| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.02.2013, 18:50
| #1 |
| |  Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglich Hallo Seit einiger Zeit sind bei meinen Laptop keine Updates mehr möglich weder bei Windows Defender noch bei McAfee. Jetzt wollte ich Malwarebytes Anti-Malware 1.70 installieren jedoch kommt immer die Meldung: Was soll ich tun?  |
|
08.02.2013, 18:51
| #2 |
| /// Malware-holic   | Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglich hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
08.02.2013, 19:20
| #3 |
| | Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglich Extras.txt
__________________Code:
ATTFilter OTL Extras logfile created on: 08.02.2013 18:54:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holger\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
7,89 Gb Total Physical Memory | 5,61 Gb Available Physical Memory | 71,10% Memory free
15,78 Gb Paging File | 13,45 Gb Available in Paging File | 85,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 240,57 Gb Total Space | 170,26 Gb Free Space | 70,78% Space Free | Partition Type: NTFS
Drive D: | 439,45 Gb Total Space | 373,31 Gb Free Space | 84,95% Space Free | Partition Type: NTFS
Computer Name: ADMIN-TOSH | User Name: Holger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04841FE3-D9ED-402D-84CC-38021A42B619}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0CE4E775-61F3-4A93-8247-36F773118EED}" = rport=139 | protocol=6 | dir=out | app=system |
"{160DBE63-2242-4A3B-A828-D4A3CA52606E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16E13C8C-D232-4A20-B2A0-0E6C40FFFE3D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{1A2940BB-6A30-4DFB-83BA-323B10C74ECA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{20B7AB25-708F-4329-996F-3982188CE5D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{27150E0D-A17C-4F0B-AE5D-3A0C40A99218}" = lport=137 | protocol=17 | dir=in | app=system |
"{2B99D1E1-B5B9-475D-95CE-3C683471CD81}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{30D9C2F7-C7A2-4ED4-B6C6-8ADEBC1AB562}" = rport=10243 | protocol=6 | dir=out | app=system |
"{348656AE-A8F2-441B-80BE-E1C975DD3245}" = rport=138 | protocol=17 | dir=out | app=system |
"{3576D0DD-33AE-4AD9-A425-78A0A604BE77}" = rport=445 | protocol=6 | dir=out | app=system |
"{38FAD297-2072-411F-A6E8-6DE2A4BFBCFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{392D5557-2637-4A4A-96AC-8288900533E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E8D98C7-7C79-4A68-AC27-F7B76B6F935C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42418ACA-3F73-42EC-A291-AE6B506DFC77}" = lport=445 | protocol=6 | dir=in | app=system |
"{4BF34640-1278-4D81-8121-546D4E79DA68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56048C26-7C0C-4BE1-8ACD-CDEF0183EFD6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6ABE66F3-DC6E-42BE-8297-928FD016CFF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F9F9E6C-53D2-463D-A403-C2BD186EB636}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77589DF7-3ACB-4173-8875-CFB7F38AA225}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A639A60E-CE61-405B-BB46-72B429986D12}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AA349934-836F-4C21-A4F5-32D43CE41340}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF0347D3-4547-4657-90DB-960EB813CEF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{C711C27E-F030-4A7B-B316-28DF0001FFEB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCE70B49-A1AA-49C9-AB21-3C77FB9F7281}" = lport=138 | protocol=17 | dir=in | app=system |
"{F7159F39-08EB-4EAD-B5FF-324FB3CA0F0C}" = lport=139 | protocol=6 | dir=in | app=system |
"{FA8941BA-3919-4225-8AAF-3120CA02CC49}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0526571C-5138-4E00-BEAE-941276293F9E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{05721CF1-C561-43B7-B24F-18C2B3C4082D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{063C23A5-069B-4203-85E5-D5394A17AD41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B4D36DC-8CC1-4884-9F48-A36D6D068CEB}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{22C99787-3656-4969-9164-E3522B49E3C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{25E04472-9686-4129-8A2B-A8AE416D4762}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E0AA61E-1B85-438B-BE71-7D8C2A79B36C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2FFC24F8-EA65-4379-A7EA-B7EE24FE5273}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{335AD59D-21A6-4B17-ADAF-2251DCD534A4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{3E4241F2-C9B3-45A6-ACED-C30FBD9C87B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49C12192-595F-4AC3-A6A3-2F108F37B9D8}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{52D50DB9-5C6A-462A-9919-323958F04EBB}" = protocol=6 | dir=out | app=system |
"{613DB95C-5592-4DD0-BE52-56F65495FFC5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{6B8AA4F5-1ECC-4EA6-BA62-53364979A64A}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{79ABDB65-2C97-44E1-A408-D63769351EC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F170D60-D09B-4571-90B4-9A49D476BE96}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{84FD481E-ACF7-4FEF-8FEE-EE7BBDB3CC77}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{8B731CCB-CD26-42E5-A574-A17CF813CCDD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{914F9FAE-EE8C-4E60-8123-2208ACDDF89F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{94B85F5D-965F-4FBF-A191-BF19948B514D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{995EDC00-D25F-4090-9CA8-2E1581FC31E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A930D57A-BAB6-41D9-9C70-A04E6FC99196}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A937C964-701B-4BAC-8C36-47F887685859}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABA96210-A402-40C9-BF72-702C5AF4C9A5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AF763AEE-7781-4134-A545-B08F02B6C58C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BA47B43A-2572-4F59-95CF-528FEC0E1A7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BA828DFE-28E8-47A3-B44B-58D02040CF2B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BD0F7BC9-EBB1-418F-91C6-BC5AE6371B61}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C01C6152-F96F-4568-B284-2B4E30698CB4}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{D1FABE4A-369F-4FBA-994C-C6EA911B719C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3A24743-28FF-42AB-9B6F-03B63F6A5F89}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DCBAE1A5-408C-4448-A487-58793CE681DF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DE1C8D4B-5D89-4914-9CB9-7E831AF02373}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E78165DF-09EE-49F0-AD8C-4EAA9631A47F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EDDB5375-0B79-4D34-A247-C0764015899D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F1B98088-8CF3-4688-B842-F912ACEF1632}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2703EA4-052B-477E-8194-5CC81658F96C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F7C50263-7DB7-4819-812F-C137E7963C3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{2E8D990B-28A9-404D-8551-C4BBE135B176}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{A688AB56-C64D-4DEA-B216-9840233C8352}C:\program files (x86)\nordic games\dungeon lords mmxii\dlords2012.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nordic games\dungeon lords mmxii\dlords2012.exe |
"TCP Query User{D0F68DF8-6490-4ACD-A4B6-3030EC7B6C71}G:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=g:\xampp\apache\bin\httpd.exe |
"TCP Query User{F27F2B7D-0F08-4871-AF88-28FE42D9DBF5}G:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{1875B92D-BEE4-445C-B207-557A47BA2F0F}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{8F735A78-1989-4082-ACED-1A7F6CD53D0D}G:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=g:\xampp\apache\bin\httpd.exe |
"UDP Query User{A2CE2C5F-3B9C-42C0-94A1-527C729BAE53}C:\program files (x86)\nordic games\dungeon lords mmxii\dlords2012.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nordic games\dungeon lords mmxii\dlords2012.exe |
"UDP Query User{BD5023D1-9F2A-4CFE-982B-6BF683C7EE4F}G:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\xampp\mysql\bin\mysqld.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{27C3DB42-A9C1-4B44-A164-93849D160D12}" = TOSHIBA VIDEO PLAYER
"{439A73C2-8CFA-4630-8484-36BCA2AEBB0A}" = SRS Premium Sound Control Panel
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1111
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C9C56642-9AAB-4267-9454-36FF1CC59168}" = TOSHIBA eco Utility
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"4252DED1757A5AF456930285C3002FA53FC10F32" = ENE CIR Receiver Driver
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.51
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216DF734-6004-42C7-AFC9-A81DFD344BA8}" = Nero BurnRights 11
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49DC7D87-B9F9-4782-9386-B7F13BC75E48}" = Adobe Creative Suite 5 Design Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2122D0-66F7-4A53-96FC-079C900B1CAF}" = Nero BurnRights 11 Help (CHM)
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5FE4CE4A-593C-4158-951F-75BB5A3CC743_Patch}_is1" = Dungeon Lords MMXII
"{5FE4CE4A-593C-4158-951F-75BB5A3CC743}_is1" = Dungeon Lords MMXII
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71972D00-4596-11E2-B6EA-B8AC6F97B88E}" = Google Earth Plug-in
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}" = Intel(R) WiDi
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86790597-5E41-47AF-A6E4-6295D0C21B8B}" = A1 Dashboard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F8635CF8-B797-4EFD-80BC-DE2D26C65D4F}" = Nero 11 Essentials
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"A1 Dashboard" = A1 Dashboard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Audacity_is1" = Audacity 2.0.2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Free Studio_is1" = Free Studio version 5.7.7.1031
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.54
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"RealPlayer 15.0" = RealPlayer
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 2.0.3
"Vocup_is1" = Vocup 1.4.3
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WTA-1ff74afd-489f-47f9-8197-5d2f8fad72e4" = Cake Mania
"WTA-2ee4fbf3-fc87-4b33-a68e-a021a3e948cf" = Agatha Christie - Death on the Nile
"WTA-32ffcb79-9215-42e6-b2e6-a76ff9e0e474" = Aloha TriPeaks
"WTA-39b546da-493a-4bd5-b452-7d1914736322" = Bejeweled 3
"WTA-4e59b859-b0dd-4ff5-a962-e4870db7e476" = Virtual Villagers 4 - The Tree of Life
"WTA-687af76a-b1b8-488a-92ec-fb2b74df82d8" = Chuzzle Deluxe
"WTA-695022ae-360e-4a3d-80db-95268fda9d4c" = Insaniquarium Deluxe
"WTA-7d45088d-e09b-4dff-9b74-a0d76ccb416d" = Plants vs. Zombies - Game of the Year
"WTA-828e6ff1-5928-414e-91cc-c161cfedd07e" = Jewel Quest Solitaire 2
"WTA-a5342933-1102-4db7-abba-25cd2b75fe96" = Mystery P.I. - The London Caper
"WTA-a62ac2b1-8184-4471-a539-2b9ccb641d02" = Polar Bowler
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.02.2013 13:56:25 | Computer Name = admin-TOSH | Source = VSS | ID = 8193
Description =
Error - 08.02.2013 13:56:25 | Computer Name = admin-TOSH | Source = VSS | ID = 8193
Description =
Error - 08.02.2013 13:56:25 | Computer Name = admin-TOSH | Source = VSS | ID = 8193
Description =
Error - 08.02.2013 13:56:25 | Computer Name = admin-TOSH | Source = VSS | ID = 8193
Description =
Error - 08.02.2013 13:56:30 | Computer Name = admin-TOSH | Source = VSS | ID = 8193
Description =
Error - 08.02.2013 13:56:30 | Computer Name = admin-TOSH | Source = VSS | ID = 8193
Description =
Error - 08.02.2013 13:56:30 | Computer Name = admin-TOSH | Source = VSS | ID = 8193
Description =
Error - 08.02.2013 13:56:49 | Computer Name = admin-TOSH | Source = VSS | ID = 8193
Description =
Error - 08.02.2013 13:56:49 | Computer Name = admin-TOSH | Source = VSS | ID = 8193
Description =
Error - 08.02.2013 13:56:49 | Computer Name = admin-TOSH | Source = VSS | ID = 8193
Description =
[ System Events ]
Error - 05.01.2013 06:48:18 | Computer Name = admin-TOSH | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst IPBusEnum erreicht.
