| |
| |||||||
Log-Analyse und Auswertung: GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.02.2013, 20:12
| #1 |
 |  GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) Sehr geehrtes Trojaner-Board-Team, ich habe mir gestern (03.01.2013 Abends) einen Bundespolizei-Virus eingefangen mit der Aufforderung 100Euro zu überweisen, um der Strafe zu entgehen. Der PC kann normal bis zum Desktop hochgefahren werden. Danach kommt stets eine Anfrage von der Benutzerkonstensteuerung,ob eine Änderung am PC vorgenommen werden soll (Programmname:Registrierungs-Editor; Verifizierter Herausgeber: Microsoft Windows ; Version 3) Nachdem ich auf "Nein" klicke, wiederholt sich die Anfrage nochmals, bis anschließend die GVU-Seite mit "Ihr Computer ist Gesperrt" angezeigt wird. Unten ist die Videoaufnahme auf "An" gestellt, wobei nur eine schwarze Fläche gezeigt wird. Alle abgespeicherten Modus ( normal, Netzbetreiber, Eingabeaufforderung) funktionieren noch. Über den abgespeicherten Modus mit Netzbetreiber habe ich den Avast free durchgeführt, und es stellte sich heraus, dass bereits am 27.01 der PC mit 2 Viren infiziert war, wobei es erst gestern zu einer Sperre kam. Ich habe mich nun auf der Trojaner-Board-Seite über GVU-Viren informiert und würde gerne nach der Anweisung von " An alle Hilfesuchenden" OTL und GMER durchführen, weiß aber nicht, wie man diese Programme runterladen soll, wenn doch die Nutzung des Desktops gesperrt ist?!  Ich bin ein absoluter Laie in solchen Dingen, und wäre unglaublich für eine Hilfestellungen dankbar!! Kann man auch über den abgespeicherten Modus die oben genannten Programme durchführen und die Datein dort auf dem Desktop speichern? Also quasi von diesem Modus den Anweisungen folgen?! Wie soll ich vorgehen? Bitte helft mir weiter, ich bräuchte dringend Hilfe von professionelln Experten!! Vielen Dank im Voraus! Die Daten des Notebooks: Toshiba Satellite Intel Core (inside tM) i7 Windows 7 Mit freundlichen Grüßen und vielen Dank im Vorraus |
|
04.02.2013, 21:40
| #2 |
| /// Malware-holic   | GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) hi
__________________was hat Avast wo gefunden? wenn der abges. Modus mit Netzwerk funktioniert, kannst du doch warscheinlich ins inet. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
05.02.2013, 00:11
| #3 |
| | GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)Code:
ATTFilter OTL logfile created on: 04.02.2013 23:35:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,99% Memory free 7,92 Gb Paging File | 6,65 Gb Available in Paging File | 83,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 578,55 Gb Total Space | 528,72 Gb Free Space | 91,39% Space Free | Partition Type: NTFS Computer Name: ***-TOSH | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (Canon Driver Information Assist Service) -- C:\Program Files\Canon\DIAS\CnxDIAS.exe (CANON INC.) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (GFNEXSrv) -- C:\Windows\SysNative\GFNEXSrv.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.exe () SRV - (GoogleIMEJaCacheService) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe (Google Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (VmbService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (Mobile Connector) DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG) DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV:64bit: - (vodafone_K3805-z_dc_enum) -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone) DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation) DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (toshidpt) -- C:\Windows\SysNative\drivers\Toshidpt.sys (TOSHIBA Corporation.) DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (cmnsusbser) -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys (Mobile Connector) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {740B0868-A6C0-4B10-B45B-F32D26C8490D} IE:64bit: - HKLM\..\SearchScopes\{740B0868-A6C0-4B10-B45B-F32D26C8490D}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {740B0868-A6C0-4B10-B45B-F32D26C8490D} IE - HKLM\..\SearchScopes\{740B0868-A6C0-4B10-B45B-F32D26C8490D}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA; IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tt=4112_7&babsrc=HP_clro&mntrId=5cbcea0c000000000000446d573b874d IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\SearchScopes,bProtectorDefaultScope = {39BA0321-4AF3-4BF0-8466-AC6572797CAB} IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\SearchScopes,DefaultScope = {39BA0321-4AF3-4BF0-8466-AC6572797CAB} IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4112_7&babsrc=SP_clro&mntrId=5cbcea0c000000000000446d573b874d IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\SearchScopes\{39BA0321-4AF3-4BF0-8466-AC6572797CAB}: "URL" = hxxp://search.yahoo.co.jp/search?ei=UTF-8&fr=ie8scint&p={searchTerms} IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\SearchScopes\{740B0868-A6C0-4B10-B45B-F32D26C8490D}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_deDE487 IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\SearchScopes\{C2402E20-1F1A-4884-AB86-C300DB4CCC32}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=cf72f618-ea15-4452-aa7a-10804042e97d&apn_sauid=126290A3-1886-4F96-8659-25F208058CC6 IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2012.06.08 20:36:11 | 000,000,000 | ---D | M] [2012.10.09 13:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://www.claro-search.com/?affID=114508&tt=4112_7&babsrc=HP_clro&mntrId=5cbcea0c000000000000446d573b874d CHR - homepage: hxxp://www.claro-search.com/?affID=114508&tt=4112_7&babsrc=HP_clro&mntrId=5cbcea0c000000000000446d573b874d CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaoiagmlcohkmjodefppbmpjdiocmh\7.15.4.24150_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo\1.20.40_0\crossrider CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo\1.20.40_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocofgjipfjnombjenfaghmlelanfgfpa\1.0.0.20_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD) O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll (215 Apps) O2 - BHO: (Yahoo!ƒc[ƒ‹ƒo[ƒtƒBƒbƒVƒ“ƒOŒx) - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll (Yahoo Japan Corporation. ) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Yahoo!ƒc[ƒ‹ƒo[ƒwƒ‹ƒp[) - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll (Yahoo! JAPAN) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (Yahoo!ツールバー) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll (Yahoo! JAPAN) O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) O4 - HKLM..\Run: [Google Japanese Input Prelauncher] C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe (Google Inc.) O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [ypcsm] C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe (Yahoo! Japan Corporation.) O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-21-308888092-3790624405-3788023300-1000..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe () O4 - HKU\S-1-5-21-308888092-3790624405-3788023300-1000..\Run: [RESTART_STICKY_NOTES] C:\windows\system32\StikyNot.exe File not found O4 - HKU\S-1-5-21-308888092-3790624405-3788023300-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-21-308888092-3790624405-3788023300-1000..\Run: [ypcsm] C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe (Yahoo! Japan Corporation.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76C5286D-28E9-4494-9F44-18C5FFB3DAD1}: DhcpNameServer = 163.139.230.165 163.139.230.164 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB58151C-7B4A-4A9F-AFB2-0EFDDDE51A5D}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261123~1.78\{61d8b~1\brwmngr.dll) - c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1c2be16c-9faa-11e1-a768-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1c2be16c-9faa-11e1-a768-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE O33 - MountPoints2\{1c2be16c-9faa-11e1-a768-806e6f6e6963}\Shell\configure\command - "" = D:\SETUP.EXE O33 - MountPoints2\{1c2be16c-9faa-11e1-a768-806e6f6e6963}\Shell\install\command - "" = D:\SETUP.EXE O33 - MountPoints2\{1d007277-47cd-11e2-af30-e840f2f25060}\Shell - "" = AutoRun O33 - MountPoints2\{1d007277-47cd-11e2-af30-e840f2f25060}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{9bbb5eef-b219-11e1-a4cc-e840f2f25060}\Shell - "" = AutoRun O33 - MountPoints2\{9bbb5eef-b219-11e1-a4cc-e840f2f25060}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9bbb5ef1-b219-11e1-a4cc-e840f2f25060}\Shell - "" = AutoRun O33 - MountPoints2\{9bbb5ef1-b219-11e1-a4cc-e840f2f25060}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{edb32916-b232-11e1-ba44-e840f2f25060}\Shell - "" = AutoRun O33 - MountPoints2\{edb32916-b232-11e1-ba44-e840f2f25060}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f45014f9-b1a3-11e1-a655-e840f2f25060}\Shell - "" = AutoRun O33 - MountPoints2\{f45014f9-b1a3-11e1-a655-e840f2f25060}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f45014fb-b1a3-11e1-a655-e840f2f25060}\Shell - "" = AutoRun O33 - MountPoints2\{f45014fb-b1a3-11e1-a655-e840f2f25060}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2013.02.04 23:08:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.02.03 19:43:27 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Users\Celine\wgsdgsdgdsgsd.exe [2013.01.31 11:11:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Päsentation [2013.01.29 22:03:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.27 21:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.01.27 21:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.01.27 21:29:12 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.01.24 23:03:13 | 000,000,000 | ---D | C] -- C:\Users\***\.rainlendar2 [2013.01.24 23:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2 [2013.01.24 23:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rainlendar2 [2013.01.24 22:54:50 | 000,379,072 | ---- | C] (Softonic) -- C:\Users\***\Desktop\SoftonicDownloader_fuer_rainlendar.exe [2013.01.18 22:27:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Job [2013.01.13 11:38:28 | 059,584,351 | ---- | C] (Acresso Software Inc. ) -- C:\Users\***\Desktop\POWERPREPIIV2_0.exe [2013.01.11 16:36:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Blackbery [2013.01.07 11:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.07 11:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.07 11:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.01.07 11:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.07 11:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.04 23:31:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.02.04 23:31:08 | 3189,612,544 | -HS- | M] () -- C:\hiberfil.sys [2013.02.04 23:08:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.02.04 23:01:39 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.02.04 19:49:05 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.04 19:47:59 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.02.04 19:39:47 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 19:39:47 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 19:31:46 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.04 19:31:24 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.02.04 16:19:09 | 001,529,424 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013.02.04 16:19:09 | 000,658,392 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.02.04 16:19:09 | 000,619,628 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.02.04 16:19:09 | 000,131,474 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.02.04 16:19:09 | 000,107,690 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.02.03 19:43:36 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.02.03 19:43:36 | 000,000,067 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.02.03 19:43:31 | 000,001,058 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.02.03 18:52:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.02.02 17:47:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.01.31 20:12:40 | 001,500,254 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.01.31 19:56:03 | 001,051,787 | ---- | M] () -- C:\Users\***\Desktop\Richtige Präsentation für SPS - Kopie.pdf [2013.01.31 15:09:43 | 001,066,735 | ---- | M] () -- C:\Users\***\Desktop\Präsentation Export-Unternehmenserfolg.pdf [2013.01.29 19:56:32 | 001,202,865 | ---- | M] () -- C:\Users\***\Desktop\pdf neu.pdf [2013.01.29 19:52:28 | 001,188,853 | ---- | M] () -- C:\Users\***\Desktop\Präsentation 2010 PDF111.pdf [2013.01.27 22:22:15 | 000,419,968 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.01.26 16:22:54 | 000,108,537 | ---- | M] () -- C:\Users\***\Desktop\Bernard & Jensen 1999.pdf [2013.01.24 23:02:43 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Rainlendar2.lnk [2013.01.24 23:01:49 | 014,666,324 | ---- | M] () -- C:\Users\***\Desktop\Rainlendar-Lite-2-11-32bit.exe [2013.01.24 22:54:57 | 000,379,072 | ---- | M] (Softonic) -- C:\Users\***\Desktop\SoftonicDownloader_fuer_rainlendar.exe [2013.01.24 14:48:19 | 000,444,215 | ---- | M] () -- C:\Users\***\Desktop\10.1.1.153.5363.pdf [2013.01.23 20:01:23 | 000,324,401 | ---- | M] () -- C:\Users\***\Desktop\Einfluss von Export auf die Investitionen eines Unternehmens.pdf [2013.01.23 19:59:48 | 000,490,055 | ---- | M] () -- C:\Users\***\Desktop\Selbstselektion und Lerneffekte bei Exporteuren.pdf [2013.01.23 19:58:40 | 000,558,314 | ---- | M] () -- C:\Users\***\Desktop\Selbstselektion produktiver Firmen in Exportmärkte.pdf [2013.01.23 19:56:24 | 000,791,708 | ---- | M] () -- C:\Users\***\Desktop\Die Wahl zwischen Export und Direktinvestition.pdf [2013.01.23 19:54:56 | 000,275,098 | ---- | M] () -- C:\Users\***\Desktop\Export und Produktivität in einer empirischen Studie.pdf [2013.01.23 19:53:36 | 000,340,319 | ---- | M] () -- C:\Users\***\Desktop\Ein Gravitätsmodell mit heterogenen Firmen.pdf [2013.01.23 19:52:30 | 000,141,448 | ---- | M] () -- C:\Users\***\Desktop\Der Einfluss von Handelsliberalisierung auf die Technologiewahl Vinzent.pdf [2013.01.14 20:49:59 | 001,336,320 | ---- | M] () -- C:\Users\***\Desktop\VW-Consulting_Chart-Bibliothek_März_2004.lnk [2013.01.13 11:38:53 | 059,584,351 | ---- | M] (Acresso Software Inc. ) -- C:\Users\***\Desktop\POWERPREPIIV2_0.exe [2013.01.07 16:30:30 | 