Guten Morgen,

ich habe heute morgen nichtsahnend meinen Laptop gestartet und mich begrüßte folgende meldung von Avira Antivir.

In der Datei 'C:\Users\Sagran\AppData\Roaming\ie_util.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Bublik.65536.126' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern


Daraufhin habe ich auf den Button entfernen geklickt und nach einem kurzen Scan kam folgende Meldung:


Die Datei 'C:\Users\Sagran\AppData\Roaming\ie_util.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Bublik.65536.126' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 5485af20.qua erstellt ( QUARANTÄNE ).
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-710839426-2147656522-2442907301-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> wurde erfolgreich repariert.
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-710839426-2147656522-2442907301-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> wurde erfolgreich repariert.
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei konnte nicht gelöscht werden!

Daraufhin habe ich einen kompletten Systemscan gestartet der auch noch läuft aber bisher wurden mir 4 Funde gezeigt:

Die Datei 'C:\Users\Sagran\AppData\Local\Temp\ICReinstall\FLVPlayerSetup.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 543d86bf.qua erstellt ( QUARANTÄNE ).

Die Datei 'C:\Users\Sagran\AppData\Local\Temp\tmp74ad15ea\qw.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Bublik.65536.126' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 4c72a952.qua erstellt ( QUARANTÄNE ).

Die Datei 'C:\Users\Sagran\AppData\Roaming\ie_util.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Bublik.65536.126' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 1efefdea.qua erstellt ( QUARANTÄNE ).


Ich hoffe sehr das Ihr mir helfen könnt ich habe bisher noch keinen Schritt aus eurer Anleitung unternommen weil ich noch abwarten wollte bis der Avira Scan durchgelaufen ist.

Bitte sagt mir was ich als nächstes tun soll...

Vielen dank schonmal im vorraus.

Gruß nadia

So der Avira Scan ist jetzt auch durch..hier ist der Bericht

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 28. Februar 2013 09:04

Es wird nach 5096380 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ***

Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 16:39:37
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 17:06:53
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 17:06:53
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 17:06:53
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 20:11:26
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:49:35
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 20:15:58
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 21:05:55
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 17:00:28
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 17:26:39
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 15:50:57
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 19:57:44
VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 19:57:44
VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 19:57:45
VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 19:57:45
VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 19:57:45
VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 15:45:27
VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 15:44:44
VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 19:30:49
VBASE016.VDF : 7.11.60.249 215552 Bytes 13.02.2013 20:02:17
VBASE017.VDF : 7.11.61.65 151040 Bytes 15.02.2013 18:26:57
VBASE018.VDF : 7.11.61.135 159232 Bytes 18.02.2013 11:00:01
VBASE019.VDF : 7.11.61.163 152064 Bytes 18.02.2013 12:03:58
VBASE020.VDF : 7.11.61.207 164352 Bytes 19.02.2013 19:43:00
VBASE021.VDF : 7.11.62.43 206336 Bytes 21.02.2013 17:24:40
VBASE022.VDF : 7.11.62.111 136192 Bytes 23.02.2013 18:41:35
VBASE023.VDF : 7.11.62.157 143360 Bytes 25.02.2013 18:40:02
VBASE024.VDF : 7.11.62.237 199168 Bytes 27.02.2013 18:21:05
VBASE025.VDF : 7.11.62.238 2048 Bytes 27.02.2013 18:21:05
VBASE026.VDF : 7.11.62.239 2048 Bytes 27.02.2013 18:21:05
VBASE027.VDF : 7.11.62.240 2048 Bytes 27.02.2013 18:21:05
VBASE028.VDF : 7.11.62.241 2048 Bytes 27.02.2013 18:21:05
VBASE029.VDF : 7.11.62.242 2048 Bytes 27.02.2013 18:21:05
VBASE030.VDF : 7.11.62.243 2048 Bytes 27.02.2013 18:21:05
VBASE031.VDF : 7.11.63.12 59904 Bytes 27.02.2013 21:39:02
Engineversion : 8.2.12.8
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 17:45:16
AESCRIPT.DLL : 8.1.4.94 467324 Bytes 22.02.2013 18:12:11
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 16:47:37
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 15:18:34
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 13:12:40
AEPACK.DLL : 8.3.1.10 815480 Bytes 19.02.2013 12:04:00
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 18:00:27
AEHEUR.DLL : 8.1.4.218 5792121 Bytes 22.02.2013 18:12:11
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 17:00:25
AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 19:40:05
AEEXP.DLL : 8.4.0.4 188789 Bytes 22.02.2013 18:12:11
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 17:45:16
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 12:04:00
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 18:00:25
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 17:06:52
AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 16:39:37
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 17:06:53
AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 16:39:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 17:06:53
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 17:06:53
AVSMTP.DLL : 12.3.0.32 63480 Bytes 08.08.2012 08:35:51
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 17:06:53
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 08.08.2012 08:35:49
RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 16:39:36

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: ignorieren
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 28. Februar 2013 09:04

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf nach versteckten Objekten wird begonnen.
Die Reparatur von Rootkits ist nur im interaktiven Modus möglich!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSwMgr.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosAVRC.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosBtHsp.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'NDSTray.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosBtHid.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosA2dp.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosBtMng.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'ie_util.exe' - '38' Modul(e) wurden durchsucht
Modul ist infiziert -> <C:\Users\Sagran\AppData\Roaming\ie_util.exe>
[FUND] Ist das Trojanische Pferd TR/Bublik.65536.126
Durchsuche Prozess 'tywov.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'YahooAUService.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:

Die Registry wurde durchsucht ( '11344' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <WINDOWS>
C:\Users\***\AppData\Local\Temp\ICReinstall\FLVPlayerSetup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 543d86bf.qua erstellt ( QUARANTÄNE )
C:\Users\***\AppData\Local\Temp\tmp74ad15ea\qw.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.65536.126
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 4c72a952.qua erstellt ( QUARANTÄNE )
C:\Users\***\AppData\Roaming\ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.65536.126
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 1efefdea.qua erstellt ( QUARANTÄNE )
Beginne mit der Suche in 'D:\' <Data>
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert


Ende des Suchlaufs: Donnerstag, 28. Februar 2013 10:30
Benötigte Zeit: 1:26:25 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

38890 Verzeichnisse wurden überprüft
844435 Dateien wurden geprüft
4 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
844431 Dateien ohne Befall
6348 Archive wurden durchsucht
0 Warnungen
3 Hinweise
589833 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

Moin,

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

• Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
  
  
• Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  
  
• Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
  
  
• Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
  
  
• Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in CODE-Tags in den Thread.

So ich war etwas voreilig und habe schonmal OTL laufen lassen aber im quick scan poste hier mal die logs falls das nicht reicht dann sag mir bescheid und ich mache dann nochmal den anderen Scan.

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 2/28/2013 10:40:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 6.13 Gb Available Physical Memory | 76.78% Memory free
15.96 Gb Paging File | 14.09 Gb Available in Paging File | 88.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.71 Gb Total Space | 231.31 Gb Free Space | 77.70% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 284.11 Gb Free Space | 95.32% Space Free | Partition Type: NTFS
 
Computer Name: ***| User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F19809-CA0B-49D7-BFBC-AEBD7080960E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0F87A06B-F911-4056-9826-554521FF543F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{18ACE3D4-3C78-4754-A47B-8528AD680DAB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{43BAA487-2622-44D5-9F07-643D892F049A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{496C7EB1-3761-47F7-AE97-18F867FD91C6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{64F7C717-BA8D-4C87-9714-8032D8CEAD6E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{68FACFD1-DEB3-4461-AA6E-2D17DF23B3BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6A4FFD6D-A75A-461E-B53D-81BD3F2D250D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7094E6A4-7813-4083-9EE5-0846864848E0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{79F13947-9801-429D-B41D-657C216E8C3D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8FEF1EE8-319F-4A0A-A391-16C3D92FE38E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{96377336-B052-46BF-AB39-F26294BD0FF0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F1B9D3C-0BD2-476A-BDBE-F2D045EC87E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A952CA23-63EB-4514-8206-D9EF1C0DFF61}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ABA6EFF9-DBF4-44A4-B42A-3FA10392A4E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B91333C3-F825-4136-959B-520710D4470D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BFB6188D-24B5-41DE-A0E1-4C208FDEAC0C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C15B21B3-7F9F-48E2-A395-4CE1C39DF744}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C6FB6844-10A1-4E81-ADED-739B7A93EF1B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CD5BAF26-45E9-4663-B573-EA990FECD4C8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DADE74DD-EE75-4761-A729-D6F16F73A1AB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EC87B294-0C39-4D22-A54F-01BEA0FECAE1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FCF183F9-4553-4300-BB75-52170E46C030}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DBC5F35-2667-4FBE-868C-1D27D7932E8F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1043391C-DE73-4B9A-A053-1A8D7F6DCF40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1760CEF3-977C-4640-B35E-549412E04563}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{199E3C96-B552-433F-9BC4-71B4ABEF6935}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{2ACE6CE3-14E1-4271-9C32-57851A3D4333}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E75C2E0-754E-45E7-86D8-E716C39DF5A3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{31ADC50F-915E-4DA3-87F6-BF1F3914437A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{36DA2C41-C9AC-4FF5-886F-2E1587381E8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{446214D1-7CA7-4F0B-9607-FD72F2236F99}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{4BD095D0-CF78-46CA-AC2F-0D3E9937C976}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{507C2592-5A0F-4748-B964-DE7A96BA7E1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5EA1E709-1C09-4502-8F2A-369B631DF25D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6A72923F-3F61-42D0-BF9F-BDFF9947E87C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C27AAEB-8CF6-4600-A2BE-A7DF77F29DC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C738D58-73A9-425C-BFD3-352E8A572A19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9D270F1B-7307-45E9-9EE6-CDD7ADE1B3FD}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{9D6E1CFC-414D-4DB2-B932-D6264C77F494}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A03AFE6D-AB9B-483C-86E1-8F02EDBE3677}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B269E7BD-9636-4637-9B57-D85B8ED6A27B}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{B9B646FA-55E5-4FF1-B9E3-0ABEB0C35070}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{BA6403DB-6949-4B88-AB2D-0C92A13F2152}" = protocol=6 | dir=out | app=system | 
"{C3BE6261-4DC4-4D66-92F4-EA63143488FC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C72C69E7-87CF-4808-9923-F7D82B104640}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{D8C0B405-4375-4F3C-BD8B-EB5E8A7B8F28}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D8CAC623-AEBD-4530-AE76-8B60047A2C9C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DDB90085-CFB1-45DA-9B1E-91A29E74768C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DE645133-5129-43C3-B6CF-3A81B693A62F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8B89BE0-3E51-4C44-8F20-88D0B56967DC}" = dir=in | app=c:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{EBD58353-36A3-4800-922E-989806A9A078}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EE56CD91-6064-4C2E-BE45-9CAD06594360}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FC2E5CCE-3C16-4B55-96CA-2AD54FD302EB}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{FD7C501F-8DE8-4F74-9683-348EE532E252}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"TCP Query User{DBC88E0A-D632-4B79-83EC-98332E4341A4}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{E9750150-2C11-4D71-98BC-D9E3EC0ABAD1}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.69
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.69
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.69
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F52618B2-A995-4F8D-A6C8-9E235A470C68}" = TOSHIBA ConfigFree
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IrfanView" = IrfanView (remove only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.14.1738" = Opera 12.14
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Update Engine" = Sony Ericsson Update Engine
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/22/2012 8:11:07 AM | Computer Name = Pakistan0804 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 3/22/2012 11:48:27 AM | Computer Name = Pakistan0804 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.5.0.124, Zeitstempel:
 0x4e96a02b  Name des fehlerhaften Moduls: Skype.exe, Version: 5.5.0.124, Zeitstempel:
 0x4e96a02b  Ausnahmecode: 0xc0000094  Fehleroffset: 0x00edc90f  ID des fehlerhaften Prozesses:
 0x3dc  Startzeit der fehlerhaften Anwendung: 0x01cd0842e13b1ce8  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\Skype\Phone\Skype.exe  Berichtskennung: 7680bb71-7436-11e1-936e-e89a8f19ea20
 
Error - 4/20/2012 8:07:49 AM | Computer Name = ***| Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 5/1/2012 5:05:33 AM | Computer Name = *** | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 5/11/2012 8:11:17 AM | Computer Name = ***| Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 5/17/2012 4:54:49 PM | Computer Name = Pakistan0804 | Source = Application Hang | ID = 1002
Description = Programm tosBtProc.exe, Version 8.0.0.4 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12c0    Startzeit:
 01cd3468830f2be2    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\TOSHIBA\Bluetooth
 Toshiba Stack\tosBtProc.exe    Berichts-ID: 879942dc-a062-11e1-957f-e89a8f19ea20  
 
Error - 5/17/2012 4:58:14 PM | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm WirelessFTP.exe, Version 7.0.0.8 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7e8    Startzeit: 
01cd346eb2ad1b65    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\Toshiba\Bluetooth
 Toshiba Stack\WirelessFTP.exe    Berichts-ID: 030d427d-a063-11e1-957f-e89a8f19ea20  
 
Error - 5/30/2012 1:17:12 PM | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.9.0.115, Zeitstempel:
 0x4fa23462  Name des fehlerhaften Moduls: Skype.exe, Version: 5.9.0.115, Zeitstempel:
 0x4fa23462  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00003634  ID des fehlerhaften Prozesses:
 0x10d0  Startzeit der fehlerhaften Anwendung: 0x01cd3e7e46e3dd4e  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\Skype\Phone\Skype.exe  Berichtskennung: 4b04f262-aa7b-11e1-8405-e89a8f19ea20
 
Error - 5/31/2012 10:08:43 AM | Computer Name = *** | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 6/4/2012 8:26:34 AM | Computer Name = *** | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
[ System Events ]
Error - 11/9/2012 4:54:28 PM | Computer Name = *** | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11/9/2012 4:54:37 PM | Computer Name = *** | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11/9/2012 4:54:44 PM | Computer Name = *** | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11/9/2012 4:54:51 PM | Computer Name = *** | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11/16/2012 10:21:41 AM | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Client Virtualization Handler" wurde nicht richtig gestartet.
 
Error - 12/7/2012 6:30:04 PM | Computer Name = *** | Source = DCOM | ID = 10010
Description = 
 
Error - 12/8/2012 6:21:33 PM | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Client Virtualization Handler" wurde nicht richtig gestartet.
 
Error - 12/16/2012 7:22:45 AM | Computer Name =*** | Source = DCOM | ID = 10010
Description = 
 
Error - 12/17/2012 7:30:02 AM | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 ConfigFree WiMAX Service erreicht.
 
Error - 1/3/2013 10:58:00 AM | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SysMain erreicht.
 