Error - 05.01.2013 06:48:49 | Computer Name = admin-TOSH | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst HomeGroupListener erreicht.
Error - 05.01.2013 06:48:49 | Computer Name = admin-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Heimnetzgruppen-Listener" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 06.01.2013 13:39:38 | Computer Name = admin-TOSH | Source = DCOM | ID = 10010
Description =
Error - 07.01.2013 12:28:50 | Computer Name = admin-TOSH | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde
mit folgendem Fehler beendet: %%-2147196306
Error - 07.01.2013 12:30:47 | Computer Name = admin-TOSH | Source = Service Control Manager | ID = 7022
Description = Der Dienst "McAfee McShield" wurde nicht richtig gestartet.
Error - 09.01.2013 17:12:15 | Computer Name = admin-TOSH | Source = DCOM | ID = 10010
Description =
Error - 10.01.2013 13:51:01 | Computer Name = admin-TOSH | Source = DCOM | ID = 10010
Description =
Error - 10.01.2013 15:39:10 | Computer Name = admin-TOSH | Source = DCOM | ID = 10010
Description =
Error - 11.01.2013 13:17:26 | Computer Name = admin-TOSH | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?01.?2013 um 23:27:27 unerwartet heruntergefahren.
[ TuneUp Events ]
Error - 05.02.2013 07:23:51 | Computer Name = admin-TOSH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 06.02.2013 04:12:43 | Computer Name = admin-TOSH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 06.02.2013 06:59:39 | Computer Name = admin-TOSH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 07.02.2013 06:32:32 | Computer Name = admin-TOSH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.02.2013 06:23:39 | Computer Name = admin-TOSH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.02.2013 06:49:54 | Computer Name = admin-TOSH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.02.2013 07:30:30 | Computer Name = admin-TOSH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.02.2013 08:46:38 | Computer Name = admin-TOSH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.02.2013 08:49:22 | Computer Name = admin-TOSH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.02.2013 13:23:38 | Computer Name = admin-TOSH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
[/code] |
|
08.02.2013, 19:22
| #4 |
| | Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglich OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.02.2013 18:54:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holger\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,89 Gb Total Physical Memory | 5,61 Gb Available Physical Memory | 71,10% Memory free 15,78 Gb Paging File | 13,45 Gb Available in Paging File | 85,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 240,57 Gb Total Space | 170,26 Gb Free Space | 70,78% Space Free | Partition Type: NTFS Drive D: | 439,45 Gb Total Space | 373,31 Gb Free Space | 84,95% Space Free | Partition Type: NTFS Computer Name: ADMIN-TOSH | User Name: Holger | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.08 18:52:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holger\Desktop\OTL.exe PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.04 19:48:23 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2012.06.20 17:13:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2012.02.29 01:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.29 01:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.21 20:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.21 20:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.02.05 05:41:10 | 000,231,328 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe PRC - [2012.02.05 05:40:56 | 000,219,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe PRC - [2012.02.04 21:47:54 | 000,251,808 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe PRC - [2012.02.04 21:16:54 | 002,824,104 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2012.01.28 11:24:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.01.28 01:40:46 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.21 23:12:48 | 000,253,312 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe PRC - [2011.11.04 14:40:06 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.10.19 16:43:38 | 000,718,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe PRC - [2011.08.08 21:43:00 | 000,690,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2011.08.08 21:36:00 | 000,087,960 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2011.02.03 23:18:00 | 000,742,800 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe PRC - [2010.12.26 00:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe PRC - [2010.09.07 00:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe PRC - [2010.08.16 18:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2010.02.22 03:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe PRC - [2009.10.22 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe PRC - [2009.10.22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2009.08.25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe PRC - [2009.08.25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe PRC - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe ========== Modules (No Company Name) ========== MOD - [2012.11.04 19:48:23 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2012.01.28 11:24:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2012.01.25 18:57:12 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll MOD - [2010.02.22 03:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.05.29 12:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2012.02.10 03:28:32 | 000,295,360 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2012.02.03 06:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2012.02.02 23:33:46 | 000,580,608 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2011.12.14 23:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2011.12.08 18:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:64bit: - [2011.12.08 18:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011.12.08 18:43:48 | 000,618,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011.12.08 18:43:44 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2011.11.26 02:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2011.04.20 23:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv) SRV:64bit: - [2010.10.20 22:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.10.22 20:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC) SRV - [2013.01.19 10:56:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.11 19:02:07 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.10 21:06:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.29 12:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.05.29 12:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2012.05.10 14:20:46 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.02.29 01:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.29 01:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.21 20:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.21 20:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.01.28 11:24:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.11.04 14:40:06 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.07.12 01:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2011.04.02 01:42:00 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2011.02.10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.10.22 20:07:00 | 000,178,920 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield) SRV - [2009.10.22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2009.10.22 20:07:00 | 000,019,720 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService) SRV - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.09 15:34:50 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.08 06:10:16 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter) DRV:64bit: - [2012.05.10 14:11:04 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.25 01:11:54 | 000,412,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.02.25 01:11:52 | 000,022,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv) DRV:64bit: - [2012.02.04 05:01:20 | 000,677,480 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.01.30 22:14:00 | 000,304,696 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd) DRV:64bit: - [2012.01.28 11:24:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.01.28 01:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.28 01:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.28 01:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.01.27 02:37:24 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2012.01.27 02:37:24 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2012.01.09 09:44:44 | 011,416,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2012.01.05 22:43:52 | 000,259,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2011.12.29 21:37:44 | 000,035,120 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2011.12.17 01:24:00 | 000,079,040 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2011.12.07 03:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011.11.30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.17 23:55:08 | 000,020,304 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid) DRV:64bit: - [2011.11.17 23:54:46 | 000,076,112 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2011.05.03 14:42:40 | 000,222,464 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2011.03.24 01:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv) DRV:64bit: - [2011.03.18 23:03:18 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.09 03:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2011.01.30 17:19:32 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010.11.29 19:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.11 18:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp) DRV:64bit: - [2010.08.30 18:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid) DRV:64bit: - [2010.06.19 00:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec) DRV:64bit: - [2010.04.26 19:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd) DRV:64bit: - [2010.03.02 13:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2010.03.02 13:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2010.03.02 13:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2010.02.22 09:09:10 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.12.26 14:09:00 | 000,012,112 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma) DRV:64bit: - [2009.10.22 20:07:00 | 000,469,144 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2009.10.22 20:07:00 | 000,119,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2009.10.22 20:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2009.10.22 20:07:00 | 000,083,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik) DRV:64bit: - [2009.10.22 20:07:00 | 000,077,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2009.07.31 04:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.24 19:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds) DRV:64bit: - [2009.07.14 23:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.30 00:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm) DRV:64bit: - [2009.06.20 03:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009.06.17 20:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2011.09.22 17:10:46 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1AF61748-63E3-42E9-A49F-0A0A1FF1655E} IE:64bit: - HKLM\..\SearchScopes\{1AF61748-63E3-42E9-A49F-0A0A1FF1655E}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {1AF61748-63E3-42E9-A49F-0A0A1FF1655E} IE - HKLM\..\SearchScopes\{1AF61748-63E3-42E9-A49F-0A0A1FF1655E}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA IE - HKCU\..\SearchScopes,DefaultScope = {1AF61748-63E3-42E9-A49F-0A0A1FF1655E} IE - HKCU\..