000,186,589 | ---- | M] () -- C:\Users\***\Desktop\SPS- ***_***.pdf [2013.01.07 15:18:08 | 000,402,218 | ---- | M] () -- C:\Users\***\Desktop\SPS- Oleg.pdf [2013.01.07 11:22:18 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.06 19:43:38 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.03 19:43:36 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.02.03 19:43:36 | 000,000,067 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.02.03 19:43:31 | 000,001,058 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.02.03 19:43:29 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.31 19:56:00 | 001,051,787 | ---- | C] () -- C:\Users\***\Desktop\Richtige Präsentation für SPS - Kopie.pdf [2013.01.31 15:09:40 | 001,066,735 | ---- | C] () -- C:\Users\***\Desktop\Präsentation Export-Unternehmenserfolg.pdf [2013.01.29 19:56:28 | 001,202,865 | ---- | C] () -- C:\Users\***\Desktop\pdf neu.pdf [2013.01.29 19:52:23 | 001,188,853 | ---- | C] () -- C:\Users\***\Desktop\Präsentation 2010 PDF111.pdf [2013.01.26 16:22:54 | 000,108,537 | ---- | C] () -- C:\Users\***\Desktop\Bernard & Jensen 1999.pdf [2013.01.24 23:02:43 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Rainlendar2.lnk [2013.01.24 23:01:37 | 014,666,324 | ---- | C] () -- C:\Users\Celine\Desktop\Rainlendar-Lite-2-11-32bit.exe [2013.01.24 14:48:19 | 000,444,215 | ---- | C] () -- C:\Users\Celine\Desktop\10.1.1.153.5363.pdf [2013.01.23 20:01:23 | 000,324,401 | ---- | C] () -- C:\Users\Celine\Desktop\Einfluss von Export auf die Investitionen eines Unternehmens.pdf [2013.01.23 19:59:48 | 000,490,055 | ---- | C] () -- C:\Users\***\Desktop\Selbstselektion und Lerneffekte bei Exporteuren.pdf [2013.01.23 19:58:40 | 000,558,314 | ---- | C] () -- C:\Users\***\Desktop\Selbstselektion produktiver Firmen in Exportmärkte.pdf [2013.01.23 19:56:24 | 000,791,708 | ---- | C] () -- C:\Users\***\Desktop\Die Wahl zwischen Export und Direktinvestition.pdf [2013.01.23 19:54:56 | 000,275,098 | ---- | C] () -- C:\Users\***\Desktop\Export und Produktivität in einer empirischen Studie.pdf [2013.01.23 19:53:36 | 000,340,319 | ---- | C] () -- C:\Users\***\Desktop\Ein Gravitätsmodell mit heterogenen Firmen.pdf [2013.01.23 19:52:29 | 000,141,448 | ---- | C] () -- C:\Users\***\Desktop\Der Einfluss von Handelsliberalisierung auf die Technologiewahl Vinzent.pdf [2013.01.14 20:49:56 | 001,336,320 | ---- | C] () -- C:\Users\***\Desktop\VW-Consulting_Chart-Bibliothek_März_2004.lnk [2013.01.07 16:30:29 | 000,186,589 | ---- | C] () -- C:\Users\***\Desktop\SPS- Nishimoto_Celine.pdf [2013.01.07 15:18:07 | 000,402,218 | ---- | C] () -- C:\Users\***\Desktop\SPS- Oleg.pdf [2013.01.07 11:22:18 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.06 19:43:38 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.12.13 10:15:31 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat [2012.12.02 22:49:44 | 000,000,000 | ---- | C] () -- C:\ProgramData\4h6d0L8T5.dat [2012.12.02 22:49:30 | 000,000,001 | ---- | C] () -- C:\ProgramData\8bO3W7RR.exe_.b [2012.12.02 22:49:30 | 000,000,001 | ---- | C] () -- C:\ProgramData\8bO3W7RR.exe.b [2012.11.18 11:25:55 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\pool.bin [2012.06.08 20:41:17 | 001,529,424 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.05.16 23:59:04 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll [2012.05.16 23:47:02 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012.05.16 23:44:44 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2012.05.16 23:44:44 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2012.05.16 23:44:44 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2012.02.03 06:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll [2012.01.20 12:49:58 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll [2012.01.20 12:49:48 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll [2011.04.18 14:39:56 | 000,226,364 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.09 13:26:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2012.11.18 12:20:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blackberry Desktop [2012.10.30 23:12:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CravingExplorer [2012.07.19 10:28:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2012.11.18 12:20:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion [2013.01.28 00:18:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2012.06.06 20:03:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba [2012.06.16 17:34:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TOSHIBA Online Product Information [2012.06.08 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.06.08 20:57:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone [2012.06.09 14:33:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone Mobile Broadband [2012.06.06 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch [2012.12.28 20:56:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2012.12.18 09:28:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XSManager ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.08.11 15:08:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.07.11 20:38:56 | 000,000,000 | ---D | M] -- C:\88808a8fa0851d0aa7 [2012.02.18 05:31:51 | 000,000,000 | -HSD | M] -- C:\Boot [2012.08.15 13:49:38 | 000,000,000 | ---D | M] -- C:\c3f75d9bd8c7caf3d14fa560 [2013.01.30 09:26:24 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.05.16 23:41:32 | 000,000,000 | ---D | M] -- C:\Intel [2013.01.27 21:29:12 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013.01.07 11:21:49 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.27 21:30:23 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.02.04 13:08:57 | 000,000,000 | -H-D | M] -- C:\ProgramData [2013.02.04 19:36:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.06.06 20:05:40 | 000,000,000 | ---D | M] -- C:\Toshiba [2012.06.06 19:57:58 | 000,000,000 | R--D | M] -- C:\Users [2013.02.04 14:24:54 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT [2012.02.17 06:19:35 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job [2012.02.17 06:25:05 | 000,001,120 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.02.17 06:25:06 | 000,001,124 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.05.16 23:42:33 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2012.05.16 23:42:34 | 000,000,828 | ---- | C] () -- C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011.11.30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\windows\SysNative\drivers\iaStor.sys [2011.11.30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_9c981fcb416c038e\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.06.06 19:59:35 | 000,000,000 | ---- | M] () -- C:\Users\***\agent.log [2013.02.04 23:43:53 | 018,612,224 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2013.02.04 23:43:53 | 000,262,144 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG1 [2012.06.06 19:57:58 | 000,000,000 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG2 [2012.06.06 20:04:10 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.06.06 20:04:10 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.06.06 20:04:10 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.11.13 01:29:24 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{798be97c-2ca5-11e2-b566-e840f2f25060}.TM.blf [2012.11.13 01:29:24 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{798be97c-2ca5-11e2-b566-e840f2f25060}.TMContainer00000000000000000001.regtrans-ms [2012.11.13 01:29:24 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{798be97c-2ca5-11e2-b566-e840f2f25060}.TMContainer00000000000000000002.regtrans-ms [2012.06.06 19:57:59 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini [2013.02.03 19:43:27 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Users\Celine\wgsdgsdgdsgsd.exe < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Files - Unicode (All) ========== [2012.11.06 23:19:43 | 000,017,643 | ---- | M] ()(C:\Users\***\Desktop\?????.xlsx) -- C:\Users\***\Desktop\独和、和独.xlsx [2012.10.30 20:41:21 | 000,000,165 | -H-- | M] ()(C:\Users\***\Desktop\~$?????.xlsx) -- C:\Users\***\Desktop\~$独和、和独.xlsx [2012.10.30 20:41:21 | 000,000,165 | -H-- | C] ()(C:\Users\***\Desktop\~$?????.xlsx) -- C:\Users\***\Desktop\~$独和、和独.xlsx [2012.10.15 16:46:29 | 000,017,643 | ---- | C] ()(C:\Users\***\Desktop\?????.xlsx) -- C:\Users\***\Desktop\独和、和独.xlsx [2012.10.02 00:54:18 | 000,000,162 | -H-- | M] ()(C:\Users\***\Desktop\~$? BMW new.docx) -- C:\Users\***\Desktop\~$書 BMW new.docx [2012.10.02 00:54:18 | 000,000,162 | -H-- | C] ()(C:\Users\***\Desktop\~$? BMW new.docx) -- C:\Users\***\Desktop\~$書 BMW new.docx [2012.10.01 13:37:14 | 000,000,162 | -H-- | M] ()(C:\Users\***\Desktop\~$? allgemein.docx) -- C:\Users\***\Desktop\~$書 allgemein.docx [2012.10.01 13:37:14 | 000,000,162 | -H-- | C] ()(C:\Users\***\Desktop\~$? allgemein.docx) -- C:\Users\***\Desktop\~$書 allgemein.docx [2012.10.01 13:33:40 | 000,000,162 | -H-- | M] ()(C:\Users\***\Desktop\~$? Mercedes.docx) -- C:\Users\***\Desktop\~$書 Mercedes.docx [2012.10.01 13:33:40 | 000,000,162 | -H-- | C] ()(C:\Users\***\Desktop\~$? Mercedes.docx) -- C:\Users\***\Desktop\~$書 Mercedes.docx < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.02.2013 23:35:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,96 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,99% Memory free
7,92 Gb Paging File | 6,65 Gb Available in Paging File | 83,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578,55 Gb Total Space | 528,72 Gb Free Space | 91,39% Space Free | Partition Type: NTFS
Computer Name: ***-TOSH | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{132D8FDD-E17D-45E4-9200-4ECBD52DC1CE}" = lport=445 | protocol=6 | dir=in | app=system |
"{175000D7-190E-4176-809A-BB803FAA22D7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A393EF0-B3A6-46C9-90FC-6BF38D4DBE2C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E163DF8-717D-4EC9-8152-6F9CC0DED55E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{517275DD-E562-46F1-A24F-6C2B6AC975A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{55D1CEB4-A9D9-4DF7-92A5-9237CE1EC778}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5EDAD419-F1F8-4615-869F-0212D8A5FC5E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{64EC7970-4890-4251-95CA-ED5A24410469}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{66F7C350-9836-4AD6-B883-517062BBDA81}" = lport=10243 | protocol=6 | dir=in | app=system |
"{722F9DF7-4DBF-42F9-B3A6-BCDDE179FA19}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7475FA73-6FDE-406F-9F8F-8611482499B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75BB0895-F295-4ED1-A6D3-DEED71CCD63F}" = lport=137 | protocol=17 | dir=in | app=system |
"{8174EF59-DEEA-4AC6-9AAB-16655ADAA262}" = rport=138 | protocol=17 | dir=out | app=system |
"{85337ED2-708C-4D3F-8CE5-0D1BD8450D9A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A091FBDE-04D7-4EBB-BEB4-1C8B8C9C5B2B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1F89917-4660-416F-8A8B-5DF133D4D6B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A808C4D6-2BFB-4035-ACC7-EEFD66FF947A}" = rport=445 | protocol=6 | dir=out | app=system |
"{B57409ED-3F18-4FAA-BB30-CFC800FCA069}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA1E2D73-26B3-43EF-A803-5E0312A37872}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC79441C-4D78-4AE6-958A-81B3967DFE24}" = lport=138 | protocol=17 | dir=in | app=system |
"{C02245FA-8F0C-4D70-B44B-50F889FDC504}" = lport=139 | protocol=6 | dir=in | app=system |
"{C4544947-9D57-4680-B1D1-1E48B66A11DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E3707B2E-A40A-4E62-B1A5-F305381F38AF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F869D9BC-F9B8-492E-B01D-94AB491D5755}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B0336F-D17E-4639-9875-D7EB0BE5A903}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{029E5A9E-226F-4B26-AD55-A480DF6F8D03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F2C8AFE-F75B-405A-9EC0-ADE4D7C3BE85}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22CABF82-FFB2-4835-B862-C525096E683B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2A9FBF24-15C3-4F4B-92B4-50806F7BF99B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D7DCF65-0A72-4130-A79A-275B724F32D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40400D6A-7BD8-451A-96A2-91081A8D9AC4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4B6B2EA2-CD00-4EDD-9F4B-EBC6A098B7D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50CFDBD7-2C58-48A3-A3FA-176912485FB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51CC8CD5-07CD-48BD-B6BE-47421A78FF45}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{59305EEE-65CC-4CFB-81B9-C2F9AE7B8BA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61391C50-1D82-4A19-A43F-A74D2B2AF14A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{707DFD48-782D-4E95-8B76-A33C29001685}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{833902E9-BD60-4F22-9CBF-1BF134F219F9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{84DA7347-42D8-4AF7-875D-4F09947F0019}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{861E2617-BA82-453D-9661-BE4891138BAA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F87B29C-C265-4785-8419-4043F671D0D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9618DE06-F9CB-4210-B7C3-C0BF0A7CC9F5}" = dir=in | app=c:\program files\canon\dias\cnxdias.exe |
"{9AF982AC-D603-462E-8DDB-BAB9B251C862}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9D2BD177-73C4-43E8-A3E4-D063FCA9892F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A51C4716-4888-490D-B8F2-5F36149B8D6E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AEDC1CE2-FA94-4963-B025-2CBD236932A6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BA002473-4B35-4519-99B0-14773CBE6DC8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C29069C2-A781-4DC8-91F3-61C1F58801E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4CE5609-746D-4B3A-8765-C8F5F0B37ACA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA7F682E-F4FA-4720-9567-0EBD6A8679AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CFF96F9F-4D81-4CD4-B342-9DEC32B106FA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D087CF59-D086-4CDB-91C1-A5EF911DD9AF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D6D69E29-A54D-4640-9E4E-7BB87B940E1C}" = protocol=6 | dir=out | app=system |