 
< End of report >
         

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 2/28/2013 10:40:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 6.13 Gb Available Physical Memory | 76.78% Memory free
15.96 Gb Paging File | 14.09 Gb Available in Paging File | 88.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.71 Gb Total Space | 231.31 Gb Free Space | 77.70% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 284.11 Gb Free Space | 95.32% Space Free | Partition Type: NTFS
 
Computer Name: PAKISTAN0804 | User Name: Sagran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/28 10:38:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013/02/27 16:16:07 | 000,062,464 | ---- | M] () -- C:\Users\***\AppData\Roaming\ie_util.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/08 09:35:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 18:06:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 18:06:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/31 06:51:34 | 000,234,496 | ---- | M] () -- C:\Users\***\AppData\Roaming\Gunik\tywov.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/01/16 04:25:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/01/13 08:22:24 | 002,749,856 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2010/12/20 17:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 17:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/03 13:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/09/06 15:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2010/08/23 15:12:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2010/08/23 15:12:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2009/07/28 19:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/04/03 17:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/27 16:16:07 | 000,062,464 | ---- | M] () -- C:\Users\***\AppData\Roaming\ie_util.exe
MOD - [2011/10/31 06:51:34 | 000,234,496 | ---- | M] () -- C:\Users\***\AppData\Roaming\Gunik\tywov.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/12/20 17:30:30 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/09 16:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 14:55:26 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/12/08 14:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 13:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/02/09 10:52:32 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/08 18:06:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 18:06:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/01/16 04:25:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/20 17:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 17:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/29 13:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/04/12 09:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 15:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/24 22:55:21 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/12/24 22:55:21 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/05/08 18:06:53 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 18:06:53 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/03 18:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 14:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/27 11:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/20 09:26:46 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2011/01/12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/17 18:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/10 12:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 12:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/01 15:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 13:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/29 10:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/12 06:10:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/11 09:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010/11/08 12:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/18 13:14:02 | 000,042,096 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/08/30 09:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/06/18 15:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/04/26 10:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 10:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/17 11:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/15 13:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9FFC5806-94EB-4078-81F2-76A31ED32835}
IE:64bit: - HKLM\..\SearchScopes\{9FFC5806-94EB-4078-81F2-76A31ED32835}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {39EF9173-94C2-4B94-A9A1-19A396B1CE78}
IE - HKLM\..\SearchScopes\{39EF9173-94C2-4B94-A9A1-19A396B1CE78}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {8BA44541-494E-4C97-8257-AC7B14ABB367}
IE - HKCU\..\SearchScopes\{2CC5724B-9708-4131-97EF-7D563A1AB577}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{492F925D-2365-4783-B6D2-15FCC8DC2095}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{8BA44541-494E-4C97-8257-AC7B14ABB367}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sagran\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
 
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKCU..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Itakreti] C:\Users\Sagran\AppData\Roaming\Gunik\tywov.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{262CEB5F-265A-4FD0-885B-2890691DDB6D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ed54c16d-4e13-11e2-abb7-e89a8f19ea20}\Shell - "" = AutoRun
O33 - MountPoints2\{ed54c16d-4e13-11e2-abb7-e89a8f19ea20}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/28 10:38:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sagran\Desktop\OTL.exe
[2013/02/27 16:15:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Wairs
[2013/02/27 16:15:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Iryls
[2013/02/27 16:15:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Gunik
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Sagran\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/28 10:41:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-710839426-2147656522-2442907301-1001UA.job
[2013/02/28 10:38:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sagran\Desktop\OTL.exe
[2013/02/28 10:20:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/28 09:05:09 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/28 09:05:09 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/28 08:56:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/28 08:56:16 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/27 19:22:31 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/27 19:22:31 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/02/27 19:22:31 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/27 19:22:31 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/02/27 19:22:31 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/27 16:24:10 | 000,697,532 | ---- | M] () -- C:\Users\***\Desktop\Bundeslander-Stadte-Wappen-AB.pdf
[2013/02/27 16:16:07 | 000,062,464 | ---- | M] () -- C:\Users\***\AppData\Roaming\ie_util.exe
[2013/02/27 16:14:28 | 000,021,155 | ---- | M] () -- C:\Users\***\Desktop\wappen_niedersachsen.jpg
[2013/02/27 16:09:43 | 000,135,938 | ---- | M] () -- C:\Users\***\Desktop\image_popup.jpg
[2013/02/27 16:07:57 | 000,078,735 | ---- | M] () -- C:\Users\***\Desktop\deutschlandkarte_germany_map_vector.jpg
[2013/02/27 14:43:40 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-710839426-2147656522-2442907301-1001Core.job
[2013/02/14 10:15:54 | 000,275,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Sagran\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/27 16:24:10 | 000,697,532 | ---- | C] () -- C:\Users\***\Desktop\Bundeslander-Stadte-Wappen-AB.pdf
[2013/02/27 16:16:08 | 000,062,464 | ---- | C] () -- C:\Users\***\AppData\Roaming\ie_util.exe
[2013/02/27 16:14:28 | 000,021,155 | ---- | C] () -- C:\Users\***\Desktop\wappen_niedersachsen.jpg
[2013/02/27 16:09:43 | 000,135,938 | ---- | C] () -- C:\Users\***\Desktop\image_popup.jpg
[2013/02/27 16:07:57 | 000,078,735 | ---- | C] () -- C:\Users\***\Desktop\deutschlandkarte_germany_map_vector.jpg
[2012/07/09 19:23:20 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/07/09 19:23:20 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/07/09 19:23:20 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/07/09 19:23:20 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/07/09 19:23:20 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/07/09 19:23:20 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/07/09 19:23:20 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/07/09 19:23:20 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/07/09 19:23:20 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/07/09 19:23:20 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012/07/09 19:23:20 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/07/09 19:23:20 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/07/09 19:23:20 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/07/09 19:23:20 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/07/09 19:23:20 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/07/09 19:23:20 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012/07/09 19:23:20 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012/07/09 19:23:20 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/07/09 19:23:20 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/08/28 22:11:25 | 143,457,256 | ---- | C] () -- C:\Users\***\Rossmann-Fotosoftware-Setup.exe
[2011/06/07 20:15:45 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/04 09:14:24 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/10/08 21:20:46 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\AnvSoft
[2011/06/07 20:26:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2013/02/27 16:15:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gunik
[2011/10/28 23:00:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2013/02/27 16:41:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iryls
[2011/10/03 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011/06/07 20:41:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre
[2013/02/27 23:13:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012/12/24 22:59:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011/11/07 19:58:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba
[2011/06/12 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TOSHIBA Online Product Information
[2011/06/07 20:16:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2013/02/27 16:15:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wairs
 
========== Purity Check ==========
 
 

< End of report >
         

Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

So GMER ist über eine Stunde durchgelaufen und nach erfolgreichem Abschluss bin ich auf copy und war gerade dabei mich hier einzuloggen da spielt mein Laptop verrückt und fährt einfach runter! Beim wieder hochfahren war natürlich alles weg also lasse ich GMER jetzt nochmal scannen.