\SearchScopes\{1AF61748-63E3-42E9-A49F-0A0A1FF1655E}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_deAT505 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.31 14:14:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.02.04 18:12:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.08 12:48:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 10:56:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.10.10 13:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger\AppData\Roaming\mozilla\Extensions [2013.02.01 15:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger\AppData\Roaming\mozilla\Firefox\Profiles\t6bqy3gy.default\extensions [2013.01.11 19:11:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Holger\AppData\Roaming\mozilla\Firefox\Profiles\t6bqy3gy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.12.12 18:31:02 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Holger\AppData\Roaming\mozilla\firefox\profiles\t6bqy3gy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.01 15:19:13 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Holger\AppData\Roaming\mozilla\firefox\profiles\t6bqy3gy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.08 12:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.08 11:43:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions [2013.02.08 11:43:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.10.31 14:14:16 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2013.02.01 19:21:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2009.10.22 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2012.10.31 14:14:09 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.02.01 20:33:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.01 20:33:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.01 20:33:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.01 20:33:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.01 20:33:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.01 20:33:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SRS Premium Sound 3D] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - Startup: C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Holger\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Holger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Holger\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Holger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA9DB483-6449-43DF-851C-8A91E3506AC8}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7622d0d4-5a84-11e2-98c7-b888e314a7c0}\Shell - "" = AutoRun O33 - MountPoints2\{7622d0d4-5a84-11e2-98c7-b888e314a7c0}\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\{7622d0d5-5a84-11e2-98c7-b888e314a7c0}\Shell - "" = AutoRun O33 - MountPoints2\{7622d0d5-5a84-11e2-98c7-b888e314a7c0}\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\{7ddb6162-61aa-11e2-8649-b888e314a7c0}\Shell - "" = AutoRun O33 - MountPoints2\{7ddb6162-61aa-11e2-8649-b888e314a7c0}\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.08 18:52:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Holger\Desktop\OTL.exe [2013.02.08 18:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.08 18:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.08 18:36:35 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.02.08 18:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.08 18:33:52 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Local\Programs [2013.02.04 18:12:58 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\Leadertech [2013.02.04 18:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2013.02.04 18:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.02.04 18:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2013.02.04 18:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2013.02.04 18:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2013.02.04 18:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2013.02.04 18:09:59 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\Logitech [2013.02.04 18:09:59 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\Logishrd [2013.02.04 17:15:43 | 000,469,144 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfehidk.sys [2013.02.04 17:15:43 | 000,119,968 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfeavfk.sys [2013.02.04 17:15:43 | 000,097,576 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfeapfk.sys [2013.02.04 17:15:43 | 000,083,784 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfetdik.sys [2013.02.04 17:15:43 | 000,077,104 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mferkdet.sys [2013.02.04 17:15:42 | 000,079,504 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\mfevtps.exe [2013.02.04 17:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.02.04 17:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee [2013.01.28 23:01:40 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Local\{12C80811-F52C-4EAF-8858-270570B999AB} [2013.01.19 10:56:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.19 10:44:05 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\Emu [2013.01.18 17:45:10 | 000,135,168 | ---- | C] (ZTE Corporation) -- C:\windows\SysNative\drivers\ZTEusbnet.sys [2013.01.18 17:45:10 | 000,121,344 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbser6k.sys [2013.01.18 17:45:10 | 000,121,344 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbnmea.sys [2013.01.18 17:45:10 | 000,121,344 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbmdm6k.sys [2013.01.18 17:45:10 | 000,011,776 | ---- | C] (MBB Incorporated) -- C:\windows\SysNative\drivers\massfilter.sys [2013.01.18 17:44:51 | 001,001,472 | ---- | C] (DiBcom SA) -- C:\windows\SysNative\drivers\mod7700.sys [2013.01.18 17:44:51 | 000,415,744 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ewusbwwan.sys [2013.01.18 17:44:51 | 000,222,464 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ewusbmdm.sys [2013.01.18 17:44:51 | 000,212,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_juwwanecm.sys [2013.01.18 17:44:51 | 000,098,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_jucdcacm.sys [2013.01.18 17:44:51 | 000,086,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_jubusenum.sys [2013.01.18 17:44:51 | 000,069,632 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_jucdcecm.sys [2013.01.18 17:44:51 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\SysNative\drivers\ewdcsc.sys [2013.01.18 17:44:51 | 000,028,672 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_juextctrl.sys [2013.01.18 17:44:51 | 000,022,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_hwupgrade.sys [2013.01.18 17:44:51 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_usbenumfilter.sys [2013.01.18 17:44:50 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_hwusbdev.sys [2013.01.18 17:44:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9CEF107B-86D1-4332-AE74-7FDEA6296A94} [2013.01.18 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A1 Dashboard [2013.01.18 17:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A1 [2013.01.16 22:04:57 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Local\PackageAware [2013.01.15 19:07:48 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\Tencent Art Pack 8.5 [2013.01.14 18:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UEFI WinFlash [2013.01.12 14:41:21 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Local\SCE [2013.01.12 14:41:21 | 000,000,000 | ---D | C] -- C:\Crash [2013.01.12 14:38:41 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx ========== Files - Modified Within 30 Days ========== [2013.02.08 19:01:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.02.08 18:52:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holger\Desktop\OTL.exe [2013.02.08 18:40:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.08 18:33:04 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.08 18:33:04 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.08 18:25:33 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.02.08 18:25:32 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.08 18:25:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.02.08 12:48:07 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.07 10:37:00 | 000,002,046 | ---- | M] () -- C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2013.02.06 11:58:47 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.02.06 09:06:33 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.02.06 09:06:33 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.02.06 09:06:33 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.02.06 09:06:33 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.02.06 09:06:33 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.01.18 17:44:31 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\A1 Dashboard.lnk [2013.01.12 13:28:56 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.01.09 22:26:25 | 004,969,776 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.01.18 17:44:31 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\A1 Dashboard.lnk [2013.01.04 19:42:09 | 000,000,132 | ---- | C] () -- C:\Users\Holger\AppData\Roaming\Adobe GIF Format CS5 Prefs [2013.01.02 17:16:17 | 000,003,584 | ---- | C] () -- C:\Users\Holger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.04 18:34:00 | 000,000,132 | ---- | C] () -- C:\Users\Holger\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.11.04 17:06:50 | 000,007,597 | ---- | C] () -- C:\Users\Holger\AppData\Local\Resmon.ResmonCfg [2012.05.10 14:14:32 | 000,755,572 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin [2012.05.10 14:14:32 | 000,559,972 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin [2012.05.10 14:07:18 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.05.10 13:25:28 | 013,026,304 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll [2012.02.03 06:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll [2011.12.20 04:21:20 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.30 18:51:44 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\Audacity [2012.10.25 21:44:52 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.10.10 16:38:55 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\DAEMON Tools Lite [2012.12.29 14:58:44 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\DVDVideoSoft [2012.10.10 15:03:17 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.17 21:23:12 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\EAC [2013.01.03 19:15:56 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\FreePDF [2012.10.19 21:42:02 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\GetRightToGo [2012.10.10 16:57:18 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\GHISLER [2013.02.04 18:12:58 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\Leadertech [2012.11.04 22:53:50 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\LolClient [2013.01.25 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\Mp3tag [2012.10.10 13:12:09 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\Toshiba [2012.10.10 13:21:33 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\TOSHIBA Online Product Information [2013.01.03 20:40:21 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\ts3overlay [2012.10.20 13:50:37 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\TuneUp Software [2013.01.09 23:37:18 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\Vocup [2012.10.10 16:33:08 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\WildTangent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.20 09:47:01 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.03.15 16:53:32 | 000,000,000 | -HSD | M] -- C:\Boot [2013.01.12 14:41:21 | 000,000,000 | ---D | M] -- C:\Crash [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.06.08 05:49:10 | 000,000,000 | ---D | M] -- C:\Intel [2012.10.13 10:34:50 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013.02.04 18:11:56 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.08 18:36:28 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.02.08 18:36:46 | 000,000,000 | -H-D | M] -- C:\ProgramData [2013.02.04 17:23:28 | 000,000,000 | ---D | M] -- C:\QUARANTINE [2012.11.04 21:36:01 | 000,000,000 | ---D | M] -- C:\Riot Games [2013.02.08 18:56:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.01.15 14:01:35 | 000,000,000 | ---D | M] -- C:\Temp [2012.10.09 22:09:41 | 000,000,000 | ---D | M] -- C:\Toshiba [2012.10.10 15:51:02 | 000,000,000 | R--D | M] -- C:\Users [2013.02.08 18:25:40 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT [2012.03.14 20:51:07 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job [2012.03.14 20:51:29 | 000,001,120 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.03.14 20:51:30 | 000,001,124 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.06.08 05:47:44 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2012.06.08 05:47:46 | 000,000,828 | ---- | C] () -- C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe < MD5 for: IASTOR.SYS > [2011.11.30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\windows\SysNative\drivers\iaStor.sys [2011.11.30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_9c981fcb416c038e\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] () Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.10.10 13:12:05 | 000,000,000 | ---- | M] () -- C:\Users\Holger\agent.log [2013.02.08 19:13:07 | 005,242,880 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT [2013.02.08 19:13:07 | 000,262,144 | -HS- | M] () -- C:\Users\Holger\ntuser.dat.LOG1 [2012.12.06 15:47:40 | 000,262,144 | -HS- | M] () -- C:\Users\Holger\ntuser.dat.LOG2 [2012.12.13 22:35:26 | 000,000,000 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT_tureg_new.LOG1 [2012.12.13 22:35:26 | 000,000,000 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT_tureg_new.LOG2 [2012.12.13 22:33:25 | 004,718,592 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT_tureg_old [2012.10.10 18:17:33 | 000,065,536 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.10.10 18:17:33 | 000,524,288 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.10.10 18:17:33 | 000,524,288 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.12.13 22:47:03 | 000,065,536 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT{c75ab832-456c-11e2-a2a0-806e6f6e6963}.TM.blf [2012.12.13 22:47:03 | 000,524,288 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT{c75ab832-456c-11e2-a2a0-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2012.12.13 22:47:03 | 000,524,288 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT{c75ab832-456c-11e2-a2a0-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2012.10.10 13:11:09 | 000,000,020 | -HS- | M] () -- C:\Users\Holger\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
|
08.02.2013, 19:25
| #5 |