"{E010FAB8-1CA3-48EA-8B69-BE1A84DD2C4F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F45136F1-8426-4E3C-A7CB-5206981A225F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F55FB281-E7C4-48B0-9EF9-94558C2A81FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F5A2FE6E-2F5D-4E6C-A844-F0768B6341EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F68EF781-4DAB-4F5C-BEA7-B1D09129779D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1880437E-3C19-4EA4-9200-0B3A47865E91}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{2C486987-D447-4E36-8D61-86E48E24199C}" = TOSHIBA eco Utility
"{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}" = Premium Sound HD
"{3BF2C0A8-2C44-4A36-AA96-3BD6FB7BB01F}" = Windows Live Remote Client Resources
"{4BC12C41-9B5B-AEF9-0A63-EE2AA19FBFB8}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54C5B89F-0A8C-4C07-A51D-7380974DA459}" = Windows Live Remote Service Resources
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D05D75EB-D15B-40EC-9356-B06C83E0D2A8}" = Google 日本語入力
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F856881A-D370-B1A7-2AFF-128F4AA93558}" = AMD Catalyst Install Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019EF473-6D0A-415C-9A2E-1AF5F66AC60F}" = Windows Live Messenger
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AB6726B-2C04-75E6-D30A-AA8C0E26E46A}" = CCC Help Japanese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E0CA282-7F32-4B0D-B427-78B9A3CBC42F}" = Messenger Companion
"{10AB1F40-BDEC-4A8D-B427-30F9429378B0}" = Windows Live Movie Maker
"{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{15D95497-8F76-41E5-8894-EDDB59E39BD9}" = Windows Live メール
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B341C66-33EB-BAF0-6138-38AD1A502527}" = Catalyst Control Center
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D74451F-B220-E2E4-7FCD-520AA66F1A85}" = CCC Help Russian
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FAB6902-546D-9060-D0C8-4B502160AA06}" = CCC Help English
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{216DF734-6004-42C7-AFC9-A81DFD344BA8}" = Nero BurnRights 11
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C14B193-A623-7DAA-9660-BB1EBF870D6B}" = Catalyst Control Center InstallProxy
"{2CC1453B-3385-F6FF-735F-F3BA36758715}" = CCC Help Swedish
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{3253D3E5-C08E-E22B-BA99-DE88F520CBB3}" = CCC Help Korean
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D516940-6675-41C1-E3DA-E3D358A7C207}" = CCC Help Italian
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2122D0-66F7-4A53-96FC-079C900B1CAF}" = Nero BurnRights 11 Help (CHM)
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52B05867-9440-98ED-617B-6C05ACD1E457}" = Catalyst Control Center Graphics Previews Common
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{571F7B9B-96B8-E1B8-E198-0458BF5F80C4}" = CCC Help Hungarian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{675D8E1E-2388-4718-902C-E5FC4888AC0E}" = Windows Live Essentials
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{6C3F8916-D6A5-4A31-9DA8-80C973CE437F}" = Windows Live Writer
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7134EF35-DA07-41F8-A71F-66709E194BB5}" = Windows Live Mesh
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7540EB6A-FE9B-4EE2-37D9-A88DC87AA9E6}" = CCC Help Turkish
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B69C60A-A148-4572-978C-729029390651}" = Catalyst Control Center - Branding
"{7D263751-40FB-D719-9F42-B62B67553D6F}" = CCC Help Chinese Traditional
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{82EE309C-B63C-1AAA-79AB-8A5E5986B687}" = CCC Help Norwegian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88A686A9-D687-4295-B633-50D8A4B88371}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A66A2C8-0032-4949-8D99-C293A3EACF79}" = Windows Live Photo Common
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D59BE38-3A4F-4525-AD0D-8980E9E31EFA}" = Windows Live フォト ギャラリー
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931991F4-99D4-95A6-1235-EAA599884AC6}" = CCC Help Danish
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{990B884F-569C-5078-DD76-8BE91A569291}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E77F8EF-588E-D11B-697F-5514B97779DF}" = CCC Help Greek
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB34574F-AC24-AAB7-066E-680256DD91E9}" = Catalyst Control Center Localization All
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B740C369-EA8D-2FDB-4265-CB70DD08095D}" = CCC Help Spanish
"{B9818C90-560C-8DC7-E254-38323B9A41EA}" = CCC Help Polish
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BAF0CA91-4642-46C8-9BCD-C93B61508701}" = リモート接続用の Windows Live Mesh ActiveX コントロール (日本語)
"{BD37CF23-3458-BFD1-7583-F8FFC37561F2}" = CCC Help Czech
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF34B28A-4D50-439A-6B6B-13EA41235E43}" = CCC Help German
"{C2471823-76DB-B529-F037-8D02CAC5DE5E}" = CCC Help Dutch
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAE76FE1-BD65-3251-1B6F-6B519A661A1F}" = CCC Help Finnish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7809829-3AC8-FBFA-2001-0D9BEBE51386}" = CCC Help Portuguese
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE408577-9C0E-4E5F-BCB2-DB5B3A220958}" = Windows Live UX Platform Language Pack
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F79997CC-F030-93C6-7882-92DC241D7C07}" = CCC Help Thai
"{F8635CF8-B797-4EFD-80BC-DE2D26C65D4F}" = Nero 11 Essentials
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE3E16F2-D838-7B5F-A31E-2D55757D18E7}" = CCC Help French
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF575D7D-2A0D-4041-B931-57CF8CCD80D5}" = Network ScanGear Ver.2.30
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"claro" = Claro LTD toolbar
"CravingExplorer_is1" = Craving Explorer Version 1.5.0
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{FF575D7D-2A0D-4041-B931-57CF8CCD80D5}" = Network ScanGear Ver.2.30
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Rainlendar2" = Rainlendar2 (remove only)
"Savings Sidekick" = Savings Sidekick
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-00d73ebb-c8c8-4254-83e0-0de071796b2e" = Virtual Villagers 4 - The Tree of Life
"WTA-0c70e73c-5b2a-46ca-83d1-9d0fcbebe2b4" = Jewel Quest Solitaire 2
"WTA-11ad25d2-ff7c-4517-ac1d-cd27760d9962" = Polar Bowler
"WTA-25c3c5d2-bd34-4047-9732-8ba44b8964f3" = Agatha Christie - Death on the Nile
"WTA-2cc1d9e8-e2a6-4e99-89c1-f5cf93919f65" = Bejeweled 3
"WTA-77d40a0d-33fa-4060-84e7-af2635f53912" = Plants vs. Zombies - Game of the Year
"WTA-9b96727d-8453-48cd-b1a0-58969aa39072" = Insaniquarium Deluxe
"WTA-b29535d2-08f8-4978-ab14-3b9695f2fe64" = Mystery P.I. - The London Caper
"WTA-c20ea4b3-de9e-4277-a9b3-3eda2b97ca95" = Cake Mania
"WTA-dd6f9e60-af90-414e-a54e-694bc352175d" = Chuzzle Deluxe
"WTA-f0c0d12f-1850-41d9-b691-3370111a87fa" = Aloha TriPeaks
"XSManager" = XSManager
"Yahoo!Jƒc[ƒ‹ƒo[" = Yahoo!ƒc[ƒ‹ƒo[
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-308888092-3790624405-3788023300-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Foxit PDF Creator Toolbar Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.12.2012 07:09:47 | Computer Name = ***-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 15.12.2012 07:09:47 | Computer Name = ***-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 15.12.2012 08:02:09 | Computer Name = ***-TOSH | Source = WinMgmt | ID = 10
Description =
Error - 15.12.2012 08:02:45 | Computer Name = ***-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a1c7 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
Zeitstempel: 0x4e587ee8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000c9ab
ID
des fehlerhaften Prozesses: 0x5b8 Startzeit der fehlerhaften Anwendung: 0x01cddabbc7f20d4c
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe Pfad des
fehlerhaften Moduls: C:\windows\system32\OLEAUT32.dll Berichtskennung: 558044b3-46af-11e2-9131-e840f2f25060
Error - 15.12.2012 11:16:57 | Computer Name = ***-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 15.12.2012 11:16:58 | Computer Name = ***-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 15.12.2012 11:25:58 | Computer Name = ***-TOSH | Source = WinMgmt | ID = 10
Description =
Error - 15.12.2012 11:27:00 | Computer Name = ***-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a1c7 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
Zeitstempel: 0x4e587ee8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000c9ab
ID
des fehlerhaften Prozesses: 0xc44 Startzeit der fehlerhaften Anwendung: 0x01cddad867cec289
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe Pfad des
fehlerhaften Moduls: C:\windows\system32\OLEAUT32.dll Berichtskennung: de505409-46cb-11e2-a728-e840f2f25060
Error - 15.12.2012 11:52:05 | Computer Name = ***-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 15.12.2012 11:52:05 | Computer Name = ***-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
[ Media Center Events ]
Error - 28.08.2012 01:03:42 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 07:03:42 - Fehler beim Herstellen der Internetverbindung. 07:03:42
- Serververbindung konnte nicht hergestellt werden..
Error - 28.08.2012 01:03:47 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 07:03:47 - Fehler beim Herstellen der Internetverbindung. 07:03:47
- Serververbindung konnte nicht hergestellt werden..
Error - 29.09.2012 01:40:08 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 07:40:08 - Fehler beim Herstellen der Internetverbindung. 07:40:08
- Serververbindung konnte nicht hergestellt werden..
Error - 29.09.2012 01:40:18 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 07:40:13 - Fehler beim Herstellen der Internetverbindung. 07:40:13
- Serververbindung konnte nicht hergestellt werden..
Error - 29.09.2012 03:00:56 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 09:00:56 - Fehler beim Herstellen der Internetverbindung. 09:00:56
- Serververbindung konnte nicht hergestellt werden..
Error - 29.09.2012 03:01:07 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 09:01:01 - Fehler beim Herstellen der Internetverbindung. 09:01:01
- Serververbindung konnte nicht hergestellt werden..
Error - 01.10.2012 10:43:12 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 16:43:12 - Fehler beim Herstellen der Internetverbindung. 16:43:12
- Serververbindung konnte nicht hergestellt werden..
Error - 01.10.2012 10:43:22 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 16:43:17 - Fehler beim Herstellen der Internetverbindung. 16:43:17
- Serververbindung konnte nicht hergestellt werden..
Error - 02.10.2012 07:28:32 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 13:28:32 - Fehler beim Herstellen der Internetverbindung. 13:28:32
- Serververbindung konnte nicht hergestellt werden..
Error - 02.10.2012 07:28:44 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 13:28:38 - Fehler beim Herstellen der Internetverbindung. 13:28:38
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 04.02.2013 18:38:32 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.02.2013 18:39:46 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.02.2013 18:39:46 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.02.2013 18:39:46 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.02.2013 18:40:38 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.02.2013 18:40:38 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.02.2013 18:40:38 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.02.2013 18:44:48 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.02.2013 18:44:48 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.02.2013 18:44:48 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
vielen vielen Dank für deine schnelle Antwort, dachte es kommt jetzt eine quälende Watezeit auf mich zu! Habe oben die OTL.txt und Extra.txt laufen lassen. Wie du geschrieben hast, funktioniert Internnet auf dem Abgespeicherten Modus mit Netzwerk. Komischerweise gingen ein paar Word-Dokumente kaputt, was vorhin vor dem quick-scan noch nicht der Fall war. Es kann daran liegen, dass ich den Scan-Vorgang unterbrochen habe, da ich dachte, dass die Häkchen falsch gesetzt waren. Sonst scheint es in Ordnung zu sein. Bei Avast steht unter Status : Bedrohung JS:Blacole-DO[Expl], ,sagt dir das was? Vielen Dank für die Unterstützung nochmal, es beruhigt zu wissen, dass es weitergeht! |
|
05.02.2013, 16:57
| #4 |
| /// Malware-holic | GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) otl fix Fixen mit OTL
Code:
ATTFilter :OTL
[2013.02.03 19:43:36 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.02.03 19:43:36 | 000,000,067 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.02.03 19:43:31 | 000,001,058 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.02.03 19:43:29 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
:files
:Commands
[emptytemp]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.02.2013, 18:57
| #5 |
| | GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) Hallo Markus, ich hab deine Anweisungen ausgeführt und wollte den Text aus OTL von dem gesperrten PC aus hier reinkopieren. Anscheinend wurde die Internetverbindung gekappt, Lautstärke und Wartungscenter etc-- können nicht mehr ausgeführt werden. Was soll ich jetzt tun? Kann ich die Datei über einen USB-stick auf einen gesunden PC rüberladen (also von diesem pc) und von dort kopieren? oder kann der Virus übertragen werden?? |
|
05.02.2013, 18:59
| #6 |
| /// Malware-holic | GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) evtl. noch mal n neustart machen, falls das nicht geht, abgesicherter modus mit Netzwerk testen, geht bei neustart meist über f8.
__________________ --> GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) |
|
05.02.2013, 19:06
| #7 |
| | GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) Über das LAN-Kabel ging es doch noch, kann man die anderen nicht funktionierenden Sachen erst ignorieren?( merkwürdigerweise hat sich die Tastatur auch bei manchen Zeichen verschoben...) Code:
ATTFilter All processes killed
========== OTL ==========
File C:\ProgramData\dsgsdgdsgdsgw.reg not found.
File C:\ProgramData\dsgsdgdsgdsgw.bat not found.