So hier ist jetzt das ergebnis

Code: Alles auswählenAufklappen

ATTFilter

GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-02-28 14:39:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GH10 596,17GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\Sagran\AppData\Local\Temp\kglcrpoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076181465 2 bytes [18, 76]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000761814bb 2 bytes [18, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                          00000000779908fc 6 bytes [68, A0, CF, DE, 03, C3]
.text  C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                         00000000779a25fd 6 bytes [68, BD, 57, DF, 03, C3]
.text  C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe[3940] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                   00000000779ac45a 6 bytes [68, CB, D0, DE, 03, C3]
.text  C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                         00000000779b2a63 6 bytes [68, 03, 58, DF, 03, C3]
.text  C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                         00000000779d4128 6 bytes [68, 49, 58, DF, 03, C3]
.text  C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                         00000000779de659 6 bytes [68, 8F, 58, DF, 03, C3]
.text  C:\Users\Sagran\AppData\Roaming\Gunik\tywov.exe[3688] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                       00000000759c4296 6 bytes [68, 38, DF, 41, 00, C3]
.text  C:\Users\Sagran\AppData\Roaming\Gunik\tywov.exe[3688] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                     00000000759d7673 6 bytes [68, C8, DE, 41, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                             00000000779908fc 6 bytes [68, A0, CF, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                            00000000779a25fd 6 bytes [68, BD, 57, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                      00000000779ac45a 6 bytes [68, CB, D0, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                            00000000779b2a63 6 bytes [68, 03, 58, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                            00000000779d4128 6 bytes [68, 49, 58, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                            00000000779de659 6 bytes [68, 8F, 58, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                         00000000757d455c 6 bytes [68, 34, D3, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\kernel32.dll!ExitProcess                                  00000000757d79f8 6 bytes [68, F3, D2, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!GetDC                                          00000000763272c4 6 bytes [68, 92, 18, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!ReleaseDC                                      0000000076327446 6 bytes [68, 10, 19, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!TranslateMessage                               0000000076327809 6 bytes [68, A5, 5D, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!GetMessageW                                    00000000763278e2 6 bytes [68, 22, DE, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!GetMessageA                                    0000000076327bd3 6 bytes [68, 4A, DE, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!GetWindowDC                                    0000000076328048 6 bytes [68, D1, 18, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!RegisterClassW                                 0000000076328a65 6 bytes [68, C1, 5A, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!RegisterClassExW                               000000007632b17d 6 bytes [68, 5B, 5B, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!RegisterClassExA                               000000007632db98 6 bytes [68, AD, 5B, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!PeekMessageW                                   00000000763305ba 6 bytes [68, 72, DE, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                0000000076330d32 6 bytes [68, F3, 59, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!GetCursorPos                                   0000000076331218 6 bytes [68, 55, DC, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!EndPaint                                       0000000076331341 6 bytes [68, F7, 17, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!BeginPaint                                     0000000076331361 6 bytes [68, 87, 17, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!GetMessagePos                                  0000000076332a8d 6 bytes [68, 23, DC, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!GetCapture                                     0000000076332aac 6 bytes [68, 83, DD, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!GetDCEx                                        0000000076333391 6 bytes [68, 37, 18, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!RegisterClassA                                 000000007633434b 6 bytes [68, 0E, 5B, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!PeekMessageA                                   0000000076335f74 6 bytes [68, 9D, DE, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                   0000000076336222 6 bytes [68, E3, 19, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                000000007633792f 6 bytes [68, 3C, 5A, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                  0000000076337fbb 6 bytes [68, 1E, 59, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                               000000007633810c 6 bytes [68, AD, 59, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                  00000000763385c1 6 bytes [68, D5, 58, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                               00000000763386b4 6 bytes [68, 67, 59, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                  000000007634d41f 6 bytes [68, 50, 19, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                 000000007634ed49 6 bytes [68, 33, DD, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!SetCapture                                     000000007634ed56 6 bytes [68, D9, DC, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                  0000000076369854 6 bytes [68, 9F, 57, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!SetCursorPos                                   0000000076369cfd 6 bytes [68, 9C, DC, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!GetClipboardData                               0000000076369f1d 6 bytes [68, 54, 5F, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                               00000000763887cb 6 bytes [68, 4F, 57, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                         000000007641c592 6 bytes [68, B1, D3, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                         0000000076452538 6 bytes [68, 9A, D3, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                            0000000075da1224 6 bytes [68, 89, 7E, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WS2_32.dll!closesocket                                    00000000759c3918 6 bytes [68, 27, E3, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                    00000000759c4296 6 bytes [68, 38, DF, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WS2_32.dll!WSASend                                        00000000759c4406 6 bytes [68, 80, E3, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WS2_32.dll!send                                           00000000759c6f01 6 bytes [68, 5F, E3, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                  00000000759d7673 6 bytes [68, C8, DE, 3B, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                000000007609a336 6 bytes [68, 7C, 0A, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                           000000007609ab41 6 bytes [68, DC, 08, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WININET.dll!InternetReadFile                              000000007609b3fe 6 bytes [68, 49, 09, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                              00000000760a4a42 6 bytes [68, DA, 05, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                              00000000760a4c7d 6 bytes [68, 1E, 06, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                    00000000760a5e5d 6 bytes [68, 50, 0A, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                              00000000760aba12 6 bytes [68, 62, 06, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                               00000000760b45e2 6 bytes [68, 46, 08, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                            00000000760b4a35 6 bytes [68, 0C, 07, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                           00000000760cae56 6 bytes [68, 77, 09, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                        00000000760fb04e 6 bytes [68, F6, 09, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                            0000000076111962 6 bytes [68, A9, 07, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                               00000000761119e5 6 bytes [68, 91, 08, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[656] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                              0000000076111a48 6 bytes [68, B7, 06, 3C, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                             00000000779908fc 6 bytes [68, A0, CF, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                            00000000779a25fd 6 bytes [68, BD, 57, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                      00000000779ac45a 6 bytes [68, CB, D0, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                            00000000779b2a63 6 bytes [68, 03, 58, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                            00000000779d4128 6 bytes [68, 49, 58, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                            00000000779de659 6 bytes [68, 8F, 58, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                         00000000757d455c 6 bytes [68, 34, D3, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\kernel32.dll!ExitProcess                                  00000000757d79f8 6 bytes [68, F3, D2, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!GetDC                                          00000000763272c4 6 bytes [68, 92, 18, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!ReleaseDC                                      0000000076327446 6 bytes [68, 10, 19, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!TranslateMessage                               0000000076327809 6 bytes [68, A5, 5D, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!GetMessageW                                    00000000763278e2 6 bytes [68, 22, DE, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!GetMessageA                                    0000000076327bd3 6 bytes [68, 4A, DE, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!GetWindowDC                                    0000000076328048 6 bytes [68, D1, 18, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!RegisterClassW                                 0000000076328a65 6 bytes [68, C1, 5A, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!RegisterClassExW                               000000007632b17d 6 bytes [68, 5B, 5B, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!RegisterClassExA                               000000007632db98 6 bytes [68, AD, 5B, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!PeekMessageW                                   00000000763305ba 6 bytes [68, 72, DE, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                0000000076330d32 6 bytes [68, F3, 59, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!GetCursorPos                                   0000000076331218 6 bytes [68, 55, DC, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!EndPaint                                       0000000076331341 6 bytes [68, F7, 17, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!BeginPaint                                     0000000076331361 6 bytes [68, 87, 17, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!GetMessagePos                                  0000000076332a8d 6 bytes [68, 23, DC, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!GetCapture                                     0000000076332aac 6 bytes [68, 83, DD, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!GetDCEx                                        0000000076333391 6 bytes [68, 37, 18, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!RegisterClassA                                 000000007633434b 6 bytes [68, 0E, 5B, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!PeekMessageA                                   0000000076335f74 6 bytes [68, 9D, DE, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                   0000000076336222 6 bytes [68, E3, 19, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                000000007633792f 6 bytes [68, 3C, 5A, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                  0000000076337fbb 6 bytes [68, 1E, 59, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                               000000007633810c 6 bytes [68, AD, 59, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                  00000000763385c1 6 bytes [68, D5, 58, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                               00000000763386b4 6 bytes [68, 67, 59, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                  000000007634d41f 6 bytes [68, 50, 19, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                 000000007634ed49 6 bytes [68, 33, DD, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!SetCapture                                     000000007634ed56 6 bytes [68, D9, DC, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                  0000000076369854 6 bytes [68, 9F, 57, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!SetCursorPos                                   0000000076369cfd 6 bytes [68, 9C, DC, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!GetClipboardData                               0000000076369f1d 6 bytes [68, 54, 5F, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                               00000000763887cb 6 bytes [68, 4F, 57, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                         000000007641c592 6 bytes [68, B1, D3, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                         0000000076452538 6 bytes [68, 9A, D3, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                            0000000075da1224 6 bytes [68, 89, 7E, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000076181465 2 bytes [18, 76]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000761814bb 2 bytes [18, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WS2_32.dll!closesocket                                    00000000759c3918 6 bytes [68, 27, E3, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                    00000000759c4296 6 bytes [68, 38, DF, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WS2_32.dll!WSASend                                        00000000759c4406 6 bytes [68, 80, E3, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WS2_32.dll!send                                           00000000759c6f01 6 bytes [68, 5F, E3, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                  00000000759d7673 6 bytes [68, C8, DE, AB, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                000000007609a336 6 bytes [68, 7C, 0A, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                           000000007609ab41 6 bytes [68, DC, 08, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WININET.dll!InternetReadFile                              000000007609b3fe 6 bytes [68, 49, 09, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                              00000000760a4a42 6 bytes [68, DA, 05, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                              00000000760a4c7d 6 bytes [68, 1E, 06, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                    00000000760a5e5d 6 bytes [68, 50, 0A, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                              00000000760aba12 6 bytes [68, 62, 06, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                               00000000760b45e2 6 bytes [68, 46, 08, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                            00000000760b4a35 6 bytes [68, 0C, 07, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                           00000000760cae56 6 bytes [68, 77, 09, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                        00000000760fb04e 6 bytes [68, F6, 09, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                            0000000076111962 6 bytes [68, A9, 07, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                               00000000761119e5 6 bytes [68, 91, 08, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4820] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                              0000000076111a48 6 bytes [68, B7, 06, AC, 02, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                            00000000779908fc 4 bytes [68, A0, CF, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                        0000000077990901 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                           00000000779a25fd 6 bytes [68, BD, 57, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                     00000000779ac45a 6 bytes [68, CB, D0, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                           00000000779b2a63 6 bytes [68, 03, 58, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                           00000000779d4128 6 bytes [68, 49, 58, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                           00000000779de659 6 bytes [68, 8F, 58, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                        00000000757d455c 6 bytes [68, 34, D3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\kernel32.dll!ExitProcess                                 00000000757d79f8 6 bytes [68, F3, D2, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!GetDC                                         00000000763272c4 4 bytes [68, 92, 18, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!GetDC + 5                                     00000000763272c9 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!ReleaseDC                                     0000000076327446 6 bytes [68, 10, 19, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!TranslateMessage                              0000000076327809 6 bytes [68, A5, 5D, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!GetMessageW                                   00000000763278e2 6 bytes [68, 22, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!GetMessageA                                   0000000076327bd3 6 bytes [68, 4A, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!GetWindowDC                                   0000000076328048 4 bytes [68, D1, 18, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                               000000007632804d 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!RegisterClassW                                0000000076328a65 6 bytes [68, C1, 5A, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!RegisterClassExW                              000000007632b17d 6 bytes [68, 5B, 5B, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!RegisterClassExA                              000000007632db98 6 bytes [68, AD, 5B, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!PeekMessageW                                  00000000763305ba 6 bytes [68, 72, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!CallWindowProcW                               0000000076330d32 6 bytes [68, F3, 59, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!GetCursorPos                                  0000000076331218 6 bytes [68, 55, DC, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!EndPaint                                      0000000076331341 4 bytes [68, F7, 17, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                  0000000076331346 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!BeginPaint                                    0000000076331361 4 bytes [68, 87, 17, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                0000000076331366 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!GetMessagePos                                 0000000076332a8d 6 bytes [68, 23, DC, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!GetCapture                                    0000000076332aac 6 bytes [68, 83, DD, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!GetDCEx                                       0000000076333391 4 bytes [68, 37, 18, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                   0000000076333396 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!RegisterClassA                                000000007633434b 6 bytes [68, 0E, 5B, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!PeekMessageA                                  0000000076335f74 6 bytes [68, 9D, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                  0000000076336222 6 bytes [68, E3, 19, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!CallWindowProcA                               000000007633792f 6 bytes [68, 3C, 5A, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                 0000000076337fbb 6 bytes [68, 1E, 59, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                              000000007633810c 6 bytes [68, AD, 59, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                 00000000763385c1 6 bytes [68, D5, 58, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                              00000000763386b4 6 bytes [68, 67, 59, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                 000000007634d41f 6 bytes [68, 50, 19, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                000000007634ed49 6 bytes [68, 33, DD, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!SetCapture                                    000000007634ed56 4 bytes [68, D9, DC, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                000000007634ed5b 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                 0000000076369854 6 bytes [68, 9F, 57, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!SetCursorPos                                  0000000076369cfd 6 bytes [68, 9C, DC, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!GetClipboardData                              0000000076369f1d 6 bytes [68, 54, 5F, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                              00000000763887cb 4 bytes [68, 4F, 57, 1B]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                          00000000763887d0 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                        000000007641c592 6 bytes [68, B1, D3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                        0000000076452538 6 bytes [68, 9A, D3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                           0000000075da1224 6 bytes [68, 89, 7E, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076181465 2 bytes [18, 76]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000761814bb 2 bytes [18, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WS2_32.dll!closesocket                                   00000000759c3918 6 bytes [68, 27, E3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                   00000000759c4296 6 bytes [68, 38, DF, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WS2_32.dll!WSASend                                       00000000759c4406 6 bytes [68, 80, E3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WS2_32.dll!send                                          00000000759c6f01 6 bytes [68, 5F, E3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                 00000000759d7673 6 bytes [68, C8, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                               000000007609a336 6 bytes [68, 7C, 0A, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                          000000007609ab41 6 bytes [68, DC, 08, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WININET.dll!InternetReadFile                             000000007609b3fe 6 bytes [68, 49, 09, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                             00000000760a4a42 6 bytes [68, DA, 05, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                             00000000760a4c7d 6 bytes [68, 1E, 06, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                   00000000760a5e5d 6 bytes [68, 50, 0A, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                             00000000760aba12 6 bytes [68, 62, 06, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                              00000000760b45e2 6 bytes [68, 46, 08, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                           00000000760b4a35 6 bytes [68, 0C, 07, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                          00000000760cae56 6 bytes [68, 77, 09, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                       00000000760fb04e 6 bytes [68, F6, 09, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                           0000000076111962 6 bytes [68, A9, 07, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                              00000000761119e5 6 bytes [68, 91, 08, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4912] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                             0000000076111a48 6 bytes [68, B7, 06, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                            00000000779908fc 4 bytes [68, A0, CF, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                        0000000077990901 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                           00000000779a25fd 6 bytes [68, BD, 57, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                     00000000779ac45a 6 bytes [68, CB, D0, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                           00000000779b2a63 6 bytes [68, 03, 58, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                           00000000779d4128 6 bytes [68, 49, 58, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                           00000000779de659 6 bytes [68, 8F, 58, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                        00000000757d455c 6 bytes [68, 34, D3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\kernel32.dll!ExitProcess                                 00000000757d79f8 6 bytes [68, F3, D2, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!GetDC                                         00000000763272c4 4 bytes [68, 92, 18, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!GetDC + 5                                     00000000763272c9 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!ReleaseDC                                     0000000076327446 6 bytes [68, 10, 19, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!TranslateMessage                              0000000076327809 6 bytes [68, A5, 5D, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!GetMessageW                                   00000000763278e2 6 bytes [68, 22, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!GetMessageA                                   0000000076327bd3 6 bytes [68, 4A, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!GetWindowDC                                   0000000076328048 4 bytes [68, D1, 18, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                               000000007632804d 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!RegisterClassW                                0000000076328a65 6 bytes [68, C1, 5A, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!RegisterClassExW                              000000007632b17d 6 bytes [68, 5B, 5B, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!RegisterClassExA                              000000007632db98 6 bytes [68, AD, 5B, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!PeekMessageW                                  00000000763305ba 6 bytes [68, 72, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!CallWindowProcW                               0000000076330d32 6 bytes [68, F3, 59, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!GetCursorPos                                  0000000076331218 6 bytes [68, 55, DC, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!EndPaint                                      0000000076331341 4 bytes [68, F7, 17, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                  0000000076331346 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!BeginPaint                                    0000000076331361 4 bytes [68, 87, 17, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                0000000076331366 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!GetMessagePos                                 0000000076332a8d 6 bytes [68, 23, DC, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!GetCapture                                    0000000076332aac 6 bytes [68, 83, DD, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!GetDCEx                                       0000000076333391 4 bytes [68, 37, 18, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                   0000000076333396 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!RegisterClassA                                000000007633434b 6 bytes [68, 0E, 5B, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!PeekMessageA                                  0000000076335f74 6 bytes [68, 9D, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                  0000000076336222 6 bytes [68, E3, 19, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!CallWindowProcA                               000000007633792f 6 bytes [68, 3C, 5A, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                 0000000076337fbb 6 bytes [68, 1E, 59, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                              000000007633810c 6 bytes [68, AD, 59, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                 00000000763385c1 6 bytes [68, D5, 58, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                              00000000763386b4 6 bytes [68, 67, 59, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                 000000007634d41f 6 bytes [68, 50, 19, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                000000007634ed49 6 bytes [68, 33, DD, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!SetCapture                                    000000007634ed56 4 bytes [68, D9, DC, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                000000007634ed5b 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                 0000000076369854 6 bytes [68, 9F, 57, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!SetCursorPos                                  0000000076369cfd 6 bytes [68, 9C, DC, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!GetClipboardData                              0000000076369f1d 6 bytes [68, 54, 5F, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                              00000000763887cb 4 bytes [68, 4F, 57, 1B]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                          00000000763887d0 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                        000000007641c592 6 bytes [68, B1, D3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                        0000000076452538 6 bytes [68, 9A, D3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WS2_32.dll!closesocket                                   00000000759c3918 6 bytes [68, 27, E3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                   00000000759c4296 6 bytes [68, 38, DF, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WS2_32.dll!WSASend                                       00000000759c4406 6 bytes [68, 80, E3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WS2_32.dll!send                                          00000000759c6f01 6 bytes [68, 5F, E3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                 00000000759d7673 6 bytes [68, C8, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                           0000000075da1224 6 bytes [68, 89, 7E, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                               000000007609a336 6 bytes [68, 7C, 0A, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                          000000007609ab41 6 bytes [68, DC, 08, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WININET.dll!InternetReadFile                             000000007609b3fe 6 bytes [68, 49, 09, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                             00000000760a4a42 6 bytes [68, DA, 05, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                             00000000760a4c7d 6 bytes [68, 1E, 06, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                   00000000760a5e5d 6 bytes [68, 50, 0A, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                             00000000760aba12 6 bytes [68, 62, 06, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                              00000000760b45e2 6 bytes [68, 46, 08, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                           00000000760b4a35 6 bytes [68, 0C, 07, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                          00000000760cae56 6 bytes [68, 77, 09, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                       00000000760fb04e 6 bytes [68, F6, 09, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                           0000000076111962 6 bytes [68, A9, 07, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                              00000000761119e5 6 bytes [68, 91, 08, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4128] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                             0000000076111a48 6 bytes [68, B7, 06, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                             00000000779908fc 4 bytes [68, A0, CF, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                         0000000077990901 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                            00000000779a25fd 6 bytes [68, BD, 57, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                      00000000779ac45a 6 bytes [68, CB, D0, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                            00000000779b2a63 6 bytes [68, 03, 58, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                            00000000779d4128 6 bytes [68, 49, 58, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                            00000000779de659 6 bytes [68, 8F, 58, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                         00000000757d455c 6 bytes [68, 34, D3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\kernel32.dll!ExitProcess                                  00000000757d79f8 6 bytes [68, F3, D2, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!GetDC                                          00000000763272c4 4 bytes [68, 92, 18, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!GetDC + 5                                      00000000763272c9 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!ReleaseDC                                      0000000076327446 6 bytes [68, 10, 19, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!TranslateMessage                               0000000076327809 6 bytes [68, A5, 5D, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!GetMessageW                                    00000000763278e2 6 bytes [68, 22, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!GetMessageA                                    0000000076327bd3 6 bytes [68, 4A, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!GetWindowDC                                    0000000076328048 4 bytes [68, D1, 18, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                000000007632804d 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!RegisterClassW                                 0000000076328a65 6 bytes [68, C1, 5A, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!RegisterClassExW                               000000007632b17d 6 bytes [68, 5B, 5B, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!RegisterClassExA                               000000007632db98 6 bytes [68, AD, 5B, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!PeekMessageW                                   00000000763305ba 6 bytes [68, 72, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                0000000076330d32 6 bytes [68, F3, 59, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!GetCursorPos                                   0000000076331218 6 bytes [68, 55, DC, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!EndPaint                                       0000000076331341 4 bytes [68, F7, 17, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                   0000000076331346 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!BeginPaint                                     0000000076331361 4 bytes [68, 87, 17, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                 0000000076331366 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!GetMessagePos                                  0000000076332a8d 6 bytes [68, 23, DC, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!GetCapture                                     0000000076332aac 6 bytes [68, 83, DD, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!GetDCEx                                        0000000076333391 4 bytes [68, 37, 18, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                    0000000076333396 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!RegisterClassA                                 000000007633434b 6 bytes [68, 0E, 5B, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!PeekMessageA                                   0000000076335f74 6 bytes [68, 9D, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                   0000000076336222 6 bytes [68, E3, 19, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                000000007633792f 6 bytes [68, 3C, 5A, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                  0000000076337fbb 6 bytes [68, 1E, 59, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                               000000007633810c 6 bytes [68, AD, 59, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                  00000000763385c1 6 bytes [68, D5, 58, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                               00000000763386b4 6 bytes [68, 67, 59, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                  000000007634d41f 6 bytes [68, 50, 19, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                 000000007634ed49 6 bytes [68, 33, DD, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!SetCapture                                     000000007634ed56 4 bytes [68, D9, DC, 1A]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                 000000007634ed5b 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                  0000000076369854 6 bytes [68, 9F, 57, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!SetCursorPos                                   0000000076369cfd 6 bytes [68, 9C, DC, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!GetClipboardData                               0000000076369f1d 6 bytes [68, 54, 5F, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                               00000000763887cb 4 bytes [68, 4F, 57, 1B]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                           00000000763887d0 1 byte [C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                         000000007641c592 6 bytes [68, B1, D3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                         0000000076452538 6 bytes [68, 9A, D3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000076181465 2 bytes [18, 76]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000761814bb 2 bytes [18, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WS2_32.dll!closesocket                                    00000000759c3918 6 bytes [68, 27, E3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                    00000000759c4296 6 bytes [68, 38, DF, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WS2_32.dll!WSASend                                        00000000759c4406 6 bytes [68, 80, E3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WS2_32.dll!send                                           00000000759c6f01 6 bytes [68, 5F, E3, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                  00000000759d7673 6 bytes [68, C8, DE, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                            0000000075da1224 6 bytes [68, 89, 7E, 1A, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                000000007609a336 6 bytes [68, 7C, 0A, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                           000000007609ab41 6 bytes [68, DC, 08, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WININET.dll!InternetReadFile                              000000007609b3fe 6 bytes [68, 49, 09, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                              00000000760a4a42 6 bytes [68, DA, 05, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                              00000000760a4c7d 6 bytes [68, 1E, 06, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                    00000000760a5e5d 6 bytes [68, 50, 0A, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                              00000000760aba12 6 bytes [68, 62, 06, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                               00000000760b45e2 6 bytes [68, 46, 08, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                            00000000760b4a35 6 bytes [68, 0C, 07, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                           00000000760cae56 6 bytes [68, 77, 09, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                        00000000760fb04e 6 bytes [68, F6, 09, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                            0000000076111962 6 bytes [68, A9, 07, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                               00000000761119e5 6 bytes [68, 91, 08, 1B, 00, C3]
.text  C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4564] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                              0000000076111a48 6 bytes [68, B7, 06, 1B, 00, C3]

---- EOF - GMER 2.1 ----
         

Ok, was ist mit dem anderen Log?