| /// Malware-holic | Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglich hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.02.2013, 19:31
| #6 |
| | Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglichCode:
ATTFilter 19:28:08.0814 6380 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:28:08.0854 6380 ============================================================
19:28:08.0854 6380 Current date / time: 2013/02/08 19:28:08.0854
19:28:08.0854 6380 SystemInfo:
19:28:08.0854 6380
19:28:08.0854 6380 OS Version: 6.1.7601 ServicePack: 1.0
19:28:08.0854 6380 Product type: Workstation
19:28:08.0854 6380 ComputerName: ADMIN-TOSH
19:28:08.0854 6380 UserName: Holger
19:28:08.0854 6380 Windows directory: C:\windows
19:28:08.0854 6380 System windows directory: C:\windows
19:28:08.0854 6380 Running under WOW64
19:28:08.0854 6380 Processor architecture: Intel x64
19:28:08.0854 6380 Number of processors: 4
19:28:08.0854 6380 Page size: 0x1000
19:28:08.0854 6380 Boot type: Normal boot
19:28:08.0854 6380 ============================================================
19:28:13.0359 6380 !crdlk
19:28:13.0359 6380 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
19:28:13.0375 6380 ============================================================
19:28:13.0375 6380 \Device\Harddisk0\DR0:
19:28:13.0375 6380 MBR partitions:
19:28:13.0375 6380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1E122000
19:28:13.0390 6380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E411000, BlocksNum 0x36EE7800
19:28:13.0390 6380 ============================================================
19:28:13.0422 6380 C: <-> \Device\Harddisk0\DR0\Partition1
19:28:13.0468 6380 D: <-> \Device\Harddisk0\DR0\Partition2
19:28:13.0468 6380 ============================================================
19:28:13.0468 6380 Initialize success
19:28:13.0468 6380 ============================================================
19:28:47.0726 3680 ============================================================
19:28:47.0726 3680 Scan started
19:28:47.0726 3680 Mode: Manual; SigCheck; TDLFS;
19:28:47.0726 3680 ============================================================
19:28:48.0054 3680 ================ Scan system memory ========================
19:28:48.0054 3680 System memory - ok
19:28:48.0054 3680 ================ Scan services =============================
19:28:48.0256 3680 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:28:48.0428 3680 1394ohci - ok
19:28:48.0475 3680 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:28:48.0490 3680 ACPI - ok
19:28:48.0522 3680 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:28:48.0615 3680 AcpiPmi - ok
19:28:48.0693 3680 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:28:48.0724 3680 AdobeARMservice - ok
19:28:48.0802 3680 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:28:48.0834 3680 AdobeFlashPlayerUpdateSvc - ok
19:28:48.0880 3680 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
19:28:48.0912 3680 adp94xx - ok
19:28:48.0958 3680 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
19:28:48.0974 3680 adpahci - ok
19:28:48.0990 3680 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
19:28:49.0005 3680 adpu320 - ok
19:28:49.0052 3680 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:28:49.0130 3680 AeLookupSvc - ok
19:28:49.0192 3680 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
19:28:49.0255 3680 AFD - ok
19:28:49.0333 3680 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
19:28:49.0364 3680 agp440 - ok
19:28:49.0395 3680 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:28:49.0426 3680 ALG - ok
19:28:49.0458 3680 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
19:28:49.0473 3680 aliide - ok
19:28:49.0504 3680 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
19:28:49.0520 3680 amdide - ok
19:28:49.0536 3680 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
19:28:49.0567 3680 AmdK8 - ok
19:28:49.0582 3680 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
19:28:49.0614 3680 AmdPPM - ok
19:28:49.0645 3680 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:28:49.0660 3680 amdsata - ok
19:28:49.0692 3680 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
19:28:49.0707 3680 amdsbs - ok
19:28:49.0738 3680 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:28:49.0754 3680 amdxata - ok
19:28:49.0770 3680 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
19:28:49.0832 3680 AppID - ok
19:28:49.0879 3680 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:28:49.0957 3680 AppIDSvc - ok
19:28:50.0004 3680 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
19:28:50.0050 3680 Appinfo - ok
19:28:50.0082 3680 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
19:28:50.0102 3680 arc - ok
19:28:50.0132 3680 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
19:28:50.0142 3680 arcsas - ok
19:28:50.0172 3680 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:28:50.0212 3680 AsyncMac - ok
19:28:50.0252 3680 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
19:28:50.0262 3680 atapi - ok
19:28:50.0302 3680 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:28:50.0352 3680 AudioEndpointBuilder - ok
19:28:50.0402 3680 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:28:50.0452 3680 AudioSrv - ok
19:28:50.0482 3680 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
19:28:50.0562 3680 AxInstSV - ok
19:28:50.0612 3680 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
19:28:50.0652 3680 b06bdrv - ok
19:28:50.0682 3680 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:28:50.0702 3680 b57nd60a - ok
19:28:50.0792 3680 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:28:50.0832 3680 BDESVC - ok
19:28:50.0872 3680 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:28:50.0942 3680 Beep - ok
19:28:50.0992 3680 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
19:28:51.0062 3680 BFE - ok
19:28:51.0132 3680 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
19:28:51.0192 3680 BITS - ok
19:28:51.0252 3680 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:28:51.0302 3680 blbdrive - ok
19:28:51.0352 3680 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:28:51.0412 3680 bowser - ok
19:28:51.0472 3680 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
19:28:51.0522 3680 BrFiltLo - ok
19:28:51.0562 3680 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
19:28:51.0612 3680 BrFiltUp - ok
19:28:51.0662 3680 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
19:28:51.0702 3680 Browser - ok
19:28:51.0752 3680 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:28:51.0792 3680 Brserid - ok
19:28:51.0832 3680 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:28:51.0872 3680 BrSerWdm - ok
19:28:51.0892 3680 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:28:51.0922 3680 BrUsbMdm - ok
19:28:51.0942 3680 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:28:51.0972 3680 BrUsbSer - ok
19:28:52.0022 3680 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
19:28:52.0062 3680 BTHMODEM - ok
19:28:52.0132 3680 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:28:52.0202 3680 bthserv - ok
19:28:52.0242 3680 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:28:52.0293 3680 cdfs - ok
19:28:52.0340 3680 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:28:52.0386 3680 cdrom - ok
19:28:52.0449 3680 [ A965B206921C55F2D1481789D609B711 ] CeKbFilter C:\windows\system32\DRIVERS\CeKbFilter.sys
19:28:52.0480 3680 CeKbFilter - ok
19:28:52.0527 3680 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
19:28:52.0574 3680 CertPropSvc - ok
19:28:52.0620 3680 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
19:28:52.0667 3680 circlass - ok
19:28:52.0714 3680 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:28:52.0745 3680 CLFS - ok
19:28:52.0839 3680 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:28:52.0886 3680 clr_optimization_v2.0.50727_32 - ok
19:28:52.0977 3680 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:28:53.0017 3680 clr_optimization_v2.0.50727_64 - ok
19:28:53.0077 3680 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:28:53.0137 3680 clr_optimization_v4.0.30319_32 - ok
19:28:53.0197 3680 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:28:53.0257 3680 clr_optimization_v4.0.30319_64 - ok
19:28:53.0307 3680 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:28:53.0347 3680 CmBatt - ok
19:28:53.0387 3680 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
19:28:53.0417 3680 cmdide - ok
19:28:53.0467 3680 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
19:28:53.0507 3680 CNG - ok
19:28:53.0537 3680 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
19:28:53.0557 3680 Compbatt - ok
19:28:53.0597 3680 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
19:28:53.0647 3680 CompositeBus - ok
19:28:53.0697 3680 COMSysApp - ok
19:28:53.0757 3680 [ 723E3512D6D1FF75E5398981B38FCEF7 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
19:28:53.0777 3680 cphs - ok
19:28:53.0837 3680 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
19:28:53.0847 3680 crcdisk - ok
19:28:53.0937 3680 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
19:28:53.0977 3680 CryptSvc - ok
19:28:54.0077 3680 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
19:28:54.0157 3680 DcomLaunch - ok
19:28:54.0237 3680 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:28:54.0317 3680 defragsvc - ok
19:28:54.0357 3680 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:28:54.0407 3680 DfsC - ok
19:28:54.0467 3680 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
19:28:54.0507 3680 Dhcp - ok
19:28:54.0577 3680 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:28:54.0647 3680 discache - ok
19:28:54.0717 3680 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
19:28:54.0747 3680 Disk - ok
19:28:54.0817 3680 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:28:54.0877 3680 Dnscache - ok
19:28:54.0947 3680 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
19:28:55.0017 3680 dot3svc - ok
19:28:55.0067 3680 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
19:28:55.0147 3680 DPS - ok
19:28:55.0217 3680 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:28:55.0267 3680 drmkaud - ok
19:28:55.0327 3680 [ ED5B31FFC64B9305DDB468701E4019A0 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:28:55.0367 3680 DXGKrnl - ok
19:28:55.0427 3680 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:28:55.0497 3680 EapHost - ok
19:28:55.0627 3680 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
19:28:55.0697 3680 ebdrv - ok
19:28:55.0747 3680 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
19:28:55.0807 3680 EFS - ok
19:28:55.0907 3680 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:28:56.0007 3680 ehRecvr - ok
19:28:56.0067 3680 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
19:28:56.0127 3680 ehSched - ok
19:28:56.0187 3680 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
19:28:56.0217 3680 elxstor - ok
19:28:56.0277 3680 [ 1A9756AD1F541DABF246F44CB8915402 ] enecir C:\windows\system32\DRIVERS\enecir.sys
19:28:56.0307 3680 enecir - ok
19:28:56.0357 3680 [ 713F10B69E91DDCD8403B873A9E22DC1 ] enecirhid C:\windows\system32\DRIVERS\enecirhid.sys
19:28:56.0417 3680 enecirhid - ok
19:28:56.0447 3680 [ 0C1A7AFBF686655FB286406295A1C499 ] enecirhidma C:\windows\system32\DRIVERS\enecirhidma.sys
19:28:56.0497 3680 enecirhidma - ok
19:28:56.0537 3680 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
19:28:56.0577 3680 ErrDev - ok
19:28:56.0727 3680 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:28:56.0807 3680 EventSystem - ok
19:28:56.0947 3680 [ 64D25284A4E9D11CA0722AF3F30FD970 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:28:57.0017 3680 EvtEng - ok
19:28:57.0217 3680 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:28:57.0277 3680 exfat - ok
19:28:57.0357 3680 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:28:57.0437 3680 fastfat - ok
19:28:57.0507 3680 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
19:28:57.0557 3680 Fax - ok
19:28:57.0647 3680 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
19:28:57.0697 3680 fdc - ok
19:28:57.0747 3680 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:28:57.0817 3680 fdPHost - ok
19:28:57.0897 3680 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:28:57.0947 3680 FDResPub - ok
19:28:57.0997 3680 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:28:58.0027 3680 FileInfo - ok
19:28:58.0077 3680 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:28:58.0147 3680 Filetrace - ok
19:28:58.0257 3680 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:28:58.0337 3680 FLEXnet Licensing Service - ok
19:28:58.0417 3680 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
19:28:58.0447 3680 flpydisk - ok
19:28:58.0507 3680 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:28:58.0527 3680 FltMgr - ok
19:28:58.0627 3680 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
19:28:58.0687 3680 FontCache - ok
19:28:58.0787 3680 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:28:58.0857 3680 FontCache3.0.0.0 - ok
19:28:58.0927 3680 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:28:58.0947 3680 FsDepends - ok
19:28:59.0007 3680 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:28:59.0037 3680 Fs_Rec - ok
19:28:59.0097 3680 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:28:59.0127 3680 fvevol - ok