C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
File C:\ProgramData\dsgsdgdsgdsgw.pad not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Celine
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1048388695 bytes
->Java cache emptied: 2386974 bytes
->Google Chrome cache emptied: 29631955 bytes
->Flash cache emptied: 61716 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 362183512 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 115281032 bytes
RecycleBin emptied: 10589222 bytes
Total Files Cleaned = 1.496,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02052013_182633
|
|
05.02.2013, 19:33
| #8 |
| /// Malware-holic | GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) was heißt bei manchen Zeichen, bin kein Hellseher und benötige schon infos. wir bekommen den Rest dann schon noch hin. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.02.2013, 20:00
| #9 |
| | GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) hier ist der log, musste bei 3files skippen.Das Problem mit der Tastatur scheint sich geklärt haben, kann sie wie zuvor normal benutzen. Sry für die Verwirrung, vllt irgendwo dumm hingekommen  danke nochmal für die Hilfe!Code:
ATTFilter 19:52:55.0583 2796 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:52:55.0755 2796 ============================================================
19:52:55.0755 2796 Current date / time: 2013/02/05 19:52:55.0755
19:52:55.0755 2796 SystemInfo:
19:52:55.0755 2796
19:52:55.0755 2796 OS Version: 6.1.7601 ServicePack: 1.0
19:52:55.0755 2796 Product type: Workstation
19:52:55.0755 2796 ComputerName: CELINE-TOSH
19:52:55.0755 2796 UserName: Celine
19:52:55.0755 2796 Windows directory: C:\windows
19:52:55.0755 2796 System windows directory: C:\windows
19:52:55.0755 2796 Running under WOW64
19:52:55.0755 2796 Processor architecture: Intel x64
19:52:55.0755 2796 Number of processors: 8
19:52:55.0755 2796 Page size: 0x1000
19:52:55.0755 2796 Boot type: Safe boot with network
19:52:55.0755 2796 ============================================================
19:52:56.0192 2796 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:52:56.0192 2796 ============================================================
19:52:56.0192 2796 \Device\Harddisk0\DR0:
19:52:56.0192 2796 MBR partitions:
19:52:56.0192 2796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48517800
19:52:56.0192 2796 ============================================================
19:52:56.0239 2796 C: <-> \Device\Harddisk0\DR0\Partition1
19:52:56.0239 2796 ============================================================
19:52:56.0239 2796 Initialize success
19:52:56.0239 2796 ============================================================
19:54:26.0687 1020 ============================================================
19:54:26.0687 1020 Scan started
19:54:26.0687 1020 Mode: Manual; SigCheck; TDLFS;
19:54:26.0687 1020 ============================================================
19:54:26.0859 1020 ================ Scan system memory ========================
19:54:26.0859 1020 System memory - ok
19:54:26.0875 1020 ================ Scan services =============================
19:54:27.0046 1020 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:54:27.0140 1020 1394ohci - ok
19:54:27.0155 1020 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:54:27.0171 1020 ACPI - ok
19:54:27.0218 1020 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:54:27.0249 1020 AcpiPmi - ok
19:54:27.0343 1020 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:54:27.0343 1020 AdobeARMservice - ok
19:54:27.0452 1020 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:54:27.0467 1020 AdobeFlashPlayerUpdateSvc - ok
19:54:27.0499 1020 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
19:54:27.0514 1020 adp94xx - ok
19:54:27.0577 1020 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
19:54:27.0592 1020 adpahci - ok
19:54:27.0608 1020 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
19:54:27.0608 1020 adpu320 - ok
19:54:27.0655 1020 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:54:27.0764 1020 AeLookupSvc - ok
19:54:27.0811 1020 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
19:54:27.0857 1020 AFD - ok
19:54:27.0889 1020 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
19:54:27.0904 1020 agp440 - ok
19:54:27.0920 1020 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:54:27.0982 1020 ALG - ok
19:54:28.0013 1020 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
19:54:28.0029 1020 aliide - ok
19:54:28.0060 1020 [ 2437C0697BA89FC5FCF2ADE491BDC2B3 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
19:54:28.0107 1020 AMD External Events Utility - ok
19:54:28.0138 1020 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
19:54:28.0138 1020 amdide - ok
19:54:28.0169 1020 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
19:54:28.0201 1020 AmdK8 - ok
19:54:28.0403 1020 [ 184F11D8B76FACFE16390C4C47D32B5D ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
19:54:28.0653 1020 amdkmdag - ok
19:54:28.0684 1020 [ 54BC6F0E471033D8B22FB5E5BEA343EE ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
19:54:28.0715 1020 amdkmdap - ok
19:54:28.0715 1020 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
19:54:28.0747 1020 AmdPPM - ok
19:54:28.0793 1020 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:54:28.0793 1020 amdsata - ok
19:54:28.0809 1020 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
19:54:28.0825 1020 amdsbs - ok
19:54:28.0840 1020 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:54:28.0840 1020 amdxata - ok
19:54:28.0887 1020 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
19:54:29.0059 1020 AppID - ok
19:54:29.0074 1020 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:54:29.0121 1020 AppIDSvc - ok
19:54:29.0152 1020 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
19:54:29.0183 1020 Appinfo - ok
19:54:29.0230 1020 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:54:29.0246 1020 Apple Mobile Device - ok
19:54:29.0277 1020 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
19:54:29.0293 1020 arc - ok
19:54:29.0293 1020 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
19:54:29.0308 1020 arcsas - ok
19:54:29.0324 1020 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
19:54:29.0324 1020 aswFsBlk - ok
19:54:29.0371 1020 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
19:54:29.0371 1020 aswMonFlt - ok
19:54:29.0386 1020 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
19:54:29.0386 1020 aswRdr - ok
19:54:29.0417 1020 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\windows\system32\drivers\aswSnx.sys
19:54:29.0433 1020 aswSnx - ok
19:54:29.0464 1020 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\windows\system32\drivers\aswSP.sys
19:54:29.0480 1020 aswSP - ok
19:54:29.0527 1020 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
19:54:29.0527 1020 aswTdi - ok
19:54:29.0558 1020 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:54:29.0605 1020 AsyncMac - ok
19:54:29.0620 1020 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
19:54:29.0636 1020 atapi - ok
19:54:29.0698 1020 [ B594EA0B79A9028DAA640A0F0DC41FE6 ] athr C:\windows\system32\DRIVERS\athrx.sys
19:54:29.0776 1020 athr - ok
19:54:29.0807 1020 [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
19:54:29.0807 1020 AtiHDAudioService - ok
19:54:29.0854 1020 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:54:29.0932 1020 AudioEndpointBuilder - ok
19:54:29.0948 1020 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:54:29.0979 1020 AudioSrv - ok
19:54:30.0057 1020 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:54:30.0057 1020 avast! Antivirus - ok
19:54:30.0088 1020 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
19:54:30.0151 1020 AxInstSV - ok
19:54:30.0197 1020 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
19:54:30.0229 1020 b06bdrv - ok
19:54:30.0260 1020 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:54:30.0291 1020 b57nd60a - ok
19:54:30.0338 1020 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:54:30.0369 1020 BDESVC - ok
19:54:30.0416 1020 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:54:30.0463 1020 Beep - ok
19:54:30.0494 1020 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
19:54:30.0541 1020 BFE - ok
19:54:30.0572 1020 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
19:54:30.0681 1020 BITS - ok
19:54:30.0712 1020 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:54:30.0743 1020 blbdrive - ok
19:54:30.0775 1020 [ 8B1E76B5F86DF4396D77AB09787F6D37 ] BMLoad C:\windows\system32\drivers\BMLoad.sys
19:54:30.0790 1020 BMLoad ( UnsignedFile.Multi.Generic ) - warning
19:54:30.0790 1020 BMLoad - detected UnsignedFile.Multi.Generic (1)
19:54:30.0837 1020 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:54:30.0853 1020 Bonjour Service - ok
19:54:30.0884 1020 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:54:30.0915 1020 bowser - ok
19:54:30.0946 1020 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
19:54:30.0977 1020 BrFiltLo - ok
19:54:30.0993 1020 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
19:54:31.0024 1020 BrFiltUp - ok
19:54:31.0055 1020 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
19:54:31.0087 1020 Browser - ok
19:54:31.0243 1020 [ B98EF68B1E3DC5AC79A432900947EA2D ] Browser Manager C:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.exe
19:54:31.0352 1020 Browser Manager - ok
19:54:31.0399 1020 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:54:31.0445 1020 Brserid - ok
19:54:31.0461 1020 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:54:31.0477 1020 BrSerWdm - ok
19:54:31.0508 1020 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:54:31.0539 1020 BrUsbMdm - ok
19:54:31.0555 1020 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:54:31.0586 1020 BrUsbSer - ok
19:54:31.0633 1020 [ D31303617FE09F5F788BC34EB8028FB5 ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
19:54:31.0633 1020 BtFilter - ok
19:54:31.0664 1020 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
19:54:31.0679 1020 BTHMODEM - ok
19:54:31.0726 1020 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:54:31.0773 1020 bthserv - ok
19:54:31.0929 1020 [ 9D8A415DF6E7BEF4FC34BF0A4C5C69AC ] Canon Driver Information Assist Service C:\Program Files\Canon\DIAS\CnxDIAS.exe
19:54:32.0116 1020 Canon Driver Information Assist Service - ok
19:54:32.0147 1020 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:54:32.0194 1020 cdfs - ok
19:54:32.0210 1020 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:54:32.0241 1020 cdrom - ok
19:54:32.0272 1020 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
19:54:32.0319 1020 CertPropSvc - ok
19:54:32.0335 1020 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
19:54:32.0366 1020 circlass - ok
19:54:32.0381 1020 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:54:32.0397 1020 CLFS - ok
19:54:32.0475 1020 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:54:32.0475 1020 clr_optimization_v2.0.50727_32 - ok
19:54:32.0522 1020 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:54:32.0522 1020 clr_optimization_v2.0.50727_64 - ok
19:54:32.0600 1020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:54:32.0662 1020 clr_optimization_v4.0.30319_32 - ok
19:54:32.0709 1020 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:54:32.0725 1020 clr_optimization_v4.0.30319_64 - ok
19:54:32.0756 1020 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:54:32.0771 1020 CmBatt - ok
19:54:32.0771 1020 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
19:54:32.0787 1020 cmdide - ok
19:54:32.0834 1020 [ 2B3B8CBEA1BA1BCE5700607FBDB31034 ] cmnsusbser C:\windows\system32\DRIVERS\cmnsusbser.sys
19:54:32.0865 1020 cmnsusbser - ok
19:54:32.0896 1020 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
19:54:32.0927 1020 CNG - ok
19:54:32.0974 1020 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
19:54:32.0990 1020 Compbatt - ok
19:54:33.0005 1020 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
19:54:33.0037 1020 CompositeBus - ok
19:54:33.0052 1020 COMSysApp - ok
19:54:33.0068 1020 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
19:54:33.0068 1020 crcdisk - ok
19:54:33.0099 1020 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
19:54:33.0146 1020 CryptSvc - ok
19:54:33.0208 1020 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:54:33.0224 1020 cvhsvc - ok
19:54:33.0255 1020 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
19:54:33.0317 1020 DcomLaunch - ok
19:54:33.0349 1020 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:54:33.0395 1020 defragsvc - ok
19:54:33.0427 1020 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:54:33.0473 1020 DfsC - ok
19:54:33.0520 1020 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
19:54:33.0551 1020 Dhcp - ok
19:54:33.0583 1020 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:54:33.0629 1020 discache - ok
19:54:33.0661 1020 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
19:54:33.0661 1020 Disk - ok
19:54:33.0692 1020 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:54:33.0723 1020 Dnscache - ok
19:54:33.0754 1020 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
19:54:33.0801 1020 dot3svc - ok
19:54:33.0832 1020 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
19:54:33.0879 1020 DPS - ok
19:54:33.0910 1020 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:54:33.0926 1020 drmkaud - ok
19:54:33.0957 1020 [ 85DBF6EC7BDFA6187F4A1EC8F3145CD0 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:54:33.0988 1020 DXGKrnl - ok
19:54:34.0019 1020 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:54:34.0051 1020 EapHost - ok
19:54:34.0144 1020 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
19:54:34.0222 1020 ebdrv - ok
19:54:34.0253 1020 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
19:54:34.0285 1020 EFS - ok
19:54:34.0347 1020 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:54:34.0378 1020 ehRecvr - ok
19:54:34.0409 1020 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
19:54:34.0441 1020 ehSched - ok
19:54:34.0487 1020 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
19:54:34.0503 1020 elxstor - ok
19:54:34.0519 1020 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
19:54:34.0534 1020 ErrDev - ok
19:54:34.0581 1020 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:54:34.0612 1020 EventSystem - ok
19:54:34.0643 1020 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:54:34.0690 1020 exfat - ok
19:54:34.0706 1020 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:54:34.0753 1020 fastfat - ok
19:54:34.0784 1020 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
19:54:34.0831 1020 Fax - ok
19:54:34.0846 1020 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
19:54:34.0862 1020 fdc - ok
19:54:34.0893 1020 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:54:34.0924 1020 fdPHost - ok
19:54:34.0940 1020 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:54:34.0971 1020 FDResPub - ok
19:54:34.0987 1020 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:54:35.0002 1020 FileInfo - ok
19:54:35.0018 1020 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:54:35.0065 1020 Filetrace - ok
19:54:35.0096 1020 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
19:54:35.0096 1020 flpydisk - ok
19:54:35.0127 1020 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:54:35.0143 1020 FltMgr - ok
19:54:35.0174 1020 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
19:54:35.0236 1020 FontCache - ok
19:54:35.0267 1020 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:54:35.0283 1020 FontCache3.0.0.0 - ok
19:54:35.0299 1020 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:54:35.0314 1020 FsDepends - ok
19:54:35.0361 1020 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
19:54:35.0361 1020 fssfltr - ok
19:54:35.0439 1020 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:54:35.0470 1020 fsssvc - ok
19:54:35.0486 1020 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:54:35.0501 1020 Fs_Rec - ok
19:54:35.0517 1020 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:54:35.0533 1020 fvevol - ok
19:54:35.0564 1020 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
19:54:35.0579 1020 gagp30kx - ok
19:54:35.0611 1020 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:54:35.0626 1020 GamesAppService - ok
19:54:35.0657 1020 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:54:35.0657 1020 GEARAspiWDM - ok
19:54:35.0689 1020 [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe
19:54:35.0689 1020 GFNEXSrv - ok
19:54:35.0782 1020 [ F1951EF0151372B54C49F3B7B99F051A ] GoogleIMEJaCacheService C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
19:54:35.0813 1020 GoogleIMEJaCacheService - ok
19:54:35.0845 1020 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
19:54:35.0876 1020 gpsvc - ok
19:54:35.0938 1020 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:54:35.0938 1020 gupdate - ok
19:54:35.0938 1020 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:54:35.0954 1020 gupdatem - ok
19:54:36.0016 1020 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:54:36.0032 1020 gusvc - ok
19:54:36.0047 1020 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:54:36.0079 1020 hcw85cir - ok
19:54:36.0125 1020 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:54:36.0141 1020 HdAudAddService - ok
19:54:36.0188 1020 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
19:54:36.0203 1020 HDAudBus - ok
19:54:36.0219 1020 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
19:54:36.0250 1020 HidBatt - ok
19:54:36.0281 1020 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
19:54:36.0313 1020 HidBth - ok