So Malwarebytes ist jetzt auch fertig beim ersten Scan wurde mir 1 Fund gezeigt den ich dann mit einem Neustart bereinigt habe,der 2. Scan blieb ohne Fund allerdings muss ich dazu sagen das Avira Antivir mir während dem 2 Scan wieder mal 2 Funde gezeigt hat:

In der Datei 'C:\Users\Sagran\AppData\Roaming\ie_util.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Bublik.65536.126' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Users\Sagran\AppData\Local\Temp\tmp74ad15ea\qw.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Bublik.65536.126' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Ich habe mittlerweile 6 Funde bei Avira in quarantäne.

So hier die Logs von mbar

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: *** [administrator]

28.02.2013 15:06:16
mbar-log-2013-02-28 (15-06-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29674
Time elapsed: 15 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\***\AppData\Local\Temp\ICReinstall\FLVPlayerSetup.exe (Adware.Agent) -> Delete on reboot.

(end)
         

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: *** [administrator]

28.02.2013 15:26:14
mbar-log-2013-02-28 (15-26-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29659
Time elapsed: 16 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS-Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-28 17:04:44
-----------------------------
17:04:44.707 OS Version: Windows x64 6.1.7601 Service Pack 1
17:04:44.707 Number of processors: 4 586 0x2A07
17:04:44.707 ComputerName: *** UserName: ***
17:04:45.768 Initialize success
17:06:59.893 AVAST engine defs: 13022800
17:07:42.700 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:07:42.700 Disk 0 Vendor: TOSHIBA_ GH10 Size: 610480MB BusType: 3
17:07:42.746 Disk 0 MBR read successfully
17:07:42.746 Disk 0 MBR scan
17:07:42.762 Disk 0 Windows 7 default MBR code
17:07:42.778 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 399 MB offset 2048
17:07:42.793 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 304850 MB offset 819200
17:07:42.824 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 305230 MB offset 625152000
17:07:42.856 Disk 0 scanning C:\Windows\system32\drivers
17:07:54.930 Service scanning
17:08:44.757 Modules scanning
17:08:44.772 Disk 0 trace - called modules:
17:08:44.819 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:08:44.835 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009986060]
17:08:44.850 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007afc050]
17:08:45.615 AVAST engine scan C:\Windows
17:08:47.596 AVAST engine scan C:\Windows\system32
17:11:49.508 AVAST engine scan C:\Windows\system32\drivers
17:12:03.626 AVAST engine scan C:\Users\***
17:13:08.693 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
17:13:08.693 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

Gut das nächste ist jetzt auch fertig muß es aber in zwei teilen posten da es sonst zu groß ist