19:28:59.0177 3680 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
19:28:59.0197 3680 gagp30kx - ok
19:28:59.0297 3680 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:28:59.0337 3680 GamesAppService - ok
19:28:59.0427 3680 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
19:28:59.0477 3680 gpsvc - ok
19:28:59.0587 3680 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:28:59.0617 3680 gupdate - ok
19:28:59.0687 3680 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:28:59.0707 3680 gupdatem - ok
19:28:59.0777 3680 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\windows\system32\DRIVERS\hamachi.sys
19:28:59.0797 3680 hamachi - ok
19:28:59.0867 3680 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:28:59.0907 3680 hcw85cir - ok
19:28:59.0987 3680 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:29:00.0037 3680 HdAudAddService - ok
19:29:00.0097 3680 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
19:29:00.0137 3680 HDAudBus - ok
19:29:00.0237 3680 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
19:29:00.0277 3680 HidBatt - ok
19:29:00.0327 3680 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
19:29:00.0367 3680 HidBth - ok
19:29:00.0427 3680 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
19:29:00.0447 3680 HidIr - ok
19:29:00.0527 3680 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
19:29:00.0607 3680 hidserv - ok
19:29:00.0717 3680 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:29:00.0757 3680 HidUsb - ok
19:29:00.0827 3680 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
19:29:00.0887 3680 hkmsvc - ok
19:29:00.0997 3680 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:29:01.0057 3680 HomeGroupListener - ok
19:29:01.0167 3680 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:29:01.0217 3680 HomeGroupProvider - ok
19:29:01.0317 3680 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:29:01.0347 3680 HpSAMD - ok
19:29:01.0427 3680 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:29:01.0477 3680 HTTP - ok
19:29:01.0567 3680 [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys
19:29:01.0647 3680 huawei_enumerator - ok
19:29:01.0797 3680 [ 4B80AF36EE9F31361C1DCB2EE563719A ] hwdatacard C:\windows\system32\DRIVERS\ewusbmdm.sys
19:29:01.0857 3680 hwdatacard - ok
19:29:01.0927 3680 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:29:01.0977 3680 hwpolicy - ok
19:29:02.0127 3680 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
19:29:02.0167 3680 i8042prt - ok
19:29:02.0337 3680 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:29:02.0377 3680 iaStor - ok
19:29:02.0447 3680 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:29:02.0477 3680 iaStorV - ok
19:29:02.0587 3680 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:29:02.0657 3680 idsvc - ok
19:29:02.0967 3680 [ 9AA61DC7AA32C1D1260C4267FF07E0C1 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
19:29:03.0367 3680 igfx - ok
19:29:03.0497 3680 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
19:29:03.0527 3680 iirsp - ok
19:29:03.0637 3680 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
19:29:03.0707 3680 IKEEXT - ok
19:29:03.0857 3680 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
19:29:03.0897 3680 intaud_WaveExtensible - ok
19:29:04.0047 3680 [ F242E36CDA231701CFA702641C20FAEC ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:29:04.0187 3680 IntcAzAudAddService - ok
19:29:04.0297 3680 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
19:29:04.0367 3680 IntcDAud - ok
19:29:04.0497 3680 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:29:04.0567 3680 Intel(R) Capability Licensing Service Interface - ok
19:29:04.0687 3680 [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
19:29:04.0757 3680 Intel(R) ME Service - ok
19:29:04.0857 3680 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
19:29:04.0897 3680 intelide - ok
19:29:04.0977 3680 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:29:05.0017 3680 intelppm - ok
19:29:05.0127 3680 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:29:05.0207 3680 IPBusEnum - ok
19:29:05.0287 3680 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:29:05.0347 3680 IpFilterDriver - ok
19:29:05.0437 3680 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:29:05.0517 3680 iphlpsvc - ok
19:29:05.0607 3680 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:29:05.0657 3680 IPMIDRV - ok
19:29:05.0717 3680 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:29:05.0787 3680 IPNAT - ok
19:29:05.0887 3680 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:29:05.0917 3680 IRENUM - ok
19:29:05.0987 3680 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:29:06.0007 3680 isapnp - ok
19:29:06.0097 3680 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:29:06.0127 3680 iScsiPrt - ok
19:29:06.0207 3680 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\windows\system32\DRIVERS\iusb3hcs.sys
19:29:06.0237 3680 iusb3hcs - ok
19:29:06.0327 3680 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\windows\system32\DRIVERS\iusb3hub.sys
19:29:06.0397 3680 iusb3hub - ok
19:29:06.0477 3680 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\windows\system32\DRIVERS\iusb3xhc.sys
19:29:06.0507 3680 iusb3xhc - ok
19:29:06.0607 3680 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\windows\system32\DRIVERS\iwdbus.sys
19:29:06.0637 3680 iwdbus - ok
19:29:06.0727 3680 [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:29:06.0797 3680 jhi_service - ok
19:29:06.0897 3680 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:29:06.0917 3680 kbdclass - ok
19:29:07.0007 3680 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
19:29:07.0057 3680 kbdhid - ok
19:29:07.0137 3680 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
19:29:07.0167 3680 KeyIso - ok
19:29:07.0257 3680 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:29:07.0277 3680 KSecDD - ok
19:29:07.0357 3680 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:29:07.0387 3680 KSecPkg - ok
19:29:07.0477 3680 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:29:07.0537 3680 ksthunk - ok
19:29:07.0647 3680 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:29:07.0707 3680 KtmRm - ok
19:29:07.0817 3680 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
19:29:07.0877 3680 LanmanServer - ok
19:29:07.0967 3680 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:29:08.0007 3680 LanmanWorkstation - ok
19:29:08.0147 3680 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:29:08.0197 3680 lltdio - ok
19:29:08.0307 3680 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:29:08.0387 3680 lltdsvc - ok
19:29:08.0527 3680 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:29:08.0597 3680 lmhosts - ok
19:29:08.0687 3680 [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:29:08.0757 3680 LMS - ok
19:29:08.0867 3680 [ A5080FF109574E41ABF38BBD73EA2405 ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
19:29:08.0897 3680 LPCFilter - ok
19:29:08.0997 3680 [ 5DCD36FC4A6ECBF6E7F9B3BF7E0D0F55 ] LPDSVC C:\windows\system32\lpdsvc.dll
19:29:09.0037 3680 LPDSVC - ok
19:29:09.0217 3680 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
19:29:09.0237 3680 LSI_FC - ok
19:29:09.0307 3680 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
19:29:09.0337 3680 LSI_SAS - ok
19:29:09.0407 3680 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
19:29:09.0427 3680 LSI_SAS2 - ok
19:29:09.0497 3680 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
19:29:09.0517 3680 LSI_SCSI - ok
19:29:09.0637 3680 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:29:09.0687 3680 luafv - ok
19:29:09.0827 3680 [ 830708A5CC0A19196C1DC205BED5A3A8 ] massfilter C:\windows\system32\drivers\massfilter.sys
19:29:09.0857 3680 massfilter - ok
19:29:10.0007 3680 [ 639DA8F468552785E15F0F2FD8DB44B3 ] McAfeeEngineService C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
19:29:10.0057 3680 McAfeeEngineService - ok
19:29:10.0197 3680 [ 1B963D79740B187795407CD03E2F7B4D ] McAfeeFramework C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
19:29:10.0267 3680 McAfeeFramework - ok
19:29:10.0387 3680 [ 4E09D8C4C861348A7F1C12A5AA9C4DE7 ] McShield C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
19:29:10.0457 3680 McShield - ok
19:29:10.0577 3680 [ 3774AAD155F31D58D932861D0A4FD641 ] McTaskManager C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
19:29:10.0647 3680 McTaskManager - ok
19:29:10.0757 3680 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:29:10.0787 3680 Mcx2Svc - ok
19:29:10.0867 3680 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
19:29:10.0887 3680 megasas - ok
19:29:11.0007 3680 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
19:29:11.0027 3680 MegaSR - ok
19:29:11.0157 3680 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
19:29:11.0177 3680 MEIx64 - ok
19:29:11.0287 3680 [ E2D642A38A8DC4722F859092F731B6A3 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
19:29:11.0317 3680 mfeapfk - ok
19:29:11.0397 3680 [ AE23ED41216E160F54E5EF1A5EE325F7 ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
19:29:11.0417 3680 mfeavfk - ok
19:29:11.0647 3680 [ BC76BC7129B2206098AC220B656F15B7 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
19:29:11.0657 3680 mfehidk - ok
19:29:11.0737 3680 [ C7C15D125AA697BE97087D197C9FAD08 ] mferkdet C:\windows\system32\drivers\mferkdet.sys
19:29:11.0767 3680 mferkdet - ok
19:29:11.0877 3680 [ 41CA4C4292004486D004D357B9C19718 ] mfetdik C:\windows\system32\drivers\mfetdik.sys
19:29:11.0907 3680 mfetdik - ok
19:29:11.0987 3680 [ C39855495E82EC6B02E6190C34A1B752 ] mfevtp C:\windows\system32\mfevtps.exe
19:29:12.0007 3680 mfevtp - ok
19:29:12.0127 3680 Microsoft SharePoint Workspace Audit Service - ok
19:29:12.0267 3680 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:29:12.0347 3680 MMCSS - ok
19:29:12.0427 3680 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:29:12.0487 3680 Modem - ok
19:29:12.0627 3680 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:29:12.0687 3680 monitor - ok
19:29:12.0787 3680 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:29:12.0817 3680 mouclass - ok
19:29:12.0907 3680 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:29:12.0947 3680 mouhid - ok
19:29:13.0077 3680 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:29:13.0117 3680 mountmgr - ok
19:29:13.0217 3680 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:29:13.0237 3680 MozillaMaintenance - ok
19:29:13.0357 3680 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
19:29:13.0387 3680 mpio - ok
19:29:13.0477 3680 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:29:13.0537 3680 mpsdrv - ok
19:29:13.0667 3680 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
19:29:13.0747 3680 MpsSvc - ok
19:29:13.0887 3680 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:29:13.0957 3680 MRxDAV - ok
19:29:14.0087 3680 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:29:14.0167 3680 mrxsmb - ok
19:29:14.0277 3680 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:29:14.0317 3680 mrxsmb10 - ok
19:29:14.0397 3680 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:29:14.0437 3680 mrxsmb20 - ok
19:29:14.0557 3680 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
19:29:14.0577 3680 msahci - ok
19:29:14.0677 3680 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:29:14.0707 3680 msdsm - ok
19:29:14.0827 3680 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:29:14.0857 3680 MSDTC - ok
19:29:15.0087 3680 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:29:15.0137 3680 Msfs - ok
19:29:15.0247 3680 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:29:15.0317 3680 mshidkmdf - ok
19:29:15.0447 3680 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:29:15.0467 3680 msisadrv - ok
19:29:15.0587 3680 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:29:15.0647 3680 MSiSCSI - ok
19:29:15.0747 3680 msiserver - ok
19:29:15.0847 3680 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:29:15.0907 3680 MSKSSRV - ok
19:29:15.0997 3680 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:29:16.0037 3680 MSPCLOCK - ok
19:29:16.0147 3680 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:29:16.0207 3680 MSPQM - ok
19:29:16.0317 3680 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:29:16.0357 3680 MsRPC - ok
19:29:16.0547 3680 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
19:29:16.0577 3680 mssmbios - ok
19:29:16.0677 3680 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:29:16.0747 3680 MSTEE - ok
19:29:16.0857 3680 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
19:29:16.0917 3680 MTConfig - ok
19:29:17.0037 3680 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:29:17.0067 3680 Mup - ok
19:29:17.0187 3680 [ E3B58E3011B207C5289D11173B30E298 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:29:17.0257 3680 MyWiFiDHCPDNS - ok
19:29:17.0377 3680 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
19:29:17.0437 3680 napagent - ok
19:29:17.0577 3680 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:29:17.0647 3680 NativeWifiP - ok
19:29:17.0807 3680 [ DFE14D63F0F649EE94A9E3442B7C8F2C ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
19:29:17.0887 3680 NAUpdate - ok
19:29:18.0027 3680 [ DACA803A8D732FE5EEAA024EC342F81D ] NBVol C:\windows\system32\DRIVERS\NBVol.sys
19:29:18.0047 3680 NBVol - ok
