folge, folgendes, google, handy, keine viren, nicht mehr, nichts, ordner, ordner nur verknüpfungen, platte, problem, recycler, recycler kann nicht gefunden werden, schließt, software, verschiedene, viren, wechseldatenträger, wichtige daten, öffnen, öffnet |
Linear-Darstellung