19:54:36.0328 1020 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
19:54:36.0344 1020 HidIr - ok
19:54:36.0359 1020 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
19:54:36.0406 1020 hidserv - ok
19:54:36.0453 1020 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:54:36.0453 1020 HidUsb - ok
19:54:36.0484 1020 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
19:54:36.0531 1020 hkmsvc - ok
19:54:36.0562 1020 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:54:36.0609 1020 HomeGroupListener - ok
19:54:36.0625 1020 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:54:36.0640 1020 HomeGroupProvider - ok
19:54:36.0671 1020 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:54:36.0671 1020 HpSAMD - ok
19:54:36.0718 1020 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:54:36.0765 1020 HTTP - ok
19:54:36.0796 1020 [ BAFE6B0B92BE69144D59907550A07678 ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys
19:54:36.0843 1020 huawei_enumerator - ok
19:54:36.0874 1020 [ F47F112DC883F7A9E4618A006CC6DE1B ] hwdatacard C:\windows\system32\DRIVERS\ewusbmdm.sys
19:54:36.0921 1020 hwdatacard - ok
19:54:36.0921 1020 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:54:36.0937 1020 hwpolicy - ok
19:54:36.0952 1020 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
19:54:36.0968 1020 i8042prt - ok
19:54:36.0983 1020 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:54:36.0999 1020 iaStor - ok
19:54:37.0030 1020 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:54:37.0046 1020 iaStorV - ok
19:54:37.0077 1020 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:54:37.0108 1020 idsvc - ok
19:54:37.0139 1020 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
19:54:37.0139 1020 iirsp - ok
19:54:37.0171 1020 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
19:54:37.0217 1020 IKEEXT - ok
19:54:37.0327 1020 [ 7C49C45A86CC0CD59C36701FB2A91E77 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:54:37.0420 1020 IntcAzAudAddService - ok
19:54:37.0483 1020 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:54:37.0498 1020 Intel(R) Capability Licensing Service Interface - ok
19:54:37.0545 1020 [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
19:54:37.0545 1020 Intel(R) ME Service - ok
19:54:37.0561 1020 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
19:54:37.0561 1020 intelide - ok
19:54:37.0592 1020 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:54:37.0623 1020 intelppm - ok
19:54:37.0654 1020 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:54:37.0685 1020 IPBusEnum - ok
19:54:37.0701 1020 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:54:37.0732 1020 IpFilterDriver - ok
19:54:37.0763 1020 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:54:37.0795 1020 iphlpsvc - ok
19:54:37.0810 1020 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:54:37.0826 1020 IPMIDRV - ok
19:54:37.0841 1020 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:54:37.0888 1020 IPNAT - ok
19:54:37.0935 1020 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:54:37.0951 1020 iPod Service - ok
19:54:37.0966 1020 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:54:37.0982 1020 IRENUM - ok
19:54:38.0013 1020 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:54:38.0013 1020 isapnp - ok
19:54:38.0044 1020 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:54:38.0060 1020 iScsiPrt - ok
19:54:38.0075 1020 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\windows\system32\DRIVERS\iusb3hcs.sys
19:54:38.0075 1020 iusb3hcs - ok
19:54:38.0107 1020 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\windows\system32\DRIVERS\iusb3hub.sys
19:54:38.0122 1020 iusb3hub - ok
19:54:38.0153 1020 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\windows\system32\DRIVERS\iusb3xhc.sys
19:54:38.0169 1020 iusb3xhc - ok
19:54:38.0216 1020 [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:54:38.0216 1020 jhi_service - ok
19:54:38.0247 1020 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:54:38.0247 1020 kbdclass - ok
19:54:38.0278 1020 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
19:54:38.0294 1020 kbdhid - ok
19:54:38.0309 1020 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
19:54:38.0325 1020 KeyIso - ok
19:54:38.0341 1020 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:54:38.0356 1020 KSecDD - ok
19:54:38.0387 1020 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:54:38.0387 1020 KSecPkg - ok
19:54:38.0419 1020 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:54:38.0450 1020 ksthunk - ok
19:54:38.0481 1020 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:54:38.0543 1020 KtmRm - ok
19:54:38.0575 1020 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
19:54:38.0621 1020 LanmanServer - ok
19:54:38.0653 1020 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:54:38.0699 1020 LanmanWorkstation - ok
19:54:38.0746 1020 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:54:38.0762 1020 lltdio - ok
19:54:38.0793 1020 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:54:38.0840 1020 lltdsvc - ok
19:54:38.0855 1020 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:54:38.0887 1020 lmhosts - ok
19:54:38.0933 1020 [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:54:38.0949 1020 LMS - ok
19:54:38.0965 1020 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
19:54:38.0980 1020 LSI_FC - ok
19:54:38.0996 1020 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
19:54:39.0011 1020 LSI_SAS - ok
19:54:39.0011 1020 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
19:54:39.0027 1020 LSI_SAS2 - ok
19:54:39.0027 1020 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
19:54:39.0027 1020 LSI_SCSI - ok
19:54:39.0058 1020 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:54:39.0105 1020 luafv - ok
19:54:39.0136 1020 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:54:39.0152 1020 Mcx2Svc - ok
19:54:39.0183 1020 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
19:54:39.0183 1020 megasas - ok
19:54:39.0199 1020 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
19:54:39.0214 1020 MegaSR - ok
19:54:39.0261 1020 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
19:54:39.0261 1020 MEIx64 - ok
19:54:39.0292 1020 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:54:39.0339 1020 MMCSS - ok
19:54:39.0355 1020 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:54:39.0401 1020 Modem - ok
19:54:39.0433 1020 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:54:39.0448 1020 monitor - ok
19:54:39.0464 1020 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:54:39.0479 1020 mouclass - ok
19:54:39.0511 1020 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:54:39.0526 1020 mouhid - ok
19:54:39.0557 1020 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:54:39.0557 1020 mountmgr - ok
19:54:39.0604 1020 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
19:54:39.0604 1020 mpio - ok
19:54:39.0620 1020 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:54:39.0667 1020 mpsdrv - ok
19:54:39.0713 1020 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
19:54:39.0760 1020 MpsSvc - ok
19:54:39.0776 1020 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:54:39.0807 1020 MRxDAV - ok
19:54:39.0823 1020 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:54:39.0869 1020 mrxsmb - ok
19:54:39.0885 1020 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:54:39.0901 1020 mrxsmb10 - ok
19:54:39.0901 1020 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:54:39.0916 1020 mrxsmb20 - ok
19:54:39.0947 1020 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
19:54:39.0963 1020 msahci - ok
19:54:39.0979 1020 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:54:39.0979 1020 msdsm - ok
19:54:40.0010 1020 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:54:40.0010 1020 MSDTC - ok
19:54:40.0041 1020 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:54:40.0072 1020 Msfs - ok
19:54:40.0088 1020 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:54:40.0119 1020 mshidkmdf - ok
19:54:40.0150 1020 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:54:40.0150 1020 msisadrv - ok
19:54:40.0181 1020 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:54:40.0228 1020 MSiSCSI - ok
19:54:40.0228 1020 msiserver - ok
19:54:40.0259 1020 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:54:40.0306 1020 MSKSSRV - ok
19:54:40.0322 1020 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:54:40.0369 1020 MSPCLOCK - ok
19:54:40.0400 1020 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:54:40.0431 1020 MSPQM - ok
19:54:40.0462 1020 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:54:40.0478 1020 MsRPC - ok
19:54:40.0493 1020 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
19:54:40.0509 1020 mssmbios - ok
19:54:40.0525 1020 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:54:40.0556 1020 MSTEE - ok
19:54:40.0587 1020 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
19:54:40.0618 1020 MTConfig - ok
19:54:40.0634 1020 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:54:40.0634 1020 Mup - ok
19:54:40.0681 1020 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
19:54:40.0712 1020 napagent - ok
19:54:40.0743 1020 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:54:40.0774 1020 NativeWifiP - ok
19:54:40.0868 1020 [ DFE14D63F0F649EE94A9E3442B7C8F2C ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
19:54:40.0883 1020 NAUpdate - ok
19:54:40.0883 1020 [ DACA803A8D732FE5EEAA024EC342F81D ] NBVol C:\windows\system32\DRIVERS\NBVol.sys
19:54:40.0899 1020 NBVol - ok
19:54:40.0899 1020 [ 6208F622E9E35860DFB0753DFF56F0C0 ] NBVolUp C:\windows\system32\DRIVERS\NBVolUp.sys
19:54:40.0899 1020 NBVolUp - ok
19:54:40.0961 1020 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
19:54:40.0977 1020 NDIS - ok
19:54:40.0993 1020 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:54:41.0039 1020 NdisCap - ok
19:54:41.0071 1020 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:54:41.0086 1020 NdisTapi - ok
19:54:41.0117 1020 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:54:41.0149 1020 Ndisuio - ok
19:54:41.0164 1020 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:54:41.0195 1020 NdisWan - ok
19:54:41.0227 1020 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:54:41.0273 1020 NDProxy - ok
19:54:41.0289 1020 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:54:41.0336 1020 NetBIOS - ok
19:54:41.0367 1020 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:54:41.0398 1020 NetBT - ok
19:54:41.0429 1020 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
19:54:41.0429 1020 Netlogon - ok
19:54:41.0461 1020 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:54:41.0507 1020 Netman - ok
19:54:41.0539 1020 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:54:41.0585 1020 netprofm - ok
19:54:41.0617 1020 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:54:41.0632 1020 NetTcpPortSharing - ok
19:54:41.0663 1020 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
19:54:41.0663 1020 nfrd960 - ok
19:54:41.0710 1020 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
19:54:41.0726 1020 NlaSvc - ok
19:54:41.0741 1020 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:54:41.0773 1020 Npfs - ok
19:54:41.0804 1020 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:54:41.0819 1020 nsi - ok
19:54:41.0851 1020 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:54:41.0882 1020 nsiproxy - ok
19:54:41.0929 1020 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:54:41.0960 1020 Ntfs - ok
19:54:41.0975 1020 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:54:42.0022 1020 Null - ok
19:54:42.0038 1020 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
19:54:42.0053 1020 nvraid - ok
19:54:42.0085 1020 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
19:54:42.0085 1020 nvstor - ok
19:54:42.0116 1020 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:54:42.0131 1020 nv_agp - ok
19:54:42.0147 1020 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:54:42.0163 1020 ohci1394 - ok
19:54:42.0178 1020 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:54:42.0194 1020 ose - ok
19:54:42.0350 1020 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:54:42.0506 1020 osppsvc - ok
19:54:42.0537 1020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:54:42.0568 1020 p2pimsvc - ok
19:54:42.0584 1020 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:54:42.0615 1020 p2psvc - ok
19:54:42.0646 1020 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
19:54:42.0662 1020 Parport - ok
19:54:42.0693 1020 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
19:54:42.0693 1020 partmgr - ok
19:54:42.0724 1020 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:54:42.0755 1020 PcaSvc - ok
19:54:42.0771 1020 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
19:54:42.0787 1020 pci - ok
19:54:42.0818 1020 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
19:54:42.0818 1020 pciide - ok
19:54:42.0833 1020 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
19:54:42.0849 1020 pcmcia - ok
19:54:42.0865 1020 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:54:42.0880 1020 pcw - ok
19:54:42.0896 1020 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:54:42.0943 1020 PEAUTH - ok
19:54:43.0005 1020 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:54:43.0067 1020 PerfHost - ok
19:54:43.0114 1020 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
19:54:43.0114 1020 PGEffect - ok
19:54:43.0192 1020 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
19:54:43.0223 1020 pla - ok
19:54:43.0255 1020 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:54:43.0286 1020 PlugPlay - ok
19:54:43.0301 1020 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:54:43.0333 1020 PNRPAutoReg - ok
19:54:43.0348 1020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:54:43.0348 1020 PNRPsvc - ok
19:54:43.0379 1020 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:54:43.0426 1020 PolicyAgent - ok
19:54:43.0457 1020 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
19:54:43.0489 1020 Power - ok
19:54:43.0520 1020 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:54:43.0551 1020 PptpMiniport - ok
19:54:43.0567 1020 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
19:54:43.0582 1020 Processor - ok
19:54:43.0629 1020 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
19:54:43.0660 1020 ProfSvc - ok
19:54:43.0676 1020 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:54:43.0676 1020 ProtectedStorage - ok
19:54:43.0707 1020 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:54:43.0738 1020 Psched - ok
19:54:43.0785 1020 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
19:54:43.0816 1020 ql2300 - ok
19:54:43.0832 1020 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
19:54:43.0847 1020 ql40xx - ok
19:54:43.0879 1020 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:54:43.0879 1020 QWAVE - ok
19:54:43.0910 1020 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:54:43.0941 1020 QWAVEdrv - ok
19:54:43.0957 1020 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:54:44.0003 1020 RasAcd - ok
19:54:44.0035 1020 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:54:44.0066 1020 RasAgileVpn - ok
19:54:44.0097 1020 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:54:44.0144 1020 RasAuto - ok
19:54:44.0191 1020 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:54:44.0206 1020 Rasl2tp - ok
19:54:44.0253 1020 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
19:54:44.0300 1020 RasMan - ok
19:54:44.0331 1020 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:54:44.0378 1020 RasPppoe - ok
19:54:44.0378 1020 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:54:44.0425 1020 RasSstp - ok
19:54:44.0440 1020 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:54:44.0487 1020 rdbss - ok
19:54:44.0503 1020 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
19:54:44.0534 1020 rdpbus - ok
19:54:44.0549 1020 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:54:44.0596 1020 RDPCDD - ok
19:54:44.0612 1020 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:54:44.0643 1020 RDPENCDD - ok
19:54:44.0674 1020 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:54:44.0705 1020 RDPREFMP - ok
19:54:44.0737 1020 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:54:44.0783 1020 RDPWD - ok
19:54:44.0815 1020 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:54:44.0830 1020 rdyboost - ok
19:54:44.0846 1020 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:54:44.0877 1020 RemoteAccess - ok
19:54:44.0924 1020 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:54:44.0971 1020 RemoteRegistry - ok
19:54:44.0986 1020 [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
19:54:45.0017 1020 RimUsb - ok
19:54:45.0049 1020 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
19:54:45.0064 1020 RimVSerPort - ok
19:54:45.0111 1020 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys
19:54:45.0158 1020 ROOTMODEM - ok
19:54:45.0189 1020 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:54:45.0220 1020 RpcEptMapper - ok
19:54:45.0236 1020 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:54:45.0236 1020 RpcLocator - ok
19:54:45.0267 1020 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
19:54:45.0298 1020 RpcSs - ok
19:54:45.0314 1020 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:54:45.0361 1020 rspndr - ok
19:54:45.0392 1020 [ BB1C3DF1D6CC0972E9C7268A19E62D2E ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
19:54:45.0392 1020 RSUSBSTOR - ok
19:54:45.0423 1020 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
19:54:45.0439 1020 RTL8167 - ok
19:54:45.0454 1020 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