19:29:18.0157 3680 [ 6208F622E9E35860DFB0753DFF56F0C0 ] NBVolUp C:\windows\system32\DRIVERS\NBVolUp.sys
19:29:18.0177 3680 NBVolUp - ok
19:29:18.0297 3680 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
19:29:18.0327 3680 NDIS - ok
19:29:18.0427 3680 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:29:18.0487 3680 NdisCap - ok
19:29:18.0667 3680 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:29:18.0707 3680 NdisTapi - ok
19:29:18.0787 3680 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:29:18.0827 3680 Ndisuio - ok
19:29:18.0927 3680 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:29:18.0977 3680 NdisWan - ok
19:29:19.0087 3680 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:29:19.0137 3680 NDProxy - ok
19:29:19.0257 3680 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:29:19.0277 3680 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:29:19.0277 3680 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:29:19.0437 3680 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:29:19.0477 3680 NetBIOS - ok
19:29:19.0607 3680 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:29:19.0637 3680 NetBT - ok
19:29:19.0737 3680 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
19:29:19.0757 3680 Netlogon - ok
19:29:19.0877 3680 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:29:19.0957 3680 Netman - ok
19:29:20.0097 3680 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:29:20.0157 3680 netprofm - ok
19:29:20.0257 3680 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:29:20.0287 3680 NetTcpPortSharing - ok
19:29:20.0607 3680 [ 47DC062656EA661FE9175DBACAD00E9D ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
19:29:20.0867 3680 NETwNs64 - ok
19:29:20.0997 3680 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
19:29:21.0027 3680 nfrd960 - ok
19:29:21.0147 3680 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
19:29:21.0187 3680 NlaSvc - ok
19:29:21.0317 3680 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:29:21.0367 3680 Npfs - ok
19:29:21.0477 3680 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:29:21.0537 3680 nsi - ok
19:29:21.0647 3680 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:29:21.0697 3680 nsiproxy - ok
19:29:21.0967 3680 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:29:22.0017 3680 Ntfs - ok
19:29:22.0157 3680 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:29:22.0217 3680 Null - ok
19:29:22.0547 3680 [ 12E18E5F438AAD55DAF77E127C0EA25B ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
19:29:22.0877 3680 nvlddmkm - ok
19:29:22.0997 3680 [ 186290C63FEB79C199A620E36705F9EE ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
19:29:23.0027 3680 nvpciflt - ok
19:29:23.0147 3680 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
19:29:23.0167 3680 nvraid - ok
19:29:23.0257 3680 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
19:29:23.0277 3680 nvstor - ok
19:29:23.0407 3680 [ 33A2052D60D4EA6599CEE1D6853D0A42 ] nvsvc C:\windows\system32\nvvsvc.exe
19:29:23.0437 3680 nvsvc - ok
19:29:23.0627 3680 [ FD6F5B42DB429FD1AE1A4483DB4DD2E0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:29:23.0677 3680 nvUpdatusService - ok
19:29:23.0787 3680 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:29:23.0807 3680 nv_agp - ok
19:29:23.0917 3680 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:29:23.0947 3680 ohci1394 - ok
19:29:24.0087 3680 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:29:24.0157 3680 ose - ok
19:29:24.0397 3680 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:29:24.0557 3680 osppsvc - ok
19:29:24.0817 3680 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:29:24.0857 3680 p2pimsvc - ok
19:29:24.0967 3680 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:29:25.0007 3680 p2psvc - ok
19:29:25.0137 3680 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
19:29:25.0177 3680 Parport - ok
19:29:25.0307 3680 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
19:29:25.0337 3680 partmgr - ok
19:29:25.0487 3680 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:29:25.0537 3680 PcaSvc - ok
19:29:25.0657 3680 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
19:29:25.0687 3680 pci - ok
19:29:25.0807 3680 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
19:29:25.0837 3680 pciide - ok
19:29:25.0947 3680 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
19:29:25.0977 3680 pcmcia - ok
19:29:26.0077 3680 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:29:26.0107 3680 pcw - ok
19:29:26.0227 3680 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:29:26.0297 3680 PEAUTH - ok
19:29:26.0577 3680 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:29:26.0627 3680 PerfHost - ok
19:29:27.0057 3680 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
19:29:27.0087 3680 PGEffect - ok
19:29:27.0237 3680 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
19:29:27.0287 3680 pla - ok
19:29:27.0417 3680 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:29:27.0477 3680 PlugPlay - ok
19:29:27.0627 3680 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:29:27.0647 3680 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:29:27.0647 3680 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:29:27.0787 3680 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:29:27.0837 3680 PNRPAutoReg - ok
19:29:27.0987 3680 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:29:28.0027 3680 PNRPsvc - ok
19:29:28.0157 3680 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:29:28.0217 3680 PolicyAgent - ok
19:29:28.0477 3680 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
19:29:28.0537 3680 Power - ok
19:29:28.0657 3680 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:29:28.0727 3680 PptpMiniport - ok
19:29:28.0867 3680 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
19:29:28.0907 3680 Processor - ok
19:29:29.0037 3680 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
19:29:29.0097 3680 ProfSvc - ok
19:29:29.0237 3680 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:29:29.0257 3680 ProtectedStorage - ok
19:29:29.0367 3680 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:29:29.0427 3680 Psched - ok
19:29:29.0567 3680 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
19:29:29.0607 3680 ql2300 - ok
19:29:29.0727 3680 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
19:29:29.0757 3680 ql40xx - ok
19:29:29.0917 3680 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:29:29.0937 3680 QWAVE - ok
19:29:30.0057 3680 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:29:30.0097 3680 QWAVEdrv - ok
19:29:30.0237 3680 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:29:30.0287 3680 RasAcd - ok
19:29:30.0407 3680 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:29:30.0467 3680 RasAgileVpn - ok
19:29:30.0607 3680 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:29:30.0677 3680 RasAuto - ok
19:29:30.0807 3680 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:29:30.0887 3680 Rasl2tp - ok
19:29:31.0047 3680 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
19:29:31.0107 3680 RasMan - ok
19:29:31.0257 3680 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:29:31.0307 3680 RasPppoe - ok
19:29:31.0417 3680 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:29:31.0457 3680 RasSstp - ok
19:29:31.0597 3680 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:29:31.0667 3680 rdbss - ok
19:29:31.0797 3680 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
19:29:31.0837 3680 rdpbus - ok
19:29:31.0967 3680 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:29:32.0027 3680 RDPCDD - ok
19:29:32.0257 3680 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:29:32.0327 3680 RDPENCDD - ok
19:29:32.0547 3680 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:29:32.0617 3680 RDPREFMP - ok
19:29:32.0757 3680 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:29:32.0817 3680 RDPWD - ok
19:29:32.0977 3680 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:29:33.0047 3680 rdyboost - ok
19:29:33.0227 3680 [ F3AF2B43F35DBB3A0EB9FEEEC7D62217 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:29:33.0297 3680 RegSrvc - ok
19:29:33.0477 3680 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:29:33.0537 3680 RemoteAccess - ok
19:29:33.0707 3680 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:29:33.0787 3680 RemoteRegistry - ok
19:29:33.0947 3680 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:29:34.0007 3680 RpcEptMapper - ok
19:29:34.0157 3680 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:29:34.0177 3680 RpcLocator - ok
19:29:34.0357 3680 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
19:29:34.0417 3680 RpcSs - ok
19:29:34.0557 3680 [ F1E5986C527151D694D892A0B2F25C6D ] RSP2STOR C:\windows\system32\DRIVERS\RtsP2Stor.sys
19:29:34.0587 3680 RSP2STOR - ok
19:29:34.0737 3680 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:29:34.0817 3680 rspndr - ok
19:29:34.0977 3680 [ 8181B5E7BFC040E0B26349C73E719335 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
19:29:35.0017 3680 RTL8167 - ok
19:29:35.0147 3680 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
19:29:35.0177 3680 SamSs - ok
19:29:35.0317 3680 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:29:35.0347 3680 sbp2port - ok
19:29:35.0507 3680 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:29:35.0587 3680 SCardSvr - ok
19:29:35.0747 3680 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:29:35.0807 3680 scfilter - ok
19:29:35.0977 3680 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
19:29:36.0047 3680 Schedule - ok
19:29:36.0207 3680 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
19:29:36.0287 3680 SCPolicySvc - ok
19:29:36.0427 3680 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:29:36.0497 3680 SDRSVC - ok
19:29:36.0657 3680 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:29:36.0707 3680 secdrv - ok
19:29:36.0857 3680 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
19:29:36.0907 3680 seclogon - ok
19:29:37.0057 3680 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
19:29:37.0107 3680 SENS - ok
19:29:37.0247 3680 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:29:37.0277 3680 SensrSvc - ok
19:29:37.0427 3680 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
19:29:37.0477 3680 Serenum - ok
19:29:37.0627 3680 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
19:29:37.0657 3680 Serial - ok
19:29:37.0797 3680 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
19:29:37.0837 3680 sermouse - ok
19:29:38.0357 3680 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
19:29:38.0437 3680 SessionEnv - ok
19:29:38.0607 3680 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:29:38.0647 3680 sffdisk - ok
19:29:38.0767 3680 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:29:38.0817 3680 sffp_mmc - ok
19:29:38.0977 3680 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:29:39.0007 3680 sffp_sd - ok
19:29:39.0147 3680 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
19:29:39.0177 3680 sfloppy - ok
19:29:39.0337 3680 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:29:39.0387 3680 SharedAccess - ok
19:29:39.0587 3680 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:29:39.0647 3680 ShellHWDetection - ok
19:29:39.0887 3680 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
19:29:39.0907 3680 SiSRaid2 - ok
19:29:40.0007 3680 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
19:29:40.0037 3680 SiSRaid4 - ok
19:29:40.0167 3680 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:29:44.0417 3680 SkypeUpdate - ok
19:29:44.0617 3680 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:29:44.0677 3680 Smb - ok
19:29:44.0837 3680 [ 20C99358D42DB9585A21BF3BC27FC9BC ] SmbDrv C:\windows\system32\DRIVERS\Smb_driver.sys
19:29:44.0857 3680 SmbDrv - ok
19:29:45.0387 3680 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:29:45.0427 3680 SNMPTRAP - ok
19:29:45.0577 3680 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:29:45.0597 3680 spldr - ok
19:29:45.0777 3680 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
19:29:45.0837 3680 Spooler - ok
19:29:46.0077 3680 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
19:29:46.0147 3680 sppsvc - ok
19:29:46.0317 3680 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:29:46.0377 3680 sppuinotify - ok
19:29:46.0527 3680 [ 602884696850C86434530790B110E8EB ] sptd C:\windows\system32\Drivers\sptd.sys
19:29:46.0527 3680 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
19:29:46.0697 3680 sptd ( LockedFile.Multi.Generic ) - warning
19:29:46.0697 3680 sptd - detected LockedFile.Multi.Generic (1)
19:29:46.0837 3680 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
19:29:46.0877 3680 srv - ok
19:29:47.0047 3680 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:29:47.0077 3680 srv2 - ok
19:29:47.0227 3680 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:29:47.0277 3680 srvnet - ok
19:29:47.0437 3680 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:29:47.0507 3680 SSDPSRV - ok
19:29:47.0677 3680 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:29:47.0727 3680 SstpSvc - ok
19:29:47.0867 3680 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
19:29:47.0897 3680 stexstor - ok
19:29:48.0057 3680 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
19:29:48.0087 3680 stisvc - ok