Code: Alles auswählenAufklappen

ATTFilter

17:56:28.0800 5752  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:56:28.0940 5752  ============================================================
17:56:28.0940 5752  Current date / time: 2013/02/28 17:56:28.0940
17:56:28.0940 5752  SystemInfo:
17:56:28.0940 5752  
17:56:28.0940 5752  OS Version: 6.1.7601 ServicePack: 1.0
17:56:28.0940 5752  Product type: Workstation
17:56:28.0940 5752  ComputerName: ***
17:56:28.0940 5752  UserName: ***
17:56:28.0940 5752  Windows directory: C:\Windows
17:56:28.0940 5752  System windows directory: C:\Windows
17:56:28.0940 5752  Running under WOW64
17:56:28.0940 5752  Processor architecture: Intel x64
17:56:28.0940 5752  Number of processors: 4
17:56:28.0940 5752  Page size: 0x1000
17:56:28.0940 5752  Boot type: Normal boot
17:56:28.0940 5752  ============================================================
17:56:29.0450 5752  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:56:29.0460 5752  ============================================================
17:56:29.0460 5752  \Device\Harddisk0\DR0:
17:56:29.0460 5752  MBR partitions:
17:56:29.0460 5752  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8000, BlocksNum 0x25369000
17:56:29.0460 5752  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25431000, BlocksNum 0x25427000
17:56:29.0460 5752  ============================================================
17:56:29.0470 5752  C: <-> \Device\Harddisk0\DR0\Partition1
17:56:29.0500 5752  D: <-> \Device\Harddisk0\DR0\Partition2
17:56:29.0500 5752  ============================================================
17:56:29.0500 5752  Initialize success
17:56:29.0500 5752  ============================================================
17:57:20.0124 1012  ============================================================
17:57:20.0124 1012  Scan started
17:57:20.0124 1012  Mode: Manual; SigCheck; TDLFS; 
17:57:20.0124 1012  ============================================================
17:57:20.0888 1012  ================ Scan system memory ========================
17:57:20.0888 1012  System memory - ok
17:57:20.0888 1012  ================ Scan services =============================
17:57:21.0200 1012  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:57:21.0419 1012  1394ohci - ok
17:57:21.0481 1012  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:57:21.0528 1012  ACPI - ok
17:57:21.0559 1012  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:57:21.0590 1012  AcpiPmi - ok
17:57:21.0684 1012  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:57:21.0715 1012  AdobeARMservice - ok
17:57:21.0840 1012  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:57:21.0887 1012  AdobeFlashPlayerUpdateSvc - ok
17:57:21.0949 1012  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:57:22.0011 1012  adp94xx - ok
17:57:22.0027 1012  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:57:22.0058 1012  adpahci - ok
17:57:22.0105 1012  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:57:22.0121 1012  adpu320 - ok
17:57:22.0167 1012  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:57:22.0261 1012  AeLookupSvc - ok
17:57:22.0292 1012  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:57:22.0386 1012  AFD - ok
17:57:22.0417 1012  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:57:22.0448 1012  agp440 - ok
17:57:22.0495 1012  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:57:22.0573 1012  ALG - ok
17:57:22.0620 1012  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:57:22.0651 1012  aliide - ok
17:57:22.0682 1012  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:57:22.0713 1012  amdide - ok
17:57:22.0760 1012  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:57:22.0823 1012  AmdK8 - ok
17:57:22.0854 1012  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:57:22.0901 1012  AmdPPM - ok
17:57:22.0947 1012  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:57:22.0963 1012  amdsata - ok
17:57:23.0010 1012  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:57:23.0041 1012  amdsbs - ok
17:57:23.0088 1012  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:57:23.0119 1012  amdxata - ok
17:57:23.0197 1012  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:57:23.0244 1012  AntiVirSchedulerService - ok
17:57:23.0291 1012  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:57:23.0337 1012  AntiVirService - ok
17:57:23.0384 1012  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:57:23.0478 1012  AppID - ok
17:57:23.0493 1012  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:57:23.0587 1012  AppIDSvc - ok
17:57:23.0649 1012  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:57:23.0727 1012  Appinfo - ok
17:57:23.0743 1012  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:57:23.0759 1012  arc - ok
17:57:23.0774 1012  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:57:23.0774 1012  arcsas - ok
17:57:23.0790 1012  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:57:23.0868 1012  AsyncMac - ok
17:57:23.0899 1012  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:57:23.0930 1012  atapi - ok
17:57:24.0039 1012  [ B2931C83CFB12A3223A47B180473AE1A ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:57:24.0133 1012  athr - ok
17:57:24.0195 1012  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:57:24.0320 1012  AudioEndpointBuilder - ok
17:57:24.0336 1012  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:57:24.0367 1012  AudioSrv - ok
17:57:24.0398 1012  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:57:24.0429 1012  avgntflt - ok
17:57:24.0461 1012  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:57:24.0492 1012  avipbb - ok
17:57:24.0507 1012  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:57:24.0539 1012  avkmgr - ok
17:57:24.0570 1012  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:57:24.0663 1012  AxInstSV - ok
17:57:24.0710 1012  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:57:24.0773 1012  b06bdrv - ok
17:57:24.0819 1012  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:57:24.0882 1012  b57nd60a - ok
17:57:24.0929 1012  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:57:24.0991 1012  BDESVC - ok
17:57:25.0022 1012  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:57:25.0131 1012  Beep - ok
17:57:25.0194 1012  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:57:25.0334 1012  BFE - ok
17:57:25.0365 1012  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:57:25.0490 1012  BITS - ok
17:57:25.0521 1012  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:57:25.0584 1012  blbdrive - ok
17:57:25.0615 1012  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:57:25.0662 1012  bowser - ok
17:57:25.0693 1012  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:57:25.0724 1012  BrFiltLo - ok
17:57:25.0755 1012  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:57:25.0787 1012  BrFiltUp - ok
17:57:25.0818 1012  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:57:25.0865 1012  Browser - ok
17:57:25.0896 1012  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:57:25.0974 1012  Brserid - ok
17:57:26.0005 1012  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:57:26.0052 1012  BrSerWdm - ok
17:57:26.0067 1012  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:57:26.0145 1012  BrUsbMdm - ok
17:57:26.0161 1012  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:57:26.0208 1012  BrUsbSer - ok
17:57:26.0239 1012  [ 2347ABBD13BADA65826FDAB4CAAFE357 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
17:57:26.0255 1012  BtFilter - ok
17:57:26.0286 1012  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:57:26.0333 1012  BTHMODEM - ok
17:57:26.0364 1012  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:57:26.0426 1012  bthserv - ok
17:57:26.0473 1012  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:57:26.0535 1012  cdfs - ok
17:57:26.0598 1012  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:57:26.0645 1012  cdrom - ok
17:57:26.0707 1012  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:57:26.0816 1012  CertPropSvc - ok
17:57:26.0925 1012  [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
17:57:26.0972 1012  cfWiMAXService - ok
17:57:27.0003 1012  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:57:27.0081 1012  circlass - ok
17:57:27.0113 1012  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:57:27.0175 1012  CLFS - ok
17:57:27.0222 1012  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:57:27.0253 1012  clr_optimization_v2.0.50727_32 - ok
17:57:27.0315 1012  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:57:27.0347 1012  clr_optimization_v2.0.50727_64 - ok
17:57:27.0409 1012  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:57:27.0456 1012  clr_optimization_v4.0.30319_32 - ok
17:57:27.0503 1012  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:57:27.0534 1012  clr_optimization_v4.0.30319_64 - ok
17:57:27.0581 1012  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:57:27.0643 1012  CmBatt - ok
17:57:27.0674 1012  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:57:27.0705 1012  cmdide - ok
17:57:27.0752 1012  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:57:27.0815 1012  CNG - ok
17:57:27.0908 1012  [ 66847C979893A11CFCC2280E772D7EA1 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
17:57:27.0971 1012  CnxtHdAudService - ok
17:57:28.0002 1012  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:57:28.0017 1012  Compbatt - ok
17:57:28.0049 1012  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:57:28.0127 1012  CompositeBus - ok
17:57:28.0142 1012  COMSysApp - ok
17:57:28.0189 1012  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
17:57:28.0220 1012  ConfigFree Service - ok
17:57:28.0251 1012  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:57:28.0283 1012  crcdisk - ok
17:57:28.0345 1012  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:57:28.0423 1012  CryptSvc - ok
17:57:28.0517 1012  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:57:28.0595 1012  cvhsvc - ok
17:57:28.0657 1012  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:57:28.0751 1012  DcomLaunch - ok
17:57:28.0797 1012  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:57:28.0891 1012  defragsvc - ok
17:57:28.0922 1012  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:57:29.0000 1012  DfsC - ok
17:57:29.0047 1012  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:57:29.0172 1012  Dhcp - ok
17:57:29.0203 1012  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:57:29.0281 1012  discache - ok
17:57:29.0312 1012  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:57:29.0343 1012  Disk - ok
17:57:29.0390 1012  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:57:29.0437 1012  Dnscache - ok
17:57:29.0468 1012  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:57:29.0546 1012  dot3svc - ok
17:57:29.0577 1012  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:57:29.0687 1012  DPS - ok
17:57:29.0733 1012  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:57:29.0765 1012  drmkaud - ok
17:57:29.0811 1012  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:57:29.0874 1012  DXGKrnl - ok
17:57:29.0905 1012  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:57:29.0999 1012  EapHost - ok
17:57:30.0092 1012  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:57:30.0170 1012  ebdrv - ok
17:57:30.0201 1012  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:57:30.0233 1012  EFS - ok
17:57:30.0295 1012  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:57:30.0357 1012  ehRecvr - ok
17:57:30.0389 1012  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:57:30.0451 1012  ehSched - ok
17:57:30.0498 1012  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:57:30.0560 1012  elxstor - ok
17:57:30.0560 1012  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:57:30.0592 1012  ErrDev - ok
17:57:30.0638 1012  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:57:30.0732 1012  EventSystem - ok
17:57:30.0763 1012  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:57:30.0810 1012  exfat - ok
17:57:30.0826 1012  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:57:30.0872 1012  fastfat - ok
17:57:30.0919 1012  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:57:30.0966 1012  Fax - ok
17:57:30.0997 1012  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:57:31.0028 1012  fdc - ok
17:57:31.0060 1012  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:57:31.0122 1012  fdPHost - ok
17:57:31.0122 1012  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:57:31.0200 1012  FDResPub - ok
17:57:31.0247 1012  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:57:31.0247 1012  FileInfo - ok
17:57:31.0262 1012  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:57:31.0325 1012  Filetrace - ok
17:57:31.0356 1012  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:57:31.0372 1012  flpydisk - ok
17:57:31.0403 1012  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:57:31.0465 1012  FltMgr - ok
17:57:31.0512 1012  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
17:57:31.0574 1012  FontCache - ok
17:57:31.0621 1012  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:57:31.0637 1012  FontCache3.0.0.0 - ok
17:57:31.0668 1012  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:57:31.0684 1012  FsDepends - ok
17:57:31.0730 1012  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:57:31.0746 1012  Fs_Rec - ok
17:57:31.0793 1012  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:57:31.0824 1012  fvevol - ok
17:57:31.0855 1012  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:57:31.0886 1012  gagp30kx - ok
17:57:31.0933 1012  [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
17:57:31.0964 1012  ggflt - ok
17:57:31.0996 1012  [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
17:57:32.0011 1012  ggsemc - ok
17:57:32.0074 1012  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:57:32.0214 1012  gpsvc - ok
17:57:32.0261 1012  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:57:32.0292 1012  hcw85cir - ok
17:57:32.0323 1012  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:57:32.0370 1012  HdAudAddService - ok
17:57:32.0417 1012  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:57:32.0479 1012  HDAudBus - ok
17:57:32.0495 1012  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:57:32.0542 1012  HidBatt - ok
17:57:32.0542 1012  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:57:32.0588 1012  HidBth - ok
17:57:32.0620 1012  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:57:32.0682 1012  HidIr - ok
17:57:32.0713 1012  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:57:32.0791 1012  hidserv - ok
17:57:32.0822 1012  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
17:57:32.0854 1012  HidUsb - ok
17:57:32.0916 1012  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:57:33.0025 1012  hkmsvc - ok
17:57:33.0056 1012  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:57:33.0103 1012  HomeGroupListener - ok
17:57:33.0150 1012  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:57:33.0197 1012  HomeGroupProvider - ok
17:57:33.0244 1012  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:57:33.0275 1012  HpSAMD - ok
17:57:33.0353 1012  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:57:33.0462 1012  HTTP - ok
17:57:33.0509 1012  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:57:33.0540 1012  hwpolicy - ok
17:57:33.0618 1012  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:57:33.0665 1012  i8042prt - ok
17:57:33.0712 1012  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:57:33.0743 1012  iaStor - ok
17:57:33.0790 1012  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:57:33.0836 1012  iaStorV - ok
17:57:33.0899 1012  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:57:33.0946 1012  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:57:33.0946 1012  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:57:34.0024 1012  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:57:34.0102 1012  idsvc - ok
17:57:34.0133 1012  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:57:34.0180 1012  iirsp - ok
17:57:34.0226 1012  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:57:34.0351 1012  IKEEXT - ok
17:57:34.0367 1012  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:57:34.0398 1012  intelide - ok
17:57:34.0429 1012  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:57:34.0460 1012  intelppm - ok
17:57:34.0507 1012  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:57:34.0601 1012  IPBusEnum - ok
17:57:34.0648 1012  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:57:34.0741 1012  IpFilterDriver - ok
17:57:34.0819 1012  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:57:34.0960 1012  iphlpsvc - ok
17:57:34.0991 1012  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:57:35.0022 1012  IPMIDRV - ok
17:57:35.0053 1012  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:57:35.0116 1012  IPNAT - ok
17:57:35.0147 1012  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:57:35.0194 1012  IRENUM - ok
17:57:35.0209 1012  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:57:35.0225 1012  isapnp - ok
17:57:35.0272 1012  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:57:35.0303 1012  iScsiPrt - ok
17:57:35.0334 1012  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:57:35.0350 1012  kbdclass - ok
17:57:35.0381 1012  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:57:35.0412 1012  kbdhid - ok
17:57:35.0428 1012  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:57:35.0443 1012  KeyIso - ok
17:57:35.0474 1012  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:57:35.0506 1012  KSecDD - ok
17:57:35.0506 1012  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:57:35.0537 1012  KSecPkg - ok
17:57:35.0584 1012  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:57:35.0646 1012  ksthunk - ok
17:57:35.0693 1012  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:57:35.0771 1012  KtmRm - ok
17:57:35.0802 1012  [ EBED8B3FF4A823C1A6EEBEED7B29353F ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
17:57:35.0802 1012  L1C - ok
17:57:35.0849 1012  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:57:35.0958 1012  LanmanServer - ok
17:57:36.0020 1012  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:57:36.0098 1012  LanmanWorkstation - ok
17:57:36.0145 1012  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:57:36.0239 1012  lltdio - ok
17:57:36.0270 1012  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:57:36.0317 1012  lltdsvc - ok
17:57:36.0348 1012  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:57:36.0426 1012  lmhosts - ok
17:57:36.0473 1012  [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:57:36.0520 1012  LMS - ok
17:57:36.0535 1012  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:57:36.0566 1012  LSI_FC - ok
17:57:36.0582 1012  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:57:36.0598 1012  LSI_SAS - ok
17:57:36.0613 1012  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:57:36.0629 1012  LSI_SAS2 - ok
17:57:36.0644 1012  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:57:36.0660 1012  LSI_SCSI - ok
17:57:36.0691 1012  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:57:36.0769 1012  luafv - ok
17:57:36.0816 1012  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:57:36.0863 1012  Mcx2Svc - ok
17:57:36.0894 1012  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:57:36.0925 1012  megasas - ok
17:57:36.0925 1012  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:57:36.0956 1012  MegaSR - ok
17:57:36.0988 1012  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
17:57:37.0019 1012  MEIx64 - ok
17:57:37.0034 1012  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:57:37.0144 1012  MMCSS - ok
17:57:37.0175 1012  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:57:37.0253 1012  Modem - ok
17:57:37.0284 1012  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:57:37.0331 1012  monitor - ok
17:57:37.0378 1012  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
17:57:37.0409 1012  mouclass - ok
17:57:37.0424 1012  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:57:37.0471 1012  mouhid - ok
17:57:37.0502 1012  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:57:37.0549 1012  mountmgr - ok
17:57:37.0580 1012  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:57:37.0596 1012  mpio - ok
17:57:37.0627 1012  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:57:37.0674 1012  mpsdrv - ok
17:57:37.0721 1012  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:57:37.0846 1012  MpsSvc - ok
17:57:37.0877 1012  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:57:37.0939 1012  MRxDAV - ok
17:57:37.0955 1012  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:57:38.0002 1012  mrxsmb - ok
17:57:38.0048 1012  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:57:38.0111 1012  mrxsmb10 - ok
17:57:38.0126 1012  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:57:38.0189 1012  mrxsmb20 - ok
17:57:38.0236 1012  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:57:38.0267 1012  msahci - ok
17:57:38.0282 1012  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:57:38.0314 1012  msdsm - ok
17:57:38.0329 1012  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:57:38.0407 1012  MSDTC - ok
17:57:38.0454 1012  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:57:38.0548 1012  Msfs - ok
17:57:38.0563 1012  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:57:38.0626 1012  mshidkmdf - ok
17:57:38.0657 1012  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:57:38.0688 1012  msisadrv - ok
17:57:38.0719 1012  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:57:38.0813 1012  MSiSCSI - ok
17:57:38.0813 1012  msiserver - ok
17:57:38.0860 1012  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:57:38.0953 1012  MSKSSRV - ok
17:57:38.0969 1012  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:57:39.0031 1012  MSPCLOCK - ok
17:57:39.0047 1012  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:57:39.0094 1012  MSPQM - ok
17:57:39.0125 1012  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:57:39.0140 1012  MsRPC - ok
17:57:39.0172 1012  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:57:39.0187 1012  mssmbios - ok
17:57:39.0234 1012  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:57:39.0296 1012  MSTEE - ok
17:57:39.0296 1012  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:57:39.0328 1012  MTConfig - ok
17:57:39.0343 1012  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:57:39.0359 1012  Mup - ok
17:57:39.0406 1012  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:57:39.0452 1012  napagent - ok
17:57:39.0499 1012  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:57:39.0562 1012  NativeWifiP - ok
17:57:39.0655 1012  [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate        c:\Program Files (x86)\Nero\Update\NASvc.exe
17:57:39.0702 1012  NAUpdate - ok
17:57:39.0764 1012  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:57:39.0842 1012  NDIS - ok
17:57:39.0858 1012  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:57:39.0920 1012  NdisCap - ok
17:57:39.0952 1012  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:57:40.0014 1012  NdisTapi - ok