19:54:45.0454 1020 SamSs - ok
19:54:45.0470 1020 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:54:45.0485 1020 sbp2port - ok
19:54:45.0501 1020 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:54:45.0548 1020 SCardSvr - ok
19:54:45.0579 1020 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:54:45.0610 1020 scfilter - ok
19:54:45.0642 1020 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
19:54:45.0704 1020 Schedule - ok
19:54:45.0735 1020 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
19:54:45.0751 1020 SCPolicySvc - ok
19:54:45.0782 1020 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:54:45.0813 1020 SDRSVC - ok
19:54:45.0829 1020 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:54:45.0860 1020 secdrv - ok
19:54:45.0876 1020 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
19:54:45.0907 1020 seclogon - ok
19:54:45.0922 1020 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
19:54:45.0969 1020 SENS - ok
19:54:46.0000 1020 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:54:46.0032 1020 SensrSvc - ok
19:54:46.0047 1020 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
19:54:46.0078 1020 Serenum - ok
19:54:46.0125 1020 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
19:54:46.0141 1020 Serial - ok
19:54:46.0156 1020 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
19:54:46.0172 1020 sermouse - ok
19:54:46.0219 1020 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
19:54:46.0250 1020 SessionEnv - ok
19:54:46.0281 1020 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:54:46.0297 1020 sffdisk - ok
19:54:46.0312 1020 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:54:46.0328 1020 sffp_mmc - ok
19:54:46.0344 1020 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:54:46.0375 1020 sffp_sd - ok
19:54:46.0390 1020 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
19:54:46.0390 1020 sfloppy - ok
19:54:46.0437 1020 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
19:54:46.0453 1020 Sftfs - ok
19:54:46.0500 1020 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:54:46.0515 1020 sftlist - ok
19:54:46.0531 1020 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
19:54:46.0546 1020 Sftplay - ok
19:54:46.0562 1020 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
19:54:46.0562 1020 Sftredir - ok
19:54:46.0578 1020 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
19:54:46.0578 1020 Sftvol - ok
19:54:46.0609 1020 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:54:46.0624 1020 sftvsa - ok
19:54:46.0671 1020 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:54:46.0702 1020 SharedAccess - ok
19:54:46.0718 1020 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:54:46.0749 1020 ShellHWDetection - ok
19:54:46.0780 1020 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
19:54:46.0780 1020 SiSRaid2 - ok
19:54:46.0796 1020 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
19:54:46.0812 1020 SiSRaid4 - ok
19:54:46.0858 1020 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:54:46.0874 1020 SkypeUpdate - ok
19:54:46.0905 1020 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:54:46.0952 1020 Smb - ok
19:54:46.0983 1020 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:54:46.0999 1020 SNMPTRAP - ok
19:54:47.0030 1020 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:54:47.0030 1020 spldr - ok
19:54:47.0046 1020 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
19:54:47.0092 1020 Spooler - ok
19:54:47.0170 1020 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
19:54:47.0295 1020 sppsvc - ok
19:54:47.0295 1020 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:54:47.0342 1020 sppuinotify - ok
19:54:47.0373 1020 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
19:54:47.0404 1020 srv - ok
19:54:47.0436 1020 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:54:47.0467 1020 srv2 - ok
19:54:47.0498 1020 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:54:47.0514 1020 srvnet - ok
19:54:47.0545 1020 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:54:47.0592 1020 SSDPSRV - ok
19:54:47.0607 1020 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:54:47.0638 1020 SstpSvc - ok
19:54:47.0654 1020 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
19:54:47.0670 1020 stexstor - ok
19:54:47.0701 1020 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
19:54:47.0716 1020 stisvc - ok
19:54:47.0732 1020 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
19:54:47.0748 1020 swenum - ok
19:54:47.0763 1020 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:54:47.0794 1020 swprv - ok
19:54:47.0841 1020 [ B868E292FBA5B62B9FC71572A5FAEF5C ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
19:54:47.0857 1020 SynTP - ok
19:54:47.0888 1020 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
19:54:47.0935 1020 SysMain - ok
19:54:47.0966 1020 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:54:47.0982 1020 TabletInputService - ok
19:54:47.0997 1020 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
19:54:48.0028 1020 TapiSrv - ok
19:54:48.0060 1020 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:54:48.0091 1020 TBS - ok
19:54:48.0138 1020 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:54:48.0169 1020 Tcpip - ok
19:54:48.0216 1020 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:54:48.0247 1020 TCPIP6 - ok
19:54:48.0262 1020 [ FBA939B917976B2C37F1B235DFCD4876 ] tcpipBM C:\windows\system32\drivers\tcpipBM.sys
19:54:48.0294 1020 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
19:54:48.0294 1020 tcpipBM - detected UnsignedFile.Multi.Generic (1)
19:54:48.0325 1020 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:54:48.0356 1020 tcpipreg - ok
19:54:48.0403 1020 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
19:54:48.0403 1020 tdcmdpst - ok
19:54:48.0418 1020 TDEIO - ok
19:54:48.0434 1020 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:54:48.0465 1020 TDPIPE - ok
19:54:48.0481 1020 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:54:48.0496 1020 TDTCP - ok
19:54:48.0528 1020 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:54:48.0559 1020 tdx - ok
19:54:48.0606 1020 [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
19:54:48.0606 1020 TemproMonitoringService - ok
19:54:48.0621 1020 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
19:54:48.0637 1020 TermDD - ok
19:54:48.0668 1020 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
19:54:48.0715 1020 TermService - ok
19:54:48.0746 1020 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:54:48.0762 1020 Themes - ok
19:54:48.0777 1020 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:54:48.0808 1020 THREADORDER - ok
19:54:48.0871 1020 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:54:48.0871 1020 TMachInfo - ok
19:54:48.0886 1020 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
19:54:48.0902 1020 TODDSrv - ok
19:54:49.0011 1020 [ 4AE80C5F7772C4FB2A762F70AD4A111E ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:54:49.0027 1020 TosCoSrv - ok
19:54:49.0074 1020 [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
19:54:49.0074 1020 TOSHIBA Bluetooth Service - ok
19:54:49.0136 1020 [ 6E2330FB032ED3EBEFC1349AD7081A98 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:54:49.0136 1020 TOSHIBA eco Utility Service - ok
19:54:49.0183 1020 [ 9338C2DEB14CA2804BCB3276CB7EB4FD ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:54:49.0198 1020 TOSHIBA HDD SSD Alert Service - ok
19:54:49.0214 1020 [ 755E5CA34D6186FC0E1430CD47E6E97C ] toshidpt C:\windows\system32\drivers\Toshidpt.sys
19:54:49.0230 1020 toshidpt - ok
19:54:49.0230 1020 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\windows\system32\DRIVERS\tosporte.sys
19:54:49.0245 1020 tosporte - ok
19:54:49.0276 1020 [ B9FA0498F6CC596FFA5CF47A04CD1785 ] tosrfbd C:\windows\system32\DRIVERS\tosrfbd.sys
19:54:49.0292 1020 tosrfbd - ok
19:54:49.0308 1020 [ 90F0B1745ABF13F44C2A6ED79F7CE9FB ] tosrfbnp C:\windows\system32\Drivers\tosrfbnp.sys
19:54:49.0323 1020 tosrfbnp - ok
19:54:49.0354 1020 [ 9E4E65EA51E34647340BD6007467AC54 ] Tosrfcom C:\windows\system32\Drivers\tosrfcom.sys
19:54:49.0370 1020 Tosrfcom - ok
19:54:49.0401 1020 [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
19:54:49.0401 1020 tosrfec - ok
19:54:49.0432 1020 [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid C:\windows\system32\DRIVERS\Tosrfhid.sys
19:54:49.0432 1020 Tosrfhid - ok
19:54:49.0448 1020 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\windows\system32\DRIVERS\tosrfnds.sys
19:54:49.0448 1020 tosrfnds - ok
19:54:49.0464 1020 [ 7052B10E54B48AF12BD5606596A8E039 ] TosRfSnd C:\windows\system32\drivers\tosrfsnd.sys
19:54:49.0495 1020 TosRfSnd - ok
19:54:49.0526 1020 [ AF8A0D2E2A41043A77CA77CCBDB8D9C2 ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
19:54:49.0542 1020 Tosrfusb - ok
19:54:49.0604 1020 [ 36CDD894395BEC46EFB14F49D77D3D82 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
19:54:49.0620 1020 TPCHSrv - ok
19:54:49.0651 1020 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:54:49.0682 1020 TrkWks - ok
19:54:49.0729 1020 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:54:49.0744 1020 TrustedInstaller - ok
19:54:49.0776 1020 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:54:49.0807 1020 tssecsrv - ok
19:54:49.0838 1020 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:54:49.0869 1020 TsUsbFlt - ok
19:54:49.0885 1020 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
19:54:49.0900 1020 TsUsbGD - ok
19:54:49.0947 1020 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:54:49.0994 1020 tunnel - ok
19:54:50.0025 1020 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:54:50.0041 1020 TVALZ - ok
19:54:50.0056 1020 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
19:54:50.0072 1020 TVALZFL - ok
19:54:50.0072 1020 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
19:54:50.0088 1020 uagp35 - ok
19:54:50.0103 1020 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:54:50.0150 1020 udfs - ok
19:54:50.0181 1020 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:54:50.0197 1020 UI0Detect - ok
19:54:50.0212 1020 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:54:50.0228 1020 uliagpkx - ok
19:54:50.0259 1020 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:54:50.0275 1020 umbus - ok
19:54:50.0290 1020 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
19:54:50.0322 1020 UmPass - ok
19:54:50.0384 1020 [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:54:50.0400 1020 UNS - ok
19:54:50.0431 1020 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:54:50.0462 1020 upnphost - ok
19:54:50.0509 1020 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
19:54:50.0540 1020 USBAAPL64 - ok
19:54:50.0556 1020 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:54:50.0587 1020 usbccgp - ok
19:54:50.0618 1020 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:54:50.0634 1020 usbcir - ok
19:54:50.0665 1020 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
19:54:50.0680 1020 usbehci - ok
19:54:50.0727 1020 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:54:50.0743 1020 usbhub - ok
19:54:50.0758 1020 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
19:54:50.0774 1020 usbohci - ok
19:54:50.0790 1020 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
19:54:50.0805 1020 usbprint - ok
19:54:50.0821 1020 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:54:50.0868 1020 USBSTOR - ok
19:54:50.0883 1020 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:54:50.0899 1020 usbuhci - ok
19:54:50.0946 1020 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
19:54:50.0961 1020 usbvideo - ok
19:54:50.0992 1020 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:54:51.0039 1020 UxSms - ok
19:54:51.0055 1020 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
19:54:51.0055 1020 VaultSvc - ok
19:54:51.0086 1020 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:54:51.0086 1020 vdrvroot - ok
19:54:51.0102 1020 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
19:54:51.0133 1020 vds - ok
19:54:51.0180 1020 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:54:51.0180 1020 vga - ok
19:54:51.0211 1020 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:54:51.0242 1020 VgaSave - ok
19:54:51.0273 1020 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:54:51.0273 1020 vhdmp - ok
19:54:51.0289 1020 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
19:54:51.0289 1020 viaide - ok
19:54:51.0367 1020 [ 59E6D1CC4EA1A19D07570AA0657ED966 ] VmbService C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
19:54:51.0445 1020 VmbService ( UnsignedFile.Multi.Generic ) - warning
19:54:51.0445 1020 VmbService - detected UnsignedFile.Multi.Generic (1)
19:54:51.0476 1020 [ 1E4D31FEC921300C5F262C52F5FCC666 ] vodafone_K3805-z_dc_enum C:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
19:54:51.0507 1020 vodafone_K3805-z_dc_enum - ok
19:54:51.0538 1020 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:54:51.0538 1020 volmgr - ok
19:54:51.0554 1020 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:54:51.0570 1020 volmgrx - ok
19:54:51.0585 1020 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
19:54:51.0601 1020 volsnap - ok
19:54:51.0616 1020 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
19:54:51.0632 1020 vsmraid - ok
19:54:51.0679 1020 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
19:54:51.0741 1020 VSS - ok
19:54:51.0741 1020 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:54:51.0772 1020 vwifibus - ok
19:54:51.0788 1020 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:54:51.0804 1020 vwififlt - ok
19:54:51.0850 1020 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
19:54:51.0866 1020 vwifimp - ok
19:54:51.0882 1020 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:54:51.0913 1020 W32Time - ok
19:54:51.0928 1020 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
19:54:51.0944 1020 WacomPen - ok
19:54:51.0991 1020 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:54:52.0038 1020 WANARP - ok
19:54:52.0038 1020 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:54:52.0069 1020 Wanarpv6 - ok
19:54:52.0116 1020 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
19:54:52.0178 1020 wbengine - ok
19:54:52.0209 1020 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:54:52.0240 1020 WbioSrvc - ok
19:54:52.0256 1020 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
19:54:52.0272 1020 wcncsvc - ok
19:54:52.0287 1020 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:54:52.0318 1020 WcsPlugInService - ok
19:54:52.0350 1020 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
19:54:52.0350 1020 Wd - ok
19:54:52.0381 1020 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:54:52.0396 1020 Wdf01000 - ok
19:54:52.0412 1020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:54:52.0474 1020 WdiServiceHost - ok
19:54:52.0490 1020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:54:52.0490 1020 WdiSystemHost - ok
19:54:52.0521 1020 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
19:54:52.0552 1020 WebClient - ok
19:54:52.0568 1020 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:54:52.0615 1020 Wecsvc - ok
19:54:52.0646 1020 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:54:52.0677 1020 wercplsupport - ok
19:54:52.0693 1020 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:54:52.0724 1020 WerSvc - ok
19:54:52.0740 1020 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:54:52.0755 1020 WfpLwf - ok
19:54:52.0786 1020 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:54:52.0802 1020 WIMMount - ok
19:54:52.0818 1020 WinDefend - ok
19:54:52.0818 1020 WinHttpAutoProxySvc - ok
19:54:52.0864 1020 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:54:52.0896 1020 Winmgmt - ok
19:54:52.0958 1020 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
19:54:53.0005 1020 WinRM - ok
19:54:53.0052 1020 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
19:54:53.0083 1020 WinUsb - ok
19:54:53.0130 1020 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:54:53.0161 1020 Wlansvc - ok
19:54:53.0208 1020 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:54:53.0223 1020 wlcrasvc - ok
19:54:53.0332 1020 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:54:53.0379 1020 wlidsvc - ok
19:54:53.0410 1020 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
19:54:53.0410 1020 WmiAcpi - ok
19:54:53.0457 1020 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:54:53.0473 1020 wmiApSrv - ok
19:54:53.0504 1020 WMPNetworkSvc - ok
19:54:53.0520 1020 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:54:53.0535 1020 WPCSvc - ok
19:54:53.0551 1020 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:54:53.0582 1020 WPDBusEnum - ok
19:54:53.0598 1020 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:54:53.0644 1020 ws2ifsl - ok
19:54:53.0676 1020 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
19:54:53.0676 1020 wscsvc - ok
19:54:53.0676 1020 WSearch - ok
19:54:53.0738 1020 [ 67C1BCCCB4B59552BD62827F812A3A8B ] WTGService C:\Program Files (x86)\XSManager\WTGService.exe
19:54:53.0738 1020 WTGService - ok
19:54:53.0800 1020 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
19:54:53.0847 1020 wuauserv - ok
19:54:53.0878 1020 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:54:53.0910 1020 WudfPf - ok
19:54:53.0941 1020 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:54:53.0972 1020 WUDFRd - ok
19:54:53.0988 1020 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:54:54.0003 1020 wudfsvc - ok
19:54:54.0034 1020 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\windows\System32\wwansvc.dll
19:54:54.0066 1020 WwanSvc - ok