19:29:48.0217 3680 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
19:29:48.0227 3680 swenum - ok
19:29:48.0427 3680 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:29:48.0457 3680 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
19:29:48.0457 3680 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
19:29:48.0667 3680 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:29:48.0727 3680 swprv - ok
19:29:48.0937 3680 [ 7C7E05EEA6407130B3896A7A01390B6F ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
19:29:48.0967 3680 SynTP - ok
19:29:49.0147 3680 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
19:29:49.0227 3680 SysMain - ok
19:29:49.0397 3680 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:29:49.0437 3680 TabletInputService - ok
19:29:49.0587 3680 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
19:29:49.0657 3680 TapiSrv - ok
19:29:49.0817 3680 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:29:49.0877 3680 TBS - ok
19:29:50.0067 3680 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:29:50.0127 3680 Tcpip - ok
19:29:50.0307 3680 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:29:50.0357 3680 TCPIP6 - ok
19:29:50.0647 3680 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:29:50.0707 3680 tcpipreg - ok
19:29:50.0977 3680 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
19:29:50.0997 3680 tdcmdpst - ok
19:29:51.0167 3680 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:29:51.0197 3680 TDPIPE - ok
19:29:51.0367 3680 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:29:51.0397 3680 TDTCP - ok
19:29:51.0557 3680 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:29:51.0627 3680 tdx - ok
19:29:51.0807 3680 [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
19:29:51.0877 3680 TemproMonitoringService - ok
19:29:52.0037 3680 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
19:29:52.0057 3680 TermDD - ok
19:29:52.0247 3680 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
19:29:52.0297 3680 TermService - ok
19:29:52.0477 3680 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:29:52.0537 3680 Themes - ok
19:29:52.0707 3680 [ 7F35CA8296A52C7161088EB1D952E8ED ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
19:29:52.0747 3680 Thpdrv - ok
19:29:52.0887 3680 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
19:29:52.0917 3680 Thpevm - ok
19:29:53.0077 3680 [ 0B4734AE9EC70B843DF02E7B1C056377 ] Thpsrv C:\windows\system32\ThpSrv.exe
19:29:53.0107 3680 Thpsrv ( UnsignedFile.Multi.Generic ) - warning
19:29:53.0107 3680 Thpsrv - detected UnsignedFile.Multi.Generic (1)
19:29:53.0287 3680 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:29:53.0327 3680 THREADORDER - ok
19:29:53.0557 3680 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:29:53.0617 3680 TMachInfo - ok
19:29:53.0787 3680 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
19:29:53.0807 3680 TODDSrv - ok
19:29:54.0007 3680 [ A7EFE68D424A55FA84CCB6099D1D93C0 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:29:54.0067 3680 TosCoSrv ( UnsignedFile.Multi.Generic ) - warning
19:29:54.0067 3680 TosCoSrv - detected UnsignedFile.Multi.Generic (1)
19:29:54.0377 3680 [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
19:29:54.0447 3680 TOSHIBA Bluetooth Service - ok
19:29:54.0647 3680 [ 97B57ED45C001E2AB3ABA68F7BA8555A ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:29:54.0717 3680 TOSHIBA eco Utility Service - ok
19:29:54.0907 3680 [ 9338C2DEB14CA2804BCB3276CB7EB4FD ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:29:54.0977 3680 TOSHIBA HDD SSD Alert Service - ok
19:29:55.0167 3680 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\windows\system32\DRIVERS\tosporte.sys
19:29:55.0187 3680 tosporte - ok
19:29:55.0357 3680 [ B9FA0498F6CC596FFA5CF47A04CD1785 ] tosrfbd C:\windows\system32\DRIVERS\tosrfbd.sys
19:29:55.0387 3680 tosrfbd - ok
19:29:55.0537 3680 [ 90F0B1745ABF13F44C2A6ED79F7CE9FB ] tosrfbnp C:\windows\system32\Drivers\tosrfbnp.sys
19:29:55.0567 3680 tosrfbnp - ok
19:29:55.0737 3680 [ 9E4E65EA51E34647340BD6007467AC54 ] Tosrfcom C:\windows\system32\Drivers\tosrfcom.sys
19:29:55.0767 3680 Tosrfcom - ok
19:29:55.0937 3680 [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
19:29:55.0957 3680 tosrfec - ok
19:29:56.0117 3680 [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid C:\windows\system32\DRIVERS\Tosrfhid.sys
19:29:56.0137 3680 Tosrfhid - ok
19:29:56.0457 3680 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\windows\system32\DRIVERS\tosrfnds.sys
19:29:56.0487 3680 tosrfnds - ok
19:29:56.0637 3680 [ 7052B10E54B48AF12BD5606596A8E039 ] TosRfSnd C:\windows\system32\drivers\tosrfsnd.sys
19:29:56.0677 3680 TosRfSnd - ok
19:29:56.0847 3680 [ AF8A0D2E2A41043A77CA77CCBDB8D9C2 ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
19:29:56.0877 3680 Tosrfusb - ok
19:29:57.0047 3680 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
19:29:57.0077 3680 tos_sps64 - ok
19:29:57.0297 3680 [ 36CDD894395BEC46EFB14F49D77D3D82 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
19:29:57.0367 3680 TPCHSrv - ok
19:29:57.0557 3680 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:29:57.0607 3680 TrkWks - ok
19:29:57.0787 3680 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:29:57.0847 3680 TrustedInstaller - ok
19:29:58.0167 3680 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:29:58.0217 3680 tssecsrv - ok
19:29:58.0387 3680 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:29:58.0417 3680 TsUsbFlt - ok
19:29:58.0587 3680 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
19:29:58.0627 3680 TsUsbGD - ok
19:29:58.0877 3680 [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
19:29:58.0947 3680 TuneUp.UtilitiesSvc - ok
19:29:59.0127 3680 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
19:29:59.0197 3680 TuneUpUtilitiesDrv - ok
19:29:59.0357 3680 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:29:59.0447 3680 tunnel - ok
19:29:59.0617 3680 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:29:59.0637 3680 TVALZ - ok
19:29:59.0817 3680 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
19:29:59.0857 3680 TVALZFL - ok
19:30:00.0027 3680 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
19:30:00.0047 3680 uagp35 - ok
19:30:00.0227 3680 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:30:00.0307 3680 udfs - ok
19:30:00.0767 3680 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:30:00.0807 3680 UI0Detect - ok
19:30:00.0967 3680 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:30:00.0997 3680 uliagpkx - ok
19:30:01.0167 3680 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:30:01.0207 3680 umbus - ok
19:30:01.0377 3680 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
19:30:01.0427 3680 UmPass - ok
19:30:01.0687 3680 [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:30:01.0767 3680 UNS - ok
19:30:01.0987 3680 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:30:02.0057 3680 upnphost - ok
19:30:02.0247 3680 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:30:02.0297 3680 usbccgp - ok
19:30:02.0467 3680 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:30:02.0507 3680 usbcir - ok
19:30:02.0687 3680 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
19:30:02.0727 3680 usbehci - ok
19:30:02.0917 3680 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:30:02.0987 3680 usbhub - ok
19:30:03.0157 3680 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
19:30:03.0197 3680 usbohci - ok
19:30:03.0417 3680 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
19:30:03.0477 3680 usbprint - ok
19:30:03.0657 3680 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:30:03.0717 3680 USBSTOR - ok
19:30:03.0867 3680 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:30:03.0907 3680 usbuhci - ok
19:30:04.0087 3680 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
19:30:04.0137 3680 usbvideo - ok
19:30:04.0317 3680 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:30:04.0367 3680 UxSms - ok
19:30:04.0577 3680 [ 5BF180F7F7C2F68ED6D5777840270BCE ] UxTuneUp C:\windows\System32\uxtuneup.dll
19:30:04.0597 3680 UxTuneUp - ok
19:30:04.0777 3680 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
19:30:04.0807 3680 VaultSvc - ok
19:30:04.0987 3680 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:30:05.0017 3680 vdrvroot - ok
19:30:05.0217 3680 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
19:30:05.0267 3680 vds - ok
19:30:05.0437 3680 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:30:05.0467 3680 vga - ok
19:30:05.0647 3680 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:30:05.0697 3680 VgaSave - ok
19:30:05.0847 3680 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:30:05.0877 3680 vhdmp - ok
19:30:06.0047 3680 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
19:30:06.0077 3680 viaide - ok
19:30:06.0247 3680 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:30:06.0277 3680 volmgr - ok
19:30:06.0427 3680 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:30:06.0467 3680 volmgrx - ok
19:30:06.0647 3680 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
19:30:06.0687 3680 volsnap - ok
19:30:06.0857 3680 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
19:30:06.0877 3680 vsmraid - ok
19:30:07.0087 3680 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
19:30:07.0147 3680 VSS - ok
19:30:07.0347 3680 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:30:07.0397 3680 vwifibus - ok
19:30:07.0577 3680 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:30:07.0637 3680 vwififlt - ok
19:30:07.0817 3680 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
19:30:07.0867 3680 vwifimp - ok
19:30:08.0037 3680 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:30:08.0107 3680 W32Time - ok
19:30:08.0417 3680 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
19:30:08.0467 3680 WacomPen - ok
19:30:08.0637 3680 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:30:08.0687 3680 WANARP - ok
19:30:08.0867 3680 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:30:08.0907 3680 Wanarpv6 - ok
19:30:09.0127 3680 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
19:30:09.0197 3680 WatAdminSvc - ok
19:30:09.0407 3680 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
19:30:09.0457 3680 wbengine - ok
19:30:09.0657 3680 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:30:09.0697 3680 WbioSrvc - ok
19:30:09.0867 3680 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
19:30:09.0917 3680 wcncsvc - ok
19:30:10.0127 3680 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:30:10.0177 3680 WcsPlugInService - ok
19:30:10.0467 3680 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
19:30:10.0497 3680 Wd - ok
19:30:10.0697 3680 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:30:10.0727 3680 Wdf01000 - ok
19:30:10.0927 3680 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:30:10.0987 3680 WdiServiceHost - ok
19:30:11.0157 3680 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:30:11.0197 3680 WdiSystemHost - ok
19:30:11.0387 3680 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
19:30:11.0447 3680 WebClient - ok
19:30:11.0637 3680 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:30:11.0707 3680 Wecsvc - ok
19:30:11.0897 3680 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:30:11.0957 3680 wercplsupport - ok
19:30:12.0137 3680 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:30:12.0217 3680 WerSvc - ok
19:30:12.0397 3680 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:30:12.0447 3680 WfpLwf - ok
19:30:12.0617 3680 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:30:12.0647 3680 WIMMount - ok
19:30:12.0827 3680 WinDefend - ok
19:30:13.0167 3680 WinHttpAutoProxySvc - ok
19:30:13.0387 3680 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:30:13.0447 3680 Winmgmt - ok
19:30:13.0667 3680 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
19:30:13.0747 3680 WinRM - ok
19:30:14.0277 3680 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:30:14.0347 3680 Wlansvc - ok
19:30:14.0557 3680 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:30:14.0617 3680 wlcrasvc - ok
19:30:14.0887 3680 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:30:14.0987 3680 wlidsvc - ok
19:30:15.0177 3680 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
19:30:15.0207 3680 WmiAcpi - ok
19:30:15.0577 3680 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:30:15.0607 3680 wmiApSrv - ok
19:30:15.0807 3680 WMPNetworkSvc - ok
19:30:16.0007 3680 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:30:16.0057 3680 WPCSvc - ok
19:30:16.0247 3680 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:30:16.0297 3680 WPDBusEnum - ok
19:30:16.0497 3680 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:30:16.0557 3680 ws2ifsl - ok
19:30:16.0767 3680 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
19:30:16.0807 3680 wscsvc - ok
19:30:16.0967 3680 WSearch - ok
19:30:17.0347 3680 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
19:30:17.0387 3680 wuauserv - ok
19:30:17.0597 3680 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:30:17.0647 3680 WudfPf - ok
19:30:17.0837 3680 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:30:17.0887 3680 WUDFRd - ok
19:30:18.0087 3680 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:30:18.0147 3680 wudfsvc - ok
19:30:18.0387 3680 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\windows\System32\wwansvc.dll