17:57:40.0030 1012  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:57:40.0108 1012  Ndisuio - ok
17:57:40.0139 1012  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:57:40.0232 1012  NdisWan - ok
17:57:40.0279 1012  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:57:40.0326 1012  NDProxy - ok
17:57:40.0357 1012  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:57:40.0435 1012  NetBIOS - ok
17:57:40.0466 1012  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:57:40.0544 1012  NetBT - ok
17:57:40.0560 1012  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:57:40.0576 1012  Netlogon - ok
17:57:40.0607 1012  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:57:40.0716 1012  Netman - ok
17:57:40.0732 1012  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:57:40.0794 1012  netprofm - ok
17:57:40.0810 1012  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:57:40.0825 1012  NetTcpPortSharing - ok
17:57:40.0856 1012  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:57:40.0872 1012  nfrd960 - ok
17:57:40.0919 1012  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:57:41.0028 1012  NlaSvc - ok
17:57:41.0044 1012  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:57:41.0106 1012  Npfs - ok
17:57:41.0122 1012  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:57:41.0184 1012  nsi - ok
17:57:41.0215 1012  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:57:41.0293 1012  nsiproxy - ok
17:57:41.0371 1012  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:57:41.0449 1012  Ntfs - ok
17:57:41.0465 1012  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:57:41.0558 1012  Null - ok
17:57:41.0605 1012  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
17:57:41.0636 1012  nusb3hub - ok
17:57:41.0652 1012  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:57:41.0699 1012  nusb3xhc - ok
17:57:41.0746 1012  [ 857FB74754EBFF94EE3AD40788740916 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
17:57:41.0792 1012  NVHDA - ok
17:57:42.0104 1012  [ 830886C8D7C17710F615C5705C41C9EA ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:57:42.0276 1012  nvlddmkm - ok
17:57:42.0370 1012  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:57:42.0416 1012  nvraid - ok
17:57:42.0448 1012  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:57:42.0479 1012  nvstor - ok
17:57:42.0572 1012  [ 8A8A19E613B3684F4F42E65038F6F338 ] NVSvc           C:\Windows\system32\nvvsvc.exe
17:57:42.0635 1012  NVSvc - ok
17:57:42.0666 1012  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:57:42.0713 1012  nv_agp - ok
17:57:42.0744 1012  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:57:42.0791 1012  ohci1394 - ok
17:57:42.0838 1012  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:57:42.0884 1012  ose - ok
17:57:43.0056 1012  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:57:43.0150 1012  osppsvc - ok
17:57:43.0165 1012  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:57:43.0196 1012  p2pimsvc - ok
17:57:43.0228 1012  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:57:43.0274 1012  p2psvc - ok
17:57:43.0306 1012  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:57:43.0337 1012  Parport - ok
17:57:43.0368 1012  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:57:43.0415 1012  partmgr - ok
17:57:43.0430 1012  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:57:43.0477 1012  PcaSvc - ok
17:57:43.0493 1012  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:57:43.0524 1012  pci - ok
17:57:43.0555 1012  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:57:43.0586 1012  pciide - ok
17:57:43.0618 1012  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:57:43.0649 1012  pcmcia - ok
17:57:43.0664 1012  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:57:43.0696 1012  pcw - ok
17:57:43.0727 1012  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:57:43.0836 1012  PEAUTH - ok
17:57:44.0008 1012  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:57:44.0070 1012  PerfHost - ok
17:57:44.0148 1012  [ 663962900E7FEA522126BA287715BB4A ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
17:57:44.0179 1012  PGEffect - ok
17:57:44.0242 1012  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:57:44.0366 1012  pla - ok
17:57:44.0382 1012  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:57:44.0413 1012  PlugPlay - ok
17:57:44.0444 1012  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:57:44.0476 1012  PNRPAutoReg - ok
17:57:44.0507 1012  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:57:44.0538 1012  PNRPsvc - ok
17:57:44.0569 1012  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:57:44.0678 1012  PolicyAgent - ok
17:57:44.0725 1012  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:57:44.0834 1012  Power - ok
17:57:44.0881 1012  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:57:44.0975 1012  PptpMiniport - ok
17:57:45.0006 1012  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:57:45.0053 1012  Processor - ok
17:57:45.0100 1012  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
17:57:45.0193 1012  ProfSvc - ok
17:57:45.0209 1012  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:57:45.0224 1012  ProtectedStorage - ok
17:57:45.0271 1012  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:57:45.0365 1012  Psched - ok
17:57:45.0380 1012  [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem          C:\Windows\system32\DRIVERS\QIOMem.sys
17:57:45.0412 1012  QIOMem - ok
17:57:45.0505 1012  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:57:45.0552 1012  ql2300 - ok
17:57:45.0568 1012  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:57:45.0583 1012  ql40xx - ok
17:57:45.0614 1012  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:57:45.0677 1012  QWAVE - ok
17:57:45.0692 1012  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:57:45.0755 1012  QWAVEdrv - ok
17:57:45.0770 1012  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:57:45.0833 1012  RasAcd - ok
17:57:45.0864 1012  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:57:45.0926 1012  RasAgileVpn - ok
17:57:45.0973 1012  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:57:46.0051 1012  RasAuto - ok
17:57:46.0067 1012  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:57:46.0114 1012  Rasl2tp - ok
17:57:46.0176 1012  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:57:46.0254 1012  RasMan - ok
17:57:46.0270 1012  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:57:46.0316 1012  RasPppoe - ok
17:57:46.0348 1012  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:57:46.0426 1012  RasSstp - ok
17:57:46.0472 1012  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:57:46.0566 1012  rdbss - ok
17:57:46.0582 1012  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:57:46.0597 1012  rdpbus - ok
17:57:46.0613 1012  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:57:46.0675 1012  RDPCDD - ok
17:57:46.0691 1012  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:57:46.0738 1012  RDPENCDD - ok
17:57:46.0753 1012  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:57:46.0784 1012  RDPREFMP - ok
17:57:46.0816 1012  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:57:46.0878 1012  RDPWD - ok
17:57:46.0909 1012  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:57:46.0956 1012  rdyboost - ok
17:57:46.0972 1012  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:57:47.0050 1012  RemoteAccess - ok
17:57:47.0081 1012  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:57:47.0159 1012  RemoteRegistry - ok
17:57:47.0206 1012  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
17:57:47.0268 1012  ROOTMODEM - ok
17:57:47.0299 1012  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:57:47.0377 1012  RpcEptMapper - ok
17:57:47.0393 1012  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:57:47.0424 1012  RpcLocator - ok
17:57:47.0455 1012  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:57:47.0533 1012  RpcSs - ok
17:57:47.0533 1012  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:57:47.0596 1012  rspndr - ok
17:57:47.0642 1012  [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
17:57:47.0674 1012  RSUSBSTOR - ok
17:57:47.0689 1012  [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR      C:\Windows\system32\Drivers\RTSUVSTOR.sys
17:57:47.0720 1012  RSUSBVSTOR - ok
17:57:47.0720 1012  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:57:47.0736 1012  SamSs - ok
17:57:47.0783 1012  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:57:47.0814 1012  sbp2port - ok
17:57:47.0845 1012  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:57:47.0939 1012  SCardSvr - ok
17:57:47.0986 1012  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:57:48.0064 1012  scfilter - ok
17:57:48.0110 1012  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:57:48.0251 1012  Schedule - ok
17:57:48.0282 1012  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:57:48.0344 1012  SCPolicySvc - ok
17:57:48.0376 1012  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:57:48.0438 1012  SDRSVC - ok
17:57:48.0469 1012  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:57:48.0563 1012  secdrv - ok
17:57:48.0578 1012  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:57:48.0656 1012  seclogon - ok
17:57:48.0703 1012  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:57:48.0781 1012  SENS - ok
17:57:48.0797 1012  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:57:48.0828 1012  SensrSvc - ok
17:57:48.0859 1012  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:57:48.0890 1012  Serenum - ok
17:57:48.0906 1012  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:57:48.0953 1012  Serial - ok
17:57:48.0984 1012  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:57:49.0031 1012  sermouse - ok
17:57:49.0093 1012  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:57:49.0202 1012  SessionEnv - ok
17:57:49.0234 1012  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:57:49.0265 1012  sffdisk - ok
17:57:49.0280 1012  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:57:49.0327 1012  sffp_mmc - ok
17:57:49.0343 1012  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:57:49.0390 1012  sffp_sd - ok
17:57:49.0421 1012  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:57:49.0468 1012  sfloppy - ok
17:57:49.0514 1012  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
17:57:49.0577 1012  Sftfs - ok
17:57:49.0655 1012  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:57:49.0702 1012  sftlist - ok
17:57:49.0733 1012  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:57:49.0780 1012  Sftplay - ok
17:57:49.0780 1012  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:57:49.0795 1012  Sftredir - ok
17:57:49.0795 1012  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
17:57:49.0811 1012  Sftvol - ok
17:57:49.0826 1012  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:57:49.0858 1012  sftvsa - ok
17:57:49.0889 1012  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:57:49.0951 1012  SharedAccess - ok
17:57:49.0982 1012  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:57:50.0060 1012  ShellHWDetection - ok
17:57:50.0092 1012  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:57:50.0107 1012  SiSRaid2 - ok
17:57:50.0123 1012  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:57:50.0138 1012  SiSRaid4 - ok
17:57:50.0232 1012  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:57:50.0310 1012  SkypeUpdate - ok
17:57:50.0341 1012  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:57:50.0388 1012  Smb - ok
17:57:50.0419 1012  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:57:50.0466 1012  SNMPTRAP - ok
17:57:50.0560 1012  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
17:57:50.0606 1012  Sony PC Companion - ok
17:57:50.0638 1012  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:57:50.0653 1012  spldr - ok
17:57:50.0700 1012  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
17:57:50.0794 1012  Spooler - ok
17:57:50.0903 1012  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:57:51.0168 1012  sppsvc - ok
17:57:51.0199 1012  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:57:51.0293 1012  sppuinotify - ok
17:57:51.0324 1012  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:57:51.0371 1012  srv - ok
17:57:51.0371 1012  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:57:51.0402 1012  srv2 - ok
17:57:51.0433 1012  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:57:51.0464 1012  SrvHsfHDA - ok
17:57:51.0511 1012  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:57:51.0558 1012  SrvHsfV92 - ok
17:57:51.0589 1012  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:57:51.0636 1012  SrvHsfWinac - ok
17:57:51.0652 1012  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:57:51.0698 1012  srvnet - ok
17:57:51.0730 1012  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:57:51.0792 1012  SSDPSRV - ok
17:57:51.0823 1012  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:57:51.0854 1012  SstpSvc - ok
17:57:51.0917 1012  [ 2E6A405505BBEF41998F0241D83B0CCE ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:57:51.0964 1012  Stereo Service - ok
17:57:51.0995 1012  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:57:52.0010 1012  stexstor - ok
17:57:52.0073 1012  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:57:52.0151 1012  stisvc - ok
17:57:52.0166 1012  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:57:52.0198 1012  swenum - ok
17:57:52.0229 1012  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:57:52.0322 1012  swprv - ok
17:57:52.0400 1012  [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:57:52.0478 1012  SynTP - ok
17:57:52.0556 1012  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:57:52.0634 1012  SysMain - ok
17:57:52.0666 1012  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:57:52.0728 1012  TabletInputService - ok
17:57:52.0744 1012  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:57:52.0806 1012  TapiSrv - ok
17:57:52.0837 1012  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:57:52.0868 1012  TBS - ok
17:57:52.0946 1012  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:57:53.0024 1012  Tcpip - ok
17:57:53.0102 1012  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:57:53.0149 1012  TCPIP6 - ok
17:57:53.0180 1012  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:57:53.0258 1012  tcpipreg - ok
17:57:53.0290 1012  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
17:57:53.0305 1012  tdcmdpst - ok
17:57:53.0321 1012  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:57:53.0368 1012  TDPIPE - ok
17:57:53.0399 1012  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:57:53.0430 1012  TDTCP - ok
17:57:53.0477 1012  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:57:53.0570 1012  tdx - ok
17:57:53.0617 1012  [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
17:57:53.0648 1012  TemproMonitoringService - ok
17:57:53.0680 1012  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:57:53.0711 1012  TermDD - ok
17:57:53.0758 1012  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:57:53.0867 1012  TermService - ok
17:57:53.0882 1012  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:57:53.0929 1012  Themes - ok
17:57:53.0945 1012  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:57:53.0992 1012  THREADORDER - ok
17:57:54.0116 1012  [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
17:57:54.0148 1012  TMachInfo - ok
17:57:54.0163 1012  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
17:57:54.0210 1012  TODDSrv - ok
17:57:54.0304 1012  [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv        C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
17:57:54.0350 1012  TosCoSrv - ok
17:57:54.0397 1012  [ 8F099BE5DB17D025E19652851399B9F1 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
17:57:54.0428 1012  TOSHIBA Bluetooth Service - ok
17:57:54.0522 1012  [ D33D5588576B04FC489DCCC66E98F546 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
17:57:54.0569 1012  TOSHIBA eco Utility Service - ok
17:57:54.0631 1012  [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
17:57:54.0662 1012  TOSHIBA HDD SSD Alert Service - ok
17:57:54.0694 1012  [ 8021F63311797085949FA387F7C83583 ] tosporte        C:\Windows\system32\DRIVERS\tosporte.sys
17:57:54.0725 1012  tosporte - ok
17:57:54.0756 1012  [ D15CFD7DE375B33042CF1F6E34DEE198 ] tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
17:57:54.0803 1012  tosrfbd - ok
17:57:54.0818 1012  [ 90F0B1745ABF13F44C2A6ED79F7CE9FB ] tosrfbnp        C:\Windows\system32\Drivers\tosrfbnp.sys
17:57:54.0850 1012  tosrfbnp - ok
17:57:54.0881 1012  [ 9E4E65EA51E34647340BD6007467AC54 ] Tosrfcom        C:\Windows\system32\Drivers\tosrfcom.sys
17:57:54.0912 1012  Tosrfcom - ok
17:57:54.0943 1012  [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
17:57:54.0974 1012  tosrfec - ok
17:57:54.0990 1012  [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
17:57:55.0006 1012  Tosrfhid - ok
17:57:55.0037 1012  [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds        C:\Windows\system32\DRIVERS\tosrfnds.sys
17:57:55.0052 1012  tosrfnds - ok
17:57:55.0084 1012  [ 7052B10E54B48AF12BD5606596A8E039 ] TosRfSnd        C:\Windows\system32\drivers\tosrfsnd.sys
17:57:55.0146 1012  TosRfSnd - ok
17:57:55.0193 1012  [ 7A0048693F98460FF537BE31C741B927 ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
17:57:55.0208 1012  Tosrfusb - ok
17:57:55.0286 1012  [ D65C6B0C070534336B72005391B6168A ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
17:57:55.0349 1012  TPCHSrv - ok
17:57:55.0364 1012  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:57:55.0442 1012  TrkWks - ok
17:57:55.0489 1012  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:57:55.0520 1012  TrustedInstaller - ok
17:57:55.0552 1012  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:57:55.0630 1012  tssecsrv - ok
17:57:55.0676 1012  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:57:55.0708 1012  TsUsbFlt - ok
17:57:55.0739 1012  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:57:55.0848 1012  tunnel - ok
17:57:55.0879 1012  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
17:57:55.0910 1012  TVALZ - ok
17:57:55.0942 1012  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\Windows\system32\DRIVERS\TVALZFL.sys
17:57:55.0973 1012  TVALZFL - ok
17:57:56.0004 1012  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:57:56.0035 1012  uagp35 - ok
17:57:56.0066 1012  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:57:56.0144 1012  udfs - ok
17:57:56.0176 1012  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:57:56.0207 1012  UI0Detect - ok
17:57:56.0222 1012  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:57:56.0254 1012  uliagpkx - ok
17:57:56.0285 1012  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
17:57:56.0316 1012  umbus - ok
17:57:56.0363 1012  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:57:56.0394 1012  UmPass - ok
17:57:56.0519 1012  [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:57:56.0628 1012  UNS - ok
17:57:56.0659 1012  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:57:56.0768 1012  upnphost - ok
17:57:56.0800 1012  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:57:56.0831 1012  usbccgp - ok
17:57:56.0862 1012  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:57:56.0909 1012  usbcir - ok
17:57:56.0924 1012  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:57:56.0971 1012  usbehci - ok
17:57:57.0002 1012  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:57:57.0049 1012  usbhub - ok
17:57:57.0080 1012  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:57:57.0112 1012  usbohci - ok
17:57:57.0158 1012  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:57:57.0205 1012  usbprint - ok
17:57:57.0236 1012  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:57:57.0283 1012  USBSTOR - ok
17:57:57.0314 1012  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:57:57.0361 1012  usbuhci - ok
17:57:57.0392 1012  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:57:57.0455 1012  usbvideo - ok
17:57:57.0486 1012  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:57:57.0580 1012  UxSms - ok
17:57:57.0595 1012  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:57:57.0595 1012  VaultSvc - ok
17:57:57.0626 1012  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:57:57.0642 1012  vdrvroot - ok
17:57:57.0689 1012  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:57:57.0751 1012  vds - ok
17:57:57.0782 1012  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:57:57.0829 1012  vga - ok
17:57:57.0845 1012  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:57:57.0923 1012  VgaSave - ok
17:57:57.0970 1012  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:57:58.0016 1012  vhdmp - ok
17:57:58.0048 1012  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:57:58.0079 1012  viaide - ok
17:57:58.0094 1012  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:57:58.0126 1012  volmgr - ok
17:57:58.0172 1012  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:57:58.0219 1012  volmgrx - ok
17:57:58.0266 1012  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:57:58.0313 1012  volsnap - ok
17:57:58.0344 1012  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:57:58.0375 1012  vsmraid - ok
17:57:58.0438 1012  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:57:58.0531 1012  VSS - ok
17:57:58.0562 1012  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:57:58.0578 1012  vwifibus - ok
17:57:58.0609 1012  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:57:58.0672 1012  vwififlt - ok
17:57:58.0687 1012  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:57:58.0781 1012  W32Time - ok
17:57:58.0812 1012  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:57:58.0874 1012  WacomPen - ok
17:57:58.0921 1012  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:57:58.0984 1012  WANARP - ok
17:57:58.0984 1012  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:57:59.0015 1012  Wanarpv6 - ok
17:57:59.0062 1012  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:57:59.0155 1012  wbengine - ok
17:57:59.0186 1012  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:57:59.0264 1012  WbioSrvc - ok
17:57:59.0311 1012  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:57:59.0389 1012  wcncsvc - ok
17:57:59.0420 1012  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:57:59.0452 1012  WcsPlugInService - ok
17:57:59.0483 1012  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:57:59.0514 1012  Wd - ok
17:57:59.0545 1012  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:57:59.0608 1012  Wdf01000 - ok
17:57:59.0623 1012  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:57:59.0654 1012  WdiServiceHost - ok
17:57:59.0670 1012  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:57:59.0686 1012  WdiSystemHost - ok
17:57:59.0732 1012  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:57:59.0795 1012  WebClient - ok
17:57:59.0826 1012  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:57:59.0920 1012  Wecsvc - ok
17:57:59.0935 1012  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
         