19:54:54.0097 1020 [ 1EA18D9ADA8FE282D7B5822F1BD05E8F ] XS Stick Service C:\windows\service4g.exe
19:54:54.0097 1020 XS Stick Service - ok
19:54:54.0128 1020 ================ Scan global ===============================
19:54:54.0159 1020 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:54:54.0190 1020 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
19:54:54.0190 1020 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
19:54:54.0222 1020 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:54:54.0237 1020 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:54:54.0237 1020 [Global] - ok
19:54:54.0237 1020 ================ Scan MBR ==================================
19:54:54.0253 1020 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
19:54:54.0612 1020 \Device\Harddisk0\DR0 - ok
19:54:54.0612 1020 ================ Scan VBR ==================================
19:54:54.0643 1020 [ DA36CD35EA32FA9F2CEA0FCAF23F0769 ] \Device\Harddisk0\DR0\Partition1
19:54:54.0643 1020 \Device\Harddisk0\DR0\Partition1 - ok
19:54:54.0643 1020 ============================================================
19:54:54.0643 1020 Scan finished
19:54:54.0643 1020 ============================================================
19:54:54.0643 2332 Detected object count: 3
19:54:54.0643 2332 Actual detected object count: 3
|
|
05.02.2013, 20:14
| #10 |
| /// Malware-holic | GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) hi Combofix: Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.02.2013, 21:07
| #11 |
| | GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) Hi Markus, hab nun Combofix ausgeführt! werde den pc hier sofort neustarten lassen. Code:
ATTFilter ComboFix 13-02-03.03 - Celine 05.02.2013 20:57:45.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4056.3237 [GMT 1:00]
ausgeführt von:: c:\users\Celine\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Savings Sidekick
c:\program files (x86)\Savings Sidekick\ButtonUtil.dll
c:\program files (x86)\Savings Sidekick\Savings Sidekick-bg.exe
c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll
c:\program files (x86)\Savings Sidekick\Savings Sidekick.exe
c:\program files (x86)\Savings Sidekick\Savings Sidekick.ico
c:\program files (x86)\Savings Sidekick\Savings Sidekick.ini
c:\program files (x86)\Savings Sidekick\Savings SidekickInstaller.log
c:\program files (x86)\Savings Sidekick\Uninstall.exe
c:\program files (x86)\Yahoo!J
c:\program files (x86)\Yahoo!J\PC Service Manager\INSTALL.LOG
c:\program files (x86)\Yahoo!J\PC Service Manager\license.txt
c:\program files (x86)\Yahoo!J\PC Service Manager\UNINST.EXE
c:\program files (x86)\Yahoo!J\PC Service Manager\UNINST.INI
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcpm.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcsm.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcuninst.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcut.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ysp.ico
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\Config.xml
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_bland20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_comment20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_customize20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_search20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\LocalPlugin.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\Update.xml
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yjem.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yjgh.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YJImage.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YJImageToCom.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yjop.exe
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YJTools.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yphb.exe
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\uninst.exe
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\uninstall.exe
c:\program files (x86)\Yahoo!J\Toolbar\ytcnt.exe
c:\programdata\8bO3W7RR.exe.b
c:\users\Celine\AppData\Local\Savings Sidekick
c:\users\Celine\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx
c:\users\Celine\wgsdgsdgdsgsd.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-05 bis 2013-02-05 ))))))))))))))))))))))))))))))
.
.
2013-02-05 20:02 . 2013-02-05 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-05 17:47 . 2013-02-05 18:00 -------- d-----w- c:\users\Celine\AppData\Local\ElevatedDiagnostics
2013-02-05 17:22 . 2013-02-05 17:22 -------- dc----w- C:\_OTL
2013-02-02 14:26 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DBC68FA-092C-4E92-9249-8492777FBBFA}\mpengine.dll
2013-01-27 21:00 . 2013-01-27 21:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-01-27 20:30 . 2013-01-27 20:30 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-01-27 20:29 . 2013-01-27 20:29 -------- dc----r- C:\MSOCache
2013-01-24 22:03 . 2013-02-05 08:30 -------- d-----w- c:\users\Celine\.rainlendar2
2013-01-24 22:02 . 2013-01-24 22:02 -------- d-----w- c:\program files (x86)\Rainlendar2
2013-01-22 22:21 . 2013-01-22 22:21 2194456 ----a-w- c:\windows\system32\GIMEJa.ime
2013-01-22 22:03 . 2013-01-22 22:03 1593368 ----a-w- c:\windows\SysWow64\GIMEJa.ime
2013-01-09 08:49 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 08:48 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 08:48 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-07 10:21 . 2013-01-07 10:22 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-07 10:21 . 2013-01-07 10:22 -------- dc----w- c:\program files\iTunes
2013-01-07 10:21 . 2013-01-07 10:22 -------- d-----w- c:\program files (x86)\iTunes
2013-01-07 10:21 . 2013-01-07 10:21 -------- dc----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 12:43 . 2012-06-06 19:57 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 08:52 . 2012-02-17 05:19 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 08:52 . 2012-02-17 05:19 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 22:14 . 2012-12-16 22:14 117888 ----a-w- c:\windows\system32\drivers\cmnsusbser.sys
2012-12-16 17:11 . 2012-12-22 14:39 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 14:39 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 14:39 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 14:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 08:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-09 05:45 . 2012-12-12 07:55 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 07:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}]
2012-07-09 00:09 263272 ----a-w- c:\program files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
"{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"= "c:\program files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll" [2012-07-09 287848]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{9e131a93-eed7-4beb-b015-a0adb30b5646}]
[HKEY_CLASSES_ROOT\claro.clarodskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\claro.clarodskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-17 39408]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2012-12-29 2587136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-20 343168]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"starter4g"="c:\windows\starter4g.exe" [2010-03-19 161040]
"Google Japanese Input Prelauncher"="c:\program files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" [2013-01-22 1328664]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\Celine\Desktop\OTL.exe" [2013-02-04 602112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2012-2-4 2824104]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2012-5-17 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261123~1.78\{61D8B~1\brwmngr.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ GIMEJA.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-01-20 235520]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.exe [2013-01-31 2561488]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
R2 GoogleIMEJaCacheService;Google Japanese Input Cache Service;c:\program files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [2013-01-22 681496]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-04 687400]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
R2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-04-19 9216]
R2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2009-06-22 304592]
R2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-03-19 145680]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2011-08-09 45168]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2012-12-16 117888]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2012-06-08 16512]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-04-18 85504]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-17 251496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 92446227
*Deregistered* - 92446227
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-30 18:49 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-17 08:52]
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 05:24]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 05:24]
.
2013-02-05 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-02-02 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-16 12459112]
"SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-22 2165120]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2012-02-17 150992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110011501160} - c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ypcsm - c:\progra~2\Yahoo!J\PCSERV~1\ypcsm.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ypcsm - c:\progra~2\Yahoo!J\PCSERV~1\ypcsm.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-Savings Sidekick - c:\program files (x86)\Savings Sidekick\Uninstall.exe
AddRemove-Yahoo!Jƒc[ƒ‹ƒo[ - c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\uninst.exe
AddRemove-ƒRƒ“Ý’è - c:\progra~2\Yahoo!J\PCSERV~1\YPCUNI~1.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-05 21:04:53
ComboFix-quarantined-files.txt 2013-02-05 20:04
.
Vor Suchlauf: 10 Verzeichnis(se), 568.844.419.072 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 568.506.961.920 Bytes frei
.
- - End Of File - - 89049C932D7B91DA47CACB4D9970E5C7
Code:
ATTFilter ComboFix 13-02-03.03 - Celine 05.02.2013 20:57:45.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4056.3237 [GMT 1:00]
ausgeführt von:: c:\users\Celine\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Savings Sidekick
c:\program files (x86)\Savings Sidekick\ButtonUtil.dll
c:\program files (x86)\Savings Sidekick\Savings Sidekick-bg.exe
c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll
c:\program files (x86)\Savings Sidekick\Savings Sidekick.exe
c:\program files (x86)\Savings Sidekick\Savings Sidekick.ico
c:\program files (x86)\Savings Sidekick\Savings Sidekick.ini
c:\program files (x86)\Savings Sidekick\Savings SidekickInstaller.log
c:\program files (x86)\Savings Sidekick\Uninstall.exe
c:\program files (x86)\Yahoo!J
c:\program files (x86)\Yahoo!J\PC Service Manager\INSTALL.LOG
c:\program files (x86)\Yahoo!J\PC Service Manager\license.txt
c:\program files (x86)\Yahoo!J\PC Service Manager\UNINST.EXE
c:\program files (x86)\Yahoo!J\PC Service Manager\UNINST.INI
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcpm.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcsm.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcuninst.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcut.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ysp.ico
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\Config.xml
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_bland20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_comment20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_customize20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_search20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\LocalPlugin.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\Update.xml
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yjem.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yjgh.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YJImage.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YJImageToCom.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yjop.exe
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YJTools.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yphb.exe
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\uninst.exe
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\uninstall.exe
c:\program files (x86)\Yahoo!J\Toolbar\ytcnt.exe
c:\programdata\8bO3W7RR.exe.b
c:\users\Celine\AppData\Local\Savings Sidekick
c:\users\Celine\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx
c:\users\Celine\wgsdgsdgdsgsd.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-05 bis 2013-02-05 ))))))))))))))))))))))))))))))
.
.
2013-02-05 20:02 . 2013-02-05 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-05 17:47 . 2013-02-05 18:00 -------- d-----w- c:\users\Celine\AppData\Local\ElevatedDiagnostics
2013-02-05 17:22 . 2013-02-05 17:22 -------- dc----w- C:\_OTL
2013-02-02 14:26 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DBC68FA-092C-4E92-9249-8492777FBBFA}\mpengine.dll
2013-01-27 21:00 . 2013-01-27 21:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-01-27 20:30 . 2013-01-27 20:30 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-01-27 20:29 . 2013-01-27 20:29 -------- dc----r- C:\MSOCache
2013-01-24 22:03 . 2013-02-05 08:30 -------- d-----w- c:\users\Celine\.rainlendar2
2013-01-24 22:02 . 2013-01-24 22:02 -------- d-----w- c:\program files (x86)\Rainlendar2
2013-01-22 22:21 . 2013-01-22 22:21 2194456 ----a-w- c:\windows\system32\GIMEJa.ime
2013-01-22 22:03 . 2013-01-22 22:03 1593368 ----a-w- c:\windows\SysWow64\GIMEJa.ime
2013-01-09 08:49 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 08:48 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 08:48 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-07 10:21 . 2013-01-07 10:22 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-07 10:21 . 2013-01-07 10:22 -------- dc----w- c:\program files\iTunes
2013-01-07 10:21 . 2013-01-07 10:22 -------- d-----w- c:\program files (x86)\iTunes
2013-01-07 10:21 . 2013-01-07 10:21 -------- dc----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 12:43 . 2012-06-06 19:57 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 08:52 . 2012-02-17 05:19 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 08:52 . 2012-02-17 05:19 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 22:14 . 2012-12-16 22:14 117888 ----a-w- c:\windows\system32\drivers\cmnsusbser.sys
2012-12-16 17:11 . 2012-12-22 14:39 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 14:39 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 14:39 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 14:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 08:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-09 05:45 . 2012-12-12 07:55 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 07:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}]
2012-07-09 00:09 263272 ----a-w- c:\program files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
"{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"= "c:\program files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll" [2012-07-09 287848]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{9e131a93-eed7-4beb-b015-a0adb30b5646}]
[HKEY_CLASSES_ROOT\claro.clarodskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\claro.clarodskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-17 39408]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2012-12-29 2587136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-20 343168]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"starter4g"="c:\windows\starter4g.exe" [2010-03-19 161040]
"Google Japanese Input Prelauncher"="c:\program files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" [2013-01-22 1328664]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\Celine\Desktop\OTL.exe" [2013-02-04 602112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2012-2-4 2824104]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2012-5-17 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261123~1.78\{61D8B~1\brwmngr.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ GIMEJA.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-01-20 235520]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.exe [2013-01-31 2561488]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
R2 GoogleIMEJaCacheService;Google Japanese Input Cache Service;c:\program files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [2013-01-22 681496]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-04 687400]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
R2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-04-19 9216]
R2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2009-06-22 304592]
R2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-03-19 145680]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2011-08-09 45168]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2012-12-16 117888]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2012-06-08 16512]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-04-18 85504]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-17 251496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 92446227
*Deregistered* - 92446227
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-30 18:49 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-17 08:52]
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 05:24]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 05:24]
.