19:30:18.0457 3680 WwanSvc - ok
19:30:18.0857 3680 [ 74713CB32792F9C7632DAA7DA22CA974 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
19:30:18.0937 3680 ZeroConfigService - ok
19:30:19.0157 3680 [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbmdm6k C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:30:19.0207 3680 ZTEusbmdm6k - ok
19:30:19.0387 3680 [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbnmea C:\windows\system32\DRIVERS\ZTEusbnmea.sys
19:30:19.0417 3680 ZTEusbnmea - ok
19:30:19.0627 3680 [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbser6k C:\windows\system32\DRIVERS\ZTEusbser6k.sys
19:30:19.0657 3680 ZTEusbser6k - ok
19:30:20.0717 3680 ================ Scan global ===============================
19:30:20.0787 3680 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:30:20.0817 3680 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
19:30:20.0827 3680 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
19:30:20.0857 3680 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:30:20.0897 3680 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:30:20.0897 3680 [Global] - ok
19:30:20.0897 3680 ================ Scan MBR ==================================
19:30:20.0917 3680 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
19:30:21.0407 3680 \Device\Harddisk0\DR0 - ok
19:30:21.0407 3680 ================ Scan VBR ==================================
19:30:21.0437 3680 [ C01AD317991FEC484FBB0D0F1FAE77F1 ] \Device\Harddisk0\DR0\Partition1
19:30:21.0437 3680 \Device\Harddisk0\DR0\Partition1 - ok
19:30:21.0457 3680 [ C927F7D234A847AC08B971984621177C ] \Device\Harddisk0\DR0\Partition2
19:30:21.0457 3680 \Device\Harddisk0\DR0\Partition2 - ok
19:30:21.0457 3680 ============================================================
19:30:21.0457 3680 Scan finished
19:30:21.0457 3680 ============================================================
19:30:21.0477 1984 Detected object count: 6
19:30:21.0477 1984 Actual detected object count: 6
19:30:42.0997 1984 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:42.0997 1984 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:42.0997 1984 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:42.0997 1984 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:42.0997 1984 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:30:42.0997 1984 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:30:42.0997 1984 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:42.0997 1984 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:42.0997 1984 Thpsrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:42.0997 1984 Thpsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:43.0007 1984 TosCoSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:43.0007 1984 TosCoSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:45.0977 3280 Deinitialize success
|
|
08.02.2013, 19:33
| #7 |
| /// Malware-holic | Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglich hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.02.2013, 20:26
| #8 |
| | Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglich Combofix Logfile: Code:
ATTFilter ComboFix 13-02-07.02 - Holger 08.02.2013 19:50:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.8082.5659 [GMT 1:00]
ausgeführt von:: c:\users\Holger\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-08 bis 2013-02-08 ))))))))))))))))))))))))))))))
.
.
2013-02-08 19:00 . 2013-02-08 19:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-08 19:00 . 2013-02-08 19:00 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-02-08 19:00 . 2013-02-08 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-08 19:00 . 2013-02-08 19:00 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-02-08 17:36 . 2013-02-08 17:36 -------- d-----w- c:\programdata\Malwarebytes
2013-02-08 17:36 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-08 17:36 . 2013-02-08 17:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-08 17:33 . 2013-02-08 17:33 -------- d-----w- c:\users\Holger\AppData\Local\Programs
2013-02-04 17:12 . 2013-02-04 17:12 53248 ----a-r- c:\users\Holger\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-02-04 17:12 . 2013-02-04 17:12 -------- d-----w- c:\users\Holger\AppData\Roaming\Leadertech
2013-02-04 17:12 . 2013-02-04 17:12 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2013-02-04 17:12 . 2013-02-04 17:12 -------- d-----w- c:\programdata\Logitech
2013-02-04 17:12 . 2013-02-04 17:12 -------- d-----w- c:\programdata\Logishrd
2013-02-04 17:11 . 2013-02-04 17:11 -------- d-----w- c:\program files\Logitech
2013-02-04 17:11 . 2013-02-04 17:12 -------- d-----w- c:\program files\Common Files\Logishrd
2013-02-04 17:09 . 2013-02-04 17:10 -------- d-----w- c:\users\Holger\AppData\Roaming\Logishrd
2013-02-04 17:09 . 2013-02-04 17:09 -------- d-----w- c:\users\Holger\AppData\Roaming\Logitech
2013-02-04 16:15 . 2009-10-22 19:07 97576 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-04 16:15 . 2009-10-22 19:07 83784 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2013-02-04 16:15 . 2009-10-22 19:07 77104 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-04 16:15 . 2009-10-22 19:07 469144 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-04 16:15 . 2009-10-22 19:07 119968 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-04 16:15 . 2009-10-22 19:07 79504 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-04 16:15 . 2013-02-04 16:15 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2013-02-01 16:03 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32C003B2-7C44-4EA8-A474-246877318AD5}\mpengine.dll
2013-01-18 16:45 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2013-01-18 16:45 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2013-01-18 16:45 . 2010-03-02 12:59 121344 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2013-01-18 16:45 . 2010-02-22 08:09 11776 ----a-w- c:\windows\system32\drivers\massfilter.sys
2013-01-18 16:45 . 2009-12-28 13:06 135168 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2013-01-16 21:04 . 2013-01-16 21:04 -------- d-----w- c:\users\Holger\AppData\Local\PackageAware
2013-01-14 17:22 . 2013-01-14 17:22 -------- d-----w- c:\program files (x86)\UEFI WinFlash
2013-01-12 13:41 . 2013-01-12 13:41 -------- d-----w- c:\users\Holger\AppData\Local\SCE
2013-01-12 13:41 . 2013-01-12 13:41 -------- d-----w- C:\Crash
2013-01-09 19:16 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 19:16 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 19:13 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 19:13 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 19:13 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 19:13 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 19:13 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 19:13 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 19:11 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 19:11 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-11 18:02 . 2012-03-14 19:51 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-11 18:02 . 2012-03-14 19:51 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 21:15 . 2012-10-13 16:30 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-22 02:23 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 02:23 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:23 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:23 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 19:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 23:45 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 23:45 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 23:45 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 23:45 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 23:45 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 23:45 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 23:45 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 23:45 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 23:45 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 23:45 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 23:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 23:45 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 23:45 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 23:45 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 23:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 23:45 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 23:45 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 23:45 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 23:45 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 23:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 23:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 23:45 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-04 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-28 291608]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2011-12-20 532480]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-20 74752]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-22 124240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2012-2-4 2824104]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2012-3-14 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-01-27 34200]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-02-22 11776]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-22 77104]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 273168]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2012-01-05 259176]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-12 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-28 16152]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-01-28 28992]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-10-09 834544]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2011-03-24 36992]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-03-18 482384]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2009-10-22 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-22 79504]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-04 687400]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2012-02-10 295360]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-08 594704]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-06-08 20592]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2011-11-17 76112]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2011-11-17 20304]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2009-12-26 12112]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 86016]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-07 331264]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-28 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-28 787736]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2012-01-27 25496]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-04 677480]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2012-02-25 22800]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-09-22 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-14 18:02]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 19:51]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 19:51]
.
2013-02-08 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-02-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-01 12446824]
"SRS Premium Sound 3D"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-02-06 2165120]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2011-10-19 718720]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2012-03-14 150992]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-10 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-10 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-10 440088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Holger\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Holger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\t6bqy3gy.default\
FF - ExtSQL: 2013-02-04 18:12; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-08 20:21:46
ComboFix-quarantined-files.txt 2013-02-08 19:21
.
Vor Suchlauf: 11 Verzeichnis(se), 182.304.145.408 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 181.814.632.448 Bytes frei
.
- - End Of File - - DD1C77AAFB5A37FAC83BC95795DF54BE
|
|
08.02.2013, 21:32
| #9 |
| /// Malware-holic | Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglich schaun wir mal was mbam tut malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2013, 00:45
| #10 |
| | Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglich Könnte man bitte alle Daten von mir aus den Thread löschen? Problem hat sich erledigt und ich will nicht das die dortstehen. |
|
17.02.2013, 16:17
| #11 |
| /// Malware-holic | Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglich wir löschen nur vor/nachname kombinationen, oder andere eindeutige Identivikationsmerkmale. Sollte so was da sein, gehe auf Beitrag melden und schildere was gelöscht werden soll.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglich |
| anti-malware, defender, einiger, installation, installiere, installieren, keine updates, laptop, malwarebytes, malwarebytes anti-malware, meldung, nicht möglich, updates, updates nicht möglich, virus, windows, windows defender |
WARNUNG an die MITLESER: 
Linear-Darstellung