Hier kommt der zweite teil

Code: Alles auswählenAufklappen

ATTFilter

17:58:00.0013 1012  wercplsupport - ok
17:58:00.0044 1012  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:58:00.0138 1012  WerSvc - ok
17:58:00.0154 1012  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:58:00.0232 1012  WfpLwf - ok
17:58:00.0263 1012  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:58:00.0278 1012  WIMMount - ok
17:58:00.0310 1012  WinDefend - ok
17:58:00.0310 1012  WinHttpAutoProxySvc - ok
17:58:00.0372 1012  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:58:00.0466 1012  Winmgmt - ok
17:58:00.0544 1012  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:58:00.0637 1012  WinRM - ok
17:58:00.0700 1012  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:58:00.0762 1012  WinUsb - ok
17:58:00.0793 1012  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:58:00.0887 1012  Wlansvc - ok
17:58:00.0949 1012  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:58:00.0980 1012  wlcrasvc - ok
17:58:01.0121 1012  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:58:01.0214 1012  wlidsvc - ok
17:58:01.0246 1012  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:58:01.0277 1012  WmiAcpi - ok
17:58:01.0308 1012  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:58:01.0324 1012  wmiApSrv - ok
17:58:01.0355 1012  WMPNetworkSvc - ok
17:58:01.0386 1012  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:58:01.0417 1012  WPCSvc - ok
17:58:01.0448 1012  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:58:01.0495 1012  WPDBusEnum - ok
17:58:01.0511 1012  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:58:01.0604 1012  ws2ifsl - ok
17:58:01.0636 1012  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:58:01.0698 1012  wscsvc - ok
17:58:01.0698 1012  WSearch - ok
17:58:01.0792 1012  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:58:01.0885 1012  wuauserv - ok
17:58:01.0901 1012  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:58:01.0932 1012  WudfPf - ok
17:58:01.0963 1012  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:58:01.0979 1012  WUDFRd - ok
17:58:02.0010 1012  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:58:02.0041 1012  wudfsvc - ok
17:58:02.0072 1012  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:58:02.0104 1012  WwanSvc - ok
17:58:02.0182 1012  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:58:02.0244 1012  YahooAUService - ok
17:58:02.0275 1012  ================ Scan global ===============================
17:58:02.0306 1012  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:58:02.0353 1012  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:58:02.0384 1012  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:58:02.0416 1012  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:58:02.0447 1012  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:58:02.0462 1012  [Global] - ok
17:58:02.0462 1012  ================ Scan MBR ==================================
17:58:02.0462 1012  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:58:03.0461 1012  \Device\Harddisk0\DR0 - ok
17:58:03.0461 1012  ================ Scan VBR ==================================
17:58:03.0492 1012  [ A862F2630AA27836F567590672C51D09 ] \Device\Harddisk0\DR0\Partition1
17:58:03.0492 1012  \Device\Harddisk0\DR0\Partition1 - ok
17:58:03.0523 1012  [ 3C328E709F2049E0F743010C9A6E5AA5 ] \Device\Harddisk0\DR0\Partition2
17:58:03.0523 1012  \Device\Harddisk0\DR0\Partition2 - ok
17:58:03.0523 1012  ============================================================
17:58:03.0523 1012  Scan finished
17:58:03.0523 1012  ============================================================
17:58:03.0539 2468  Detected object count: 1
17:58:03.0539 2468  Actual detected object count: 1
18:00:05.0484 2468  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:00:05.0484 2468  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:05:34.0512 3876  ============================================================
18:05:34.0512 3876  Scan started
18:05:34.0512 3876  Mode: Manual; SigCheck; TDLFS; 
18:05:34.0512 3876  ============================================================
18:05:34.0964 3876  ================ Scan system memory ========================
18:05:34.0964 3876  System memory - ok
18:05:34.0964 3876  ================ Scan services =============================
18:05:35.0120 3876  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:05:35.0167 3876  1394ohci - ok
18:05:35.0214 3876  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:05:35.0260 3876  ACPI - ok
18:05:35.0292 3876  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:05:35.0292 3876  AcpiPmi - ok
18:05:35.0354 3876  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:05:35.0385 3876  AdobeARMservice - ok
18:05:35.0494 3876  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:05:35.0510 3876  AdobeFlashPlayerUpdateSvc - ok
18:05:35.0557 3876  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:05:35.0604 3876  adp94xx - ok
18:05:35.0619 3876  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:05:35.0635 3876  adpahci - ok
18:05:35.0650 3876  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:05:35.0666 3876  adpu320 - ok
18:05:35.0682 3876  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:05:35.0728 3876  AeLookupSvc - ok
18:05:35.0744 3876  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:05:35.0760 3876  AFD - ok
18:05:35.0806 3876  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:05:35.0838 3876  agp440 - ok
18:05:35.0869 3876  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:05:35.0900 3876  ALG - ok
18:05:35.0931 3876  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:05:35.0947 3876  aliide - ok
18:05:35.0978 3876  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:05:35.0994 3876  amdide - ok
18:05:36.0025 3876  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:05:36.0056 3876  AmdK8 - ok
18:05:36.0087 3876  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:05:36.0118 3876  AmdPPM - ok
18:05:36.0150 3876  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:05:36.0181 3876  amdsata - ok
18:05:36.0196 3876  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:05:36.0228 3876  amdsbs - ok
18:05:36.0259 3876  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:05:36.0274 3876  amdxata - ok
18:05:36.0321 3876  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:05:36.0352 3876  AntiVirSchedulerService - ok
18:05:36.0384 3876  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:05:36.0399 3876  AntiVirService - ok
18:05:36.0415 3876  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:05:36.0477 3876  AppID - ok
18:05:36.0508 3876  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:05:36.0540 3876  AppIDSvc - ok
18:05:36.0571 3876  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:05:36.0649 3876  Appinfo - ok
18:05:36.0680 3876  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:05:36.0696 3876  arc - ok
18:05:36.0696 3876  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:05:36.0711 3876  arcsas - ok
18:05:36.0711 3876  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:05:36.0758 3876  AsyncMac - ok
18:05:36.0789 3876  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:05:36.0789 3876  atapi - ok
18:05:36.0898 3876  [ B2931C83CFB12A3223A47B180473AE1A ] athr            C:\Windows\system32\DRIVERS\athrx.sys
18:05:36.0961 3876  athr - ok
18:05:36.0992 3876  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:05:37.0023 3876  AudioEndpointBuilder - ok
18:05:37.0039 3876  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:05:37.0070 3876  AudioSrv - ok
18:05:37.0086 3876  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:05:37.0086 3876  avgntflt - ok
18:05:37.0101 3876  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:05:37.0117 3876  avipbb - ok
18:05:37.0117 3876  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:05:37.0132 3876  avkmgr - ok
18:05:37.0148 3876  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:05:37.0164 3876  AxInstSV - ok
18:05:37.0195 3876  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:05:37.0210 3876  b06bdrv - ok
18:05:37.0226 3876  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:05:37.0226 3876  b57nd60a - ok
18:05:37.0257 3876  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:05:37.0273 3876  BDESVC - ok
18:05:37.0288 3876  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:05:37.0320 3876  Beep - ok
18:05:37.0366 3876  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:05:37.0398 3876  BFE - ok
18:05:37.0444 3876  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:05:37.0522 3876  BITS - ok
18:05:37.0554 3876  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:05:37.0569 3876  blbdrive - ok
18:05:37.0600 3876  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:05:37.0616 3876  bowser - ok
18:05:37.0632 3876  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:05:37.0663 3876  BrFiltLo - ok
18:05:37.0678 3876  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:05:37.0694 3876  BrFiltUp - ok
18:05:37.0725 3876  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:05:37.0741 3876  Browser - ok
18:05:37.0772 3876  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:05:37.0788 3876  Brserid - ok
18:05:37.0803 3876  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:05:37.0829 3876  BrSerWdm - ok
18:05:37.0829 3876  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:05:37.0849 3876  BrUsbMdm - ok
18:05:37.0849 3876  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:05:37.0859 3876  BrUsbSer - ok
18:05:37.0889 3876  [ 2347ABBD13BADA65826FDAB4CAAFE357 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
18:05:37.0909 3876  BtFilter - ok
18:05:37.0929 3876  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:05:37.0949 3876  BTHMODEM - ok
18:05:37.0979 3876  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:05:38.0019 3876  bthserv - ok
18:05:38.0049 3876  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:05:38.0079 3876  cdfs - ok
18:05:38.0119 3876  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:05:38.0139 3876  cdrom - ok
18:05:38.0169 3876  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:05:38.0259 3876  CertPropSvc - ok
18:05:38.0349 3876  [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
18:05:38.0369 3876  cfWiMAXService - ok
18:05:38.0399 3876  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:05:38.0439 3876  circlass - ok
18:05:38.0479 3876  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:05:38.0509 3876  CLFS - ok
18:05:38.0569 3876  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:05:38.0599 3876  clr_optimization_v2.0.50727_32 - ok
18:05:38.0639 3876  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:05:38.0659 3876  clr_optimization_v2.0.50727_64 - ok
18:05:38.0719 3876  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:05:38.0749 3876  clr_optimization_v4.0.30319_32 - ok
18:05:38.0789 3876  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:05:38.0819 3876  clr_optimization_v4.0.30319_64 - ok
18:05:38.0849 3876  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:05:38.0869 3876  CmBatt - ok
18:05:38.0909 3876  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:05:38.0939 3876  cmdide - ok
18:05:38.0979 3876  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:05:39.0029 3876  CNG - ok
18:05:39.0099 3876  [ 66847C979893A11CFCC2280E772D7EA1 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
18:05:39.0159 3876  CnxtHdAudService - ok
18:05:39.0189 3876  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:05:39.0199 3876  Compbatt - ok
18:05:39.0219 3876  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:05:39.0239 3876  CompositeBus - ok
18:05:39.0249 3876  COMSysApp - ok
18:05:39.0279 3876  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
18:05:39.0289 3876  ConfigFree Service - ok
18:05:39.0319 3876  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:05:39.0329 3876  crcdisk - ok
18:05:39.0359 3876  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:05:39.0379 3876  CryptSvc - ok
18:05:39.0459 3876  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:05:39.0519 3876  cvhsvc - ok
18:05:39.0569 3876  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:05:39.0669 3876  DcomLaunch - ok
18:05:39.0699 3876  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:05:39.0759 3876  defragsvc - ok
18:05:39.0799 3876  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:05:39.0859 3876  DfsC - ok
18:05:39.0899 3876  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:05:39.0961 3876  Dhcp - ok
18:05:39.0992 3876  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:05:40.0024 3876  discache - ok
18:05:40.0039 3876  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:05:40.0039 3876  Disk - ok
18:05:40.0086 3876  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:05:40.0117 3876  Dnscache - ok
18:05:40.0148 3876  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:05:40.0211 3876  dot3svc - ok
18:05:40.0242 3876  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:05:40.0320 3876  DPS - ok
18:05:40.0356 3876  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:05:40.0376 3876  drmkaud - ok
18:05:40.0416 3876  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:05:40.0456 3876  DXGKrnl - ok
18:05:40.0486 3876  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:05:40.0556 3876  EapHost - ok
18:05:40.0656 3876  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:05:40.0726 3876  ebdrv - ok
18:05:40.0746 3876  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:05:40.0756 3876  EFS - ok
18:05:40.0866 3876  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:05:40.0916 3876  ehRecvr - ok
18:05:40.0936 3876  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:05:40.0956 3876  ehSched - ok
18:05:40.0986 3876  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:05:41.0016 3876  elxstor - ok
18:05:41.0036 3876  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:05:41.0056 3876  ErrDev - ok
18:05:41.0086 3876  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:05:41.0136 3876  EventSystem - ok
18:05:41.0156 3876  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:05:41.0196 3876  exfat - ok
18:05:41.0216 3876  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:05:41.0256 3876  fastfat - ok
18:05:41.0296 3876  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:05:41.0346 3876  Fax - ok
18:05:41.0366 3876  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:05:41.0396 3876  fdc - ok
18:05:41.0416 3876  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:05:41.0496 3876  fdPHost - ok
18:05:41.0516 3876  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:05:41.0556 3876  FDResPub - ok
18:05:41.0576 3876  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:05:41.0586 3876  FileInfo - ok
18:05:41.0606 3876  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:05:41.0636 3876  Filetrace - ok
18:05:41.0646 3876  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:05:41.0656 3876  flpydisk - ok
18:05:41.0686 3876  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:05:41.0696 3876  FltMgr - ok
18:05:41.0746 3876  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
18:05:41.0786 3876  FontCache - ok
18:05:41.0826 3876  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:05:41.0836 3876  FontCache3.0.0.0 - ok
18:05:41.0876 3876  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:05:41.0896 3876  FsDepends - ok
18:05:41.0936 3876  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:05:41.0956 3876  Fs_Rec - ok
18:05:42.0006 3876  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:05:42.0046 3876  fvevol - ok
18:05:42.0076 3876  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:05:42.0096 3876  gagp30kx - ok
18:05:42.0136 3876  [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
18:05:42.0146 3876  ggflt - ok
18:05:42.0156 3876  [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
18:05:42.0176 3876  ggsemc - ok
18:05:42.0216 3876  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:05:42.0286 3876  gpsvc - ok
18:05:42.0316 3876  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:05:42.0326 3876  hcw85cir - ok
18:05:42.0356 3876  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:05:42.0396 3876  HdAudAddService - ok
18:05:42.0411 3876  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:05:42.0442 3876  HDAudBus - ok
18:05:42.0474 3876  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:05:42.0489 3876  HidBatt - ok
18:05:42.0489 3876  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:05:42.0520 3876  HidBth - ok
18:05:42.0536 3876  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:05:42.0552 3876  HidIr - ok
18:05:42.0567 3876  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:05:42.0614 3876  hidserv - ok
18:05:42.0645 3876  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
18:05:42.0645 3876  HidUsb - ok
18:05:42.0676 3876  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:05:42.0754 3876  hkmsvc - ok
18:05:42.0786 3876  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:05:42.0827 3876  HomeGroupListener - ok
18:05:42.0857 3876  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:05:42.0897 3876  HomeGroupProvider - ok
18:05:42.0927 3876  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:05:42.0957 3876  HpSAMD - ok
18:05:43.0007 3876  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:05:43.0077 3876  HTTP - ok
18:05:43.0107 3876  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:05:43.0117 3876  hwpolicy - ok
18:05:43.0147 3876  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:05:43.0147 3876  i8042prt - ok
18:05:43.0197 3876  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:05:43.0227 3876  iaStor - ok
18:05:43.0267 3876  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:05:43.0287 3876  iaStorV - ok
18:05:43.0347 3876  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:05:43.0357 3876  IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:05:43.0357 3876  IDriverT - detected UnsignedFile.Multi.Generic (1)
18:05:43.0437 3876  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:05:43.0477 3876  idsvc - ok
18:05:43.0497 3876  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:05:43.0517 3876  iirsp - ok
18:05:43.0577 3876  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:05:43.0647 3876  IKEEXT - ok
18:05:43.0667 3876  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:05:43.0677 3876  intelide - ok
18:05:43.0707 3876  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:05:43.0737 3876  intelppm - ok
18:05:43.0767 3876  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:05:43.0827 3876  IPBusEnum - ok
18:05:43.0847 3876  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:05:43.0877 3876  IpFilterDriver - ok
18:05:43.0917 3876  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:05:43.0987 3876  iphlpsvc - ok
18:05:44.0017 3876  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:05:44.0037 3876  IPMIDRV - ok
18:05:44.0077 3876  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:05:44.0147 3876  IPNAT - ok
18:05:44.0167 3876  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:05:44.0187 3876  IRENUM - ok
18:05:44.0207 3876  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:05:44.0217 3876  isapnp - ok
18:05:44.0247 3876  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:05:44.0267 3876  iScsiPrt - ok
18:05:44.0287 3876  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
18:05:44.0297 3876  kbdclass - ok
18:05:44.0327 3876  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:05:44.0357 3876  kbdhid - ok
18:05:44.0377 3876  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:05:44.0387 3876  KeyIso - ok
18:05:44.0417 3876  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:05:44.0437 3876  KSecDD - ok
18:05:44.0457 3876  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:05:44.0477 3876  KSecPkg - ok
18:05:44.0507 3876  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:05:44.0557 3876  ksthunk - ok
18:05:44.0587 3876  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:05:44.0627 3876  KtmRm - ok
18:05:44.0647 3876  [ EBED8B3FF4A823C1A6EEBEED7B29353F ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
18:05:44.0647 3876  L1C - ok
18:05:44.0677 3876  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:05:44.0707 3876  LanmanServer - ok
18:05:44.0737 3876  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:05:44.0777 3876  LanmanWorkstation - ok
18:05:44.0807 3876  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:05:44.0857 3876  lltdio - ok
18:05:44.0904 3876  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:05:44.0950 3876  lltdsvc - ok
18:05:44.0966 3876  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:05:44.0997 3876  lmhosts - ok
18:05:45.0028 3876  [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:05:45.0060 3876  LMS - ok
18:05:45.0091 3876  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:05:45.0122 3876  LSI_FC - ok
18:05:45.0138 3876  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:05:45.0169 3876  LSI_SAS - ok
18:05:45.0169 3876  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:05:45.0200 3876  LSI_SAS2 - ok
18:05:45.0200 3876  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:05:45.0231 3876  LSI_SCSI - ok
18:05:45.0247 3876  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:05:45.0294 3876  luafv - ok
18:05:45.0340 3876  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:05:45.0356 3876  Mcx2Svc - ok
18:05:45.0387 3876  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:05:45.0403 3876  megasas - ok
18:05:45.0403 3876  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:05:45.0434 3876  MegaSR - ok
18:05:45.0450 3876  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
18:05:45.0465 3876  MEIx64 - ok
18:05:45.0481 3876  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:05:45.0543 3876  MMCSS - ok
18:05:45.0559 3876  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:05:45.0590 3876  Modem - ok
18:05:45.0606 3876  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:05:45.0621 3876  monitor - ok
18:05:45.0637 3876  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