2013-02-05 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-02-02 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-16 12459112]
"SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-22 2165120]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2012-02-17 150992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110011501160} - c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ypcsm - c:\progra~2\Yahoo!J\PCSERV~1\ypcsm.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ypcsm - c:\progra~2\Yahoo!J\PCSERV~1\ypcsm.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-Savings Sidekick - c:\program files (x86)\Savings Sidekick\Uninstall.exe
AddRemove-Yahoo!Jƒc[ƒ‹ƒo[ - c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\uninst.exe
AddRemove-ƒRƒ“Ý’è - c:\progra~2\Yahoo!J\PCSERV~1\YPCUNI~1.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-05 21:04:53
ComboFix-quarantined-files.txt 2013-02-05 20:04
.
Vor Suchlauf: 10 Verzeichnis(se), 568.844.419.072 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 568.506.961.920 Bytes frei
.
- - End Of File - - 89049C932D7B91DA47CACB4D9970E5C7
Hi Markus, habe gerade versucht "normal" nicht über den abgespeicherten Modus zu starten. Es funktioniert jetzt soweit ich es sehen kann!!!  Es erscheint keine Anfrage von der Benutzerkonstensteuerung mehr, dass eine Änderung vorgenommen werden soll und vor allem keine Sperre mit der GUV-Seite auf dem Desktop!!! Es ist wie vor 2Tage nach dem Virus für meine Augen..Vielen dank erstmal bis hierher!! Was kann noch gemacht werden?? |
|
05.02.2013, 21:53
| #12 |
| /// Malware-holic | GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.02.2013, 23:34
| #13 |
| | GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) hi hier ist das log nach der Entfernung von 9 Virendaten. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.05.09 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Celine :: CELINE-TOSH [Administrator] Schutz: Deaktiviert 05.02.2013 22:14:56 mbam-log-2013-02-05 (22-14-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 335214 Laufzeit: 29 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstalledBrowserExtensions\215 Apps|5060 (PUP.CrossFire.SA) -> Daten: Savings Sidekick -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 6 C:\Qoobox\Quarantine\C\Program Files (x86)\Savings Sidekick\Savings Sidekick-bg.exe.vir (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll.vir (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Program Files (x86)\Savings Sidekick\Savings Sidekick.exe.vir (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Program Files (x86)\Savings Sidekick\Uninstall.exe.vir (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Users\Celine\wgsdgsdgdsgsd.exe.vir (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter 2013/02/05 23:36:43 +0100 CELINE-TOSH (null) MESSAGE Starting protection
2013/02/05 23:36:43 +0100 CELINE-TOSH (null) MESSAGE Protection started successfully
2013/02/05 23:36:43 +0100 CELINE-TOSH (null) MESSAGE Starting IP protection
2013/02/05 23:36:45 +0100 CELINE-TOSH (null) MESSAGE IP Protection started successfully
|
|
06.02.2013, 12:54
| #14 |
| /// Malware-holic | GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) Danke. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.02.2013, 17:30
| #15 |
| | GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) Hi Markus, danke für die kontinulierliche Hilfe hier!! Unten ist die liste von CCleaner! Code:
ATTFilter Adobe Flash Player 11 ActiveX (nötig) Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 Adobe Reader X (10.1.3) MUI(nötig) Adobe Systems Incorporated 28.06.2012 479MB 10.1.3 Adobe Reader X (10.1.4) - Deutsch (nötig) Adobe Systems Incorporated 02.10.2012 121MB 10.1.4 AMD Catalyst Install Manager (unbekannt) Advanced Micro Devices, Inc. 16.05.2012 26,2MB 3.0.859.0 Apple Application Support (unnötig) Apple Inc. 07.01.2013 65,0MB 2.3.2 Apple Mobile Device Support (nötig) Apple Inc. 07.01.2013 25,1MB 6.0.1.3 Apple Software Update Apple Inc. (unnötig) 31.10.2012 2,38MB 2.1.3.127 Atheros Bluetooth Filter Driver Package Atheros Communications (nötig) 16.05.2012 4,59MB 1.0.0.12 Atheros Driver Installation Program (unbekannt) Atheros 16.05.2012 9.2 avast! Free Antivirus AVAST Software 09.12.2012 (nötig) 7.0.1474.0 BlackBerry Desktop Software 5.0.1(nötig) Research in Motion Ltd. 18.11.2012 5.0.1.28 BlackBerry® Media Sync Research In Motion (nötig) 18.11.2012 6,79MB 2.0.28 Bluetooth Stack for Windows by Toshiba(nötig) TOSHIBA CORPORATION 16.05.2012 76,4MB v9.00.00(T) Bonjour Apple Inc.(unbekannt) 31.10.2012 2,00MB 3.0.0.10 Browser Manager (nötig) 31.01.2013 CCleaner (nötig) Piriform 23.01.2013 3.27 Claro LTD toolbar (unnötig) Claro LTD 09.10.2012 Contrôle ActiveX Windows Live Mesh pour connexions à distance (nötig) Microsoft Corporation 17.02.2012 5,57MB 15.4.5722.2 Craving Explorer Version 1.5.0 T-Craft / tuck 30.10.2012 (nötig) 15,2MB 1.5.0.0 Foxit PDF Creator Toolbar (unnötig) Ask.com 20.06.2012 3,56MB 1.15.4.0 Foxit PDF Creator Toolbar Updater (unnötig) Ask.com 20.06.2012 1.2.2.23821 Foxit Reader Foxit Corporation (unnötig) 20.06.2012 39,3MB 5.3.1.606 Google Chrome Google Inc. 17.02.2012 (unnötig) 24.0.1312.57 Google Toolbar for Internet Explorer Google Inc.(nötig) 14.12.2012 7.4.3607.2246 Google 日本語入力 (nötig) Google Inc. 29.01.2013 80,6MB 1.8.1310.0 Intel(R) Manageability Engine Firmware Recovery Agent(nötig) Intel Corporation 16.05.2012 54,8MB 1.0.0.35342 Intel(R) Management Engine Components Intel Corporation(nötig) 16.05.2012 8.0.3.1427 Intel(R) Rapid Storage Technology Intel Corporation(nötig) 06.02.2013 11.0.0.1032 Intel(R) USB 3.0 eXtensible Host Controller Driver(nötig) Intel Corporation 16.05.2012 1.0.1.209 Intel® Trusted Connect Service Client (nötig) Intel Corporation 16.05.2012 10,6MB 1.23.605.1 iTunes Apple Inc. (nötig) 07.01.2013 191MB 11.0.1.12 Java(TM) 6 Update 30 Oracle 17.02.2012 (nötig) 97,3MB 6.0.300 Malwarebytes Anti-Malware Version 1.70.0.1100 (nötig) Malwarebytes Corporation 05.02.2013 18,4MB 1.70.0.1100 Microsoft .NET Framework 4 Client Profile (nötig) Microsoft Corporation 17.02.2012 38,8MB 4.0.30319 Microsoft Office 2010 Microsoft Corporation (nötig) 17.02.2012 6,40MB 14.0.4763.1000 Microsoft Office Klick-und-Los 2010 (nötig) Microsoft Corporation 08.06.2012 14.0.4763.1000 Microsoft Office Professional 2010 (nötig) Microsoft Corporation 27.01.2013 14.0.6029.1000 Microsoft Office Starter 2010 (nötig) - Deutsch Microsoft Corporation 08.06.2012 14.0.5139.5005 Microsoft Silverlight (nötig) Microsoft Corporation 08.06.2012 40,3MB 4.1.10329.0 Microsoft SQL Server 2005 Compact Edition (nötig) [ENU] Microsoft Corporation 17.02.2012 1,69MB 3.1.0000 Microsoft Visual C++ 2005 Redistributable (nötig) Microsoft Corporation 08.06.2012 290KB 8.0.61001 Microsoft Visual C++ 2005 Redistributable (nötig) (x64) Microsoft Corporation 16.05.2012 572KB 8.0.61000 Microsoft Visual C++ 2008 Redistributable (nötig) - x86 9.0.30729.17 Microsoft Corporation 17.02.2012 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable (nötig) - x86 9.0.30729.4148 Microsoft Corporation 17.02.2012 596KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable (nötig) - x86 9.0.30729.6161 Microsoft Corporation 08.06.2012 598KB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable (nötig) - 10.0.40219 Microsoft Corporation 16.05.2012 13,8MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable (nötig) - 10.0.40219 Microsoft Corporation 16.05.2012 15,0MB 10.0.40219 Nero 11 Essentials (unnötig) Nero AG 17.02.2012 775MB 11.0.00300 Nero Backup Drivers (unnötig) Nero AG 17.02.2012 94,0KB 1.0.11100.8.0 Network ScanGear Ver.2.30 (nötig) Canon Inc. 10.12.2012 6,95MB 2.30.0000 PlayReady PC Runtime amd64 (nötig) Microsoft Corporation 17.02.2012 2,05MB 1.3.0 Premium Sound HD (nötig) SRS Labs, Inc. 16.05.2012 1,76MB 1.12.1800 Rainlendar2 (remove only) (nötig) 24.01.2013 Realtek Ethernet Controller Driver (nötig) Realtek 16.05.2012 7.48.823.2011 Realtek High Definition Audio Driver (nötig) Realtek Semiconductor Corp. 16.05.2012 6.0.1.6597 Realtek USB 2.0 Card Reader(nötig) Realtek Semiconductor Corp. 16.05.2012 6.1.7601.30130 Savings Sidekick (unbekannt) 215 Apps 09.10.2012 1.23.151.151 Skype™ 6.0 (nötig) Skype Technologies S.A. 01.01.2013 20,3MB 6.0.126 Synaptics Pointing Device Driver (unbekannt) Synaptics Incorporated 16.05.2012 46,4MB 15.3.38.2 TOSHIBA Assist TOSHIBA CORPORATION (nötig) 17.02.2012 4.2.3.0 TOSHIBA Disc Creator TOSHIBA Corporation (nötig) 16.05.2012 19,0MB 2.1.0.11 for x64 TOSHIBA eco Utility TOSHIBA Corporation (nötig) 16.05.2012 18,7MB 1.3.10.64 TOSHIBA Hardware Setup TOSHIBA 16.05.2012 (nötig) 2.00.0020 TOSHIBA HDD/SSD Alert TOSHIBA Corporation (nötig) 16.05.2012 57,1MB 3.1.64.11 Toshiba Manuals TOSHIBA 16.05.2012 (nötig) 10.04 TOSHIBA Media Controller (nötig) TOSHIBA CORPORATION 16.05.2012 1.0.87.5 TOSHIBA Media Controller Plug-in (nötig) TOSHIBA CORPORATION 16.05.2012 6,65MB 1.0.7.7 TOSHIBA Online Product Information (unnötig) TOSHIBA 17.02.2012 4.01.0000 TOSHIBA PC Health Monitor (nötig) TOSHIBA Corporation 16.05.2012 29,4MB 1.7.15.64 TOSHIBA Places Icon Utility (nötig) TOSHIBA Corporation 16.05.2012 1.1.1.4 TOSHIBA Recovery Media Creator (nötig) TOSHIBA CORPORATION 16.05.2012 2.1.6.52020009 TOSHIBA Recovery Media Creator Reminder (nötig) TOSHIBA 16.05.2012 460KB 1.00.0019 TOSHIBA Resolution+ Plug-in for Windows Media Player (nötig) TOSHIBA Corporation 16.05.2012 1.1.2004 TOSHIBA Service Station TOSHIBA (nötig) 16.05.2012 2.2.13 TOSHIBA Sleep Utility (nötig) TOSHIBA Corporation 16.05.2012 1.4.0022.000104 TOSHIBA Supervisor Password (nötig) TOSHIBA 16.05.2012 2.00.0009 TOSHIBA TEMPRO Toshiba Europe GmbH (nötig) 17.02.2012 11,3MB 3.35 TOSHIBA Value Added Package (nötig) TOSHIBA Corporation 16.05.2012 243MB 1.6.0021.640203 TOSHIBA Web Camera Application (nötig) TOSHIBA Corporation 16.05.2012 65,2MB 2.0.3.33 Vodafone Mobile Broadband (nötig) Vodafone 08.06.2012 110MB 10.2.103.31248 WildTangent Games (unnötig) WildTangent 17.05.2012 1.0.2.5 Windows Live Essentials (unnötig) Microsoft Corporation 12.08.2012 15.4.3555.0308 Windows Live Mesh (nötig) - ActiveX-besturingselement voor externe verbindingen Microsoft Corporation 17.02.2012 5,57MB 15.4.5722.2 Windows Live Mesh ActiveX Control for Remote Connections(nötig) Microsoft Corporation 17.02.2012 5,37MB 15.4.5722.2 Windows Live Mesh ActiveX control for remote connections (nötig) Microsoft Corporation 17.02.2012 5,57MB 15.4.5722.2 WinRAR 4.20 (64-Bit) (unnötig) win.rar GmbH 09.10.2012 4.20.0 XSManager (nötig) XSManager 16.12.2012 3.0 Yahoo!ƒc[ƒ‹ƒo[ Yahoo! JAPAN. (nötig) 10.10.2012 2,76MB 7.3.0.18 リモート接続用の Windows Live Mesh ActiveX コントロール (日本語) (nötig) Microsoft Corporation 29.12.2012 5,57MB 15.4.5722.2 |
|
| Themen zu GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) |
| abgesichert modus, avast, bundespolizei trojaner hilfe, bundespolizei-virus, computer, datei, desktop, dringend, eingabeaufforderung, euro, folge, frage, free, funktioniert, gen, gesperrt, gmer, guv trojaner, infiziert, klicke, microsoft, programm, programme, toshiba, viren, virus, wiederholt, win, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