18:05:45.0652 3876  mouclass - ok
18:05:45.0668 3876  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:05:45.0684 3876  mouhid - ok
18:05:45.0715 3876  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:05:45.0746 3876  mountmgr - ok
18:05:45.0762 3876  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:05:45.0793 3876  mpio - ok
18:05:45.0808 3876  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:05:45.0871 3876  mpsdrv - ok
18:05:45.0918 3876  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:05:45.0996 3876  MpsSvc - ok
18:05:46.0011 3876  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:05:46.0027 3876  MRxDAV - ok
18:05:46.0058 3876  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:05:46.0058 3876  mrxsmb - ok
18:05:46.0089 3876  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:05:46.0105 3876  mrxsmb10 - ok
18:05:46.0120 3876  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:05:46.0120 3876  mrxsmb20 - ok
18:05:46.0152 3876  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:05:46.0152 3876  msahci - ok
18:05:46.0183 3876  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:05:46.0198 3876  msdsm - ok
18:05:46.0214 3876  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:05:46.0230 3876  MSDTC - ok
18:05:46.0261 3876  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:05:46.0308 3876  Msfs - ok
18:05:46.0323 3876  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:05:46.0354 3876  mshidkmdf - ok
18:05:46.0386 3876  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:05:46.0417 3876  msisadrv - ok
18:05:46.0448 3876  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:05:46.0510 3876  MSiSCSI - ok
18:05:46.0510 3876  msiserver - ok
18:05:46.0526 3876  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:05:46.0557 3876  MSKSSRV - ok
18:05:46.0573 3876  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:05:46.0604 3876  MSPCLOCK - ok
18:05:46.0604 3876  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:05:46.0635 3876  MSPQM - ok
18:05:46.0666 3876  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:05:46.0698 3876  MsRPC - ok
18:05:46.0729 3876  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:05:46.0744 3876  mssmbios - ok
18:05:46.0791 3876  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:05:46.0822 3876  MSTEE - ok
18:05:46.0822 3876  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:05:46.0822 3876  MTConfig - ok
18:05:46.0838 3876  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:05:46.0854 3876  Mup - ok
18:05:46.0900 3876  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:05:46.0932 3876  napagent - ok
18:05:46.0978 3876  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:05:46.0994 3876  NativeWifiP - ok
18:05:47.0072 3876  [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate        c:\Program Files (x86)\Nero\Update\NASvc.exe
18:05:47.0072 3876  NAUpdate - ok
18:05:47.0119 3876  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:05:47.0134 3876  NDIS - ok
18:05:47.0181 3876  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:05:47.0212 3876  NdisCap - ok
18:05:47.0244 3876  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:05:47.0275 3876  NdisTapi - ok
18:05:47.0306 3876  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:05:47.0368 3876  Ndisuio - ok
18:05:47.0400 3876  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:05:47.0446 3876  NdisWan - ok
18:05:47.0478 3876  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:05:47.0540 3876  NDProxy - ok
18:05:47.0571 3876  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:05:47.0618 3876  NetBIOS - ok
18:05:47.0649 3876  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:05:47.0680 3876  NetBT - ok
18:05:47.0696 3876  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:05:47.0712 3876  Netlogon - ok
18:05:47.0743 3876  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:05:47.0821 3876  Netman - ok
18:05:47.0836 3876  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:05:47.0868 3876  netprofm - ok
18:05:47.0883 3876  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:05:47.0883 3876  NetTcpPortSharing - ok
18:05:47.0914 3876  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:05:47.0914 3876  nfrd960 - ok
18:05:47.0961 3876  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:05:47.0977 3876  NlaSvc - ok
18:05:47.0992 3876  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:05:48.0024 3876  Npfs - ok
18:05:48.0039 3876  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:05:48.0070 3876  nsi - ok
18:05:48.0086 3876  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:05:48.0117 3876  nsiproxy - ok
18:05:48.0195 3876  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:05:48.0273 3876  Ntfs - ok
18:05:48.0289 3876  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:05:48.0336 3876  Null - ok
18:05:48.0367 3876  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
18:05:48.0367 3876  nusb3hub - ok
18:05:48.0382 3876  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:05:48.0398 3876  nusb3xhc - ok
18:05:48.0398 3876  [ 857FB74754EBFF94EE3AD40788740916 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
18:05:48.0414 3876  NVHDA - ok
18:05:48.0679 3876  [ 830886C8D7C17710F615C5705C41C9EA ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:05:48.0835 3876  nvlddmkm - ok
18:05:48.0886 3876  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:05:48.0916 3876  nvraid - ok
18:05:48.0956 3876  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:05:48.0986 3876  nvstor - ok
18:05:49.0036 3876  [ 8A8A19E613B3684F4F42E65038F6F338 ] NVSvc           C:\Windows\system32\nvvsvc.exe
18:05:49.0086 3876  NVSvc - ok
18:05:49.0126 3876  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:05:49.0156 3876  nv_agp - ok
18:05:49.0186 3876  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:05:49.0216 3876  ohci1394 - ok
18:05:49.0246 3876  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:05:49.0276 3876  ose - ok
18:05:49.0446 3876  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:05:49.0516 3876  osppsvc - ok
18:05:49.0546 3876  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:05:49.0556 3876  p2pimsvc - ok
18:05:49.0586 3876  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:05:49.0616 3876  p2psvc - ok
18:05:49.0646 3876  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:05:49.0666 3876  Parport - ok
18:05:49.0696 3876  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:05:49.0716 3876  partmgr - ok
18:05:49.0736 3876  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:05:49.0776 3876  PcaSvc - ok
18:05:49.0796 3876  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:05:49.0816 3876  pci - ok
18:05:49.0846 3876  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:05:49.0866 3876  pciide - ok
18:05:49.0896 3876  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:05:49.0916 3876  pcmcia - ok
18:05:49.0936 3876  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:05:49.0956 3876  pcw - ok
18:05:50.0056 3876  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:05:50.0116 3876  PEAUTH - ok
18:05:50.0216 3876  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:05:50.0246 3876  PerfHost - ok
18:05:50.0296 3876  [ 663962900E7FEA522126BA287715BB4A ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
18:05:50.0316 3876  PGEffect - ok
18:05:50.0396 3876  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:05:50.0486 3876  pla - ok
18:05:50.0516 3876  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:05:50.0526 3876  PlugPlay - ok
18:05:50.0546 3876  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:05:50.0556 3876  PNRPAutoReg - ok
18:05:50.0576 3876  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:05:50.0586 3876  PNRPsvc - ok
18:05:50.0616 3876  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:05:50.0646 3876  PolicyAgent - ok
18:05:50.0676 3876  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:05:50.0696 3876  Power - ok
18:05:50.0726 3876  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:05:50.0756 3876  PptpMiniport - ok
18:05:50.0786 3876  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:05:50.0816 3876  Processor - ok
18:05:50.0856 3876  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
18:05:50.0916 3876  ProfSvc - ok
18:05:50.0926 3876  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:05:50.0936 3876  ProtectedStorage - ok
18:05:50.0967 3876  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:05:51.0014 3876  Psched - ok
18:05:51.0030 3876  [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem          C:\Windows\system32\DRIVERS\QIOMem.sys
18:05:51.0045 3876  QIOMem - ok
18:05:51.0092 3876  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:05:51.0170 3876  ql2300 - ok
18:05:51.0170 3876  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:05:51.0186 3876  ql40xx - ok
18:05:51.0217 3876  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:05:51.0248 3876  QWAVE - ok
18:05:51.0264 3876  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:05:51.0279 3876  QWAVEdrv - ok
18:05:51.0295 3876  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:05:51.0326 3876  RasAcd - ok
18:05:51.0357 3876  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:05:51.0388 3876  RasAgileVpn - ok
18:05:51.0420 3876  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:05:51.0435 3876  RasAuto - ok
18:05:51.0466 3876  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:51.0544 3876  Rasl2tp - ok
18:05:51.0576 3876  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:05:51.0638 3876  RasMan - ok
18:05:51.0654 3876  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:51.0716 3876  RasPppoe - ok
18:05:51.0716 3876  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:05:51.0747 3876  RasSstp - ok
18:05:51.0778 3876  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:05:51.0810 3876  rdbss - ok
18:05:51.0825 3876  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:05:51.0841 3876  rdpbus - ok
18:05:51.0856 3876  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:51.0872 3876  RDPCDD - ok
18:05:51.0888 3876  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:05:51.0919 3876  RDPENCDD - ok
18:05:51.0934 3876  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:05:51.0950 3876  RDPREFMP - ok
18:05:51.0981 3876  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:05:52.0012 3876  RDPWD - ok
18:05:52.0059 3876  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:05:52.0090 3876  rdyboost - ok
18:05:52.0122 3876  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:05:52.0184 3876  RemoteAccess - ok
18:05:52.0215 3876  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:05:52.0309 3876  RemoteRegistry - ok
18:05:52.0324 3876  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
18:05:52.0387 3876  ROOTMODEM - ok
18:05:52.0402 3876  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:05:52.0480 3876  RpcEptMapper - ok
18:05:52.0496 3876  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:05:52.0496 3876  RpcLocator - ok
18:05:52.0543 3876  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:05:52.0574 3876  RpcSs - ok
18:05:52.0590 3876  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:05:52.0605 3876  rspndr - ok
18:05:52.0636 3876  [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
18:05:52.0668 3876  RSUSBSTOR - ok
18:05:52.0683 3876  [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR      C:\Windows\system32\Drivers\RTSUVSTOR.sys
18:05:52.0714 3876  RSUSBVSTOR - ok
18:05:52.0730 3876  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:05:52.0761 3876  SamSs - ok
18:05:52.0808 3876  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:05:52.0839 3876  sbp2port - ok
18:05:52.0855 3876  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:05:52.0933 3876  SCardSvr - ok
18:05:52.0964 3876  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:05:53.0042 3876  scfilter - ok
18:05:53.0089 3876  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:05:53.0167 3876  Schedule - ok
18:05:53.0214 3876  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:05:53.0276 3876  SCPolicySvc - ok
18:05:53.0307 3876  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:05:53.0338 3876  SDRSVC - ok
18:05:53.0354 3876  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:05:53.0416 3876  secdrv - ok
18:05:53.0448 3876  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:05:53.0510 3876  seclogon - ok
18:05:53.0541 3876  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:05:53.0604 3876  SENS - ok
18:05:53.0635 3876  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:05:53.0650 3876  SensrSvc - ok
18:05:53.0666 3876  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:05:53.0682 3876  Serenum - ok
18:05:53.0697 3876  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:05:53.0713 3876  Serial - ok
18:05:53.0728 3876  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:05:53.0744 3876  sermouse - ok
18:05:53.0791 3876  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:05:53.0869 3876  SessionEnv - ok
18:05:53.0884 3876  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:05:53.0900 3876  sffdisk - ok
18:05:53.0900 3876  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:05:53.0916 3876  sffp_mmc - ok
18:05:53.0931 3876  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:05:53.0947 3876  sffp_sd - ok
18:05:53.0978 3876  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:05:53.0994 3876  sfloppy - ok
18:05:54.0025 3876  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
18:05:54.0056 3876  Sftfs - ok
18:05:54.0118 3876  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:05:54.0150 3876  sftlist - ok
18:05:54.0165 3876  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:05:54.0181 3876  Sftplay - ok
18:05:54.0196 3876  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:05:54.0212 3876  Sftredir - ok
18:05:54.0212 3876  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
18:05:54.0212 3876  Sftvol - ok
18:05:54.0243 3876  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:05:54.0259 3876  sftvsa - ok
18:05:54.0290 3876  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:05:54.0337 3876  SharedAccess - ok
18:05:54.0368 3876  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:05:54.0399 3876  ShellHWDetection - ok
18:05:54.0415 3876  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:05:54.0415 3876  SiSRaid2 - ok
18:05:54.0430 3876  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:05:54.0446 3876  SiSRaid4 - ok
18:05:54.0493 3876  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:05:54.0508 3876  SkypeUpdate - ok
18:05:54.0524 3876  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:05:54.0602 3876  Smb - ok
18:05:54.0633 3876  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:05:54.0649 3876  SNMPTRAP - ok
18:05:54.0727 3876  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
18:05:54.0742 3876  Sony PC Companion - ok
18:05:54.0805 3876  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:05:54.0820 3876  spldr - ok
18:05:54.0883 3876  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
18:05:54.0945 3876  Spooler - ok
18:05:55.0054 3876  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:05:55.0148 3876  sppsvc - ok
18:05:55.0164 3876  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:05:55.0226 3876  sppuinotify - ok
18:05:55.0257 3876  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:05:55.0288 3876  srv - ok
18:05:55.0304 3876  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:05:55.0335 3876  srv2 - ok
18:05:55.0366 3876  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:05:55.0382 3876  SrvHsfHDA - ok
18:05:55.0429 3876  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:05:55.0476 3876  SrvHsfV92 - ok
18:05:55.0491 3876  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:05:55.0522 3876  SrvHsfWinac - ok
18:05:55.0538 3876  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:05:55.0554 3876  srvnet - ok
18:05:55.0585 3876  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:05:55.0616 3876  SSDPSRV - ok
18:05:55.0647 3876  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:05:55.0663 3876  SstpSvc - ok
18:05:55.0725 3876  [ 2E6A405505BBEF41998F0241D83B0CCE ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:05:55.0756 3876  Stereo Service - ok
18:05:55.0788 3876  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:05:55.0803 3876  stexstor - ok
18:05:55.0839 3876  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:05:55.0879 3876  stisvc - ok
18:05:55.0909 3876  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:05:55.0919 3876  swenum - ok
18:05:55.0969 3876  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:05:56.0069 3876  swprv - ok
18:05:56.0139 3876  [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:05:56.0189 3876  SynTP - ok
18:05:56.0259 3876  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:05:56.0309 3876  SysMain - ok
18:05:56.0339 3876  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:05:56.0359 3876  TabletInputService - ok
18:05:56.0379 3876  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:05:56.0409 3876  TapiSrv - ok
18:05:56.0429 3876  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:05:56.0469 3876  TBS - ok
18:05:56.0539 3876  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:05:56.0599 3876  Tcpip - ok
18:05:56.0629 3876  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:05:56.0659 3876  TCPIP6 - ok
18:05:56.0679 3876  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:05:56.0709 3876  tcpipreg - ok
18:05:56.0749 3876  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:05:56.0749 3876  tdcmdpst - ok
18:05:56.0779 3876  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:05:56.0779 3876  TDPIPE - ok
18:05:56.0809 3876  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:05:56.0839 3876  TDTCP - ok
18:05:56.0879 3876  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:05:56.0949 3876  tdx - ok
18:05:56.0989 3876  [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
18:05:57.0019 3876  TemproMonitoringService - ok
18:05:57.0039 3876  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:05:57.0049 3876  TermDD - ok
18:05:57.0099 3876  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:05:57.0179 3876  TermService - ok
18:05:57.0199 3876  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:05:57.0219 3876  Themes - ok
18:05:57.0229 3876  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:05:57.0269 3876  THREADORDER - ok
18:05:57.0339 3876  [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
18:05:57.0359 3876  TMachInfo - ok
18:05:57.0389 3876  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
18:05:57.0399 3876  TODDSrv - ok
18:05:57.0479 3876  [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv        C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
18:05:57.0509 3876  TosCoSrv - ok
18:05:57.0549 3876  [ 8F099BE5DB17D025E19652851399B9F1 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
18:05:57.0569 3876  TOSHIBA Bluetooth Service - ok
18:05:57.0629 3876  [ D33D5588576B04FC489DCCC66E98F546 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
18:05:57.0659 3876  TOSHIBA eco Utility Service - ok
18:05:57.0709 3876  [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
18:05:57.0729 3876  TOSHIBA HDD SSD Alert Service - ok
18:05:57.0759 3876  [ 8021F63311797085949FA387F7C83583 ] tosporte        C:\Windows\system32\DRIVERS\tosporte.sys
18:05:57.0779 3876  tosporte - ok
18:05:57.0819 3876  [ D15CFD7DE375B33042CF1F6E34DEE198 ] tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
18:05:57.0849 3876  tosrfbd - ok
18:05:57.0859 3876  [ 90F0B1745ABF13F44C2A6ED79F7CE9FB ] tosrfbnp        C:\Windows\system32\Drivers\tosrfbnp.sys
18:05:57.0874 3876  tosrfbnp - ok
18:05:57.0890 3876  [ 9E4E65EA51E34647340BD6007467AC54 ] Tosrfcom        C:\Windows\system32\Drivers\tosrfcom.sys
18:05:57.0921 3876  Tosrfcom - ok
18:05:57.0951 3876  [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
18:05:57.0971 3876  tosrfec - ok
18:05:58.0001 3876  [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
18:05:58.0021 3876  Tosrfhid - ok
18:05:58.0061 3876  [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds        C:\Windows\system32\DRIVERS\tosrfnds.sys
18:05:58.0081 3876  tosrfnds - ok
18:05:58.0091 3876  [ 7052B10E54B48AF12BD5606596A8E039 ] TosRfSnd        C:\Windows\system32\drivers\tosrfsnd.sys
18:05:58.0121 3876  TosRfSnd - ok
18:05:58.0141 3876  [ 7A0048693F98460FF537BE31C741B927 ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
18:05:58.0161 3876  Tosrfusb - ok
18:05:58.0221 3876  [ D65C6B0C070534336B72005391B6168A ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
18:05:58.0261 3876  TPCHSrv - ok
18:05:58.0291 3876  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:05:58.0351 3876  TrkWks - ok
18:05:58.0401 3876  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:05:58.0471 3876  TrustedInstaller - ok
18:05:58.0501 3876  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:58.0531 3876  tssecsrv - ok
18:05:58.0551 3876  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:05:58.0571 3876  TsUsbFlt - ok
18:05:58.0611 3876  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:05:58.0701 3876  tunnel - ok
18:05:58.0731 3876  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:05:58.0751 3876  TVALZ - ok
18:05:58.0781 3876  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\Windows\system32\DRIVERS\TVALZFL.sys
18:05:58.0791 3876  TVALZFL - ok
18:05:58.0831 3876  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:05:58.0851 3876  uagp35 - ok
18:05:58.0891 3876  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:05:58.0961 3876  udfs - ok
18:05:58.0991 3876  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:05:59.0001 3876  UI0Detect - ok
18:05:59.0011 3876  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:05:59.0021 3876  uliagpkx - ok
18:05:59.0061 3876  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
18:05:59.0081 3876  umbus - ok
18:05:59.0101 3876  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:05:59.0131 3876  UmPass - ok
18:05:59.0241 3876  [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:05:59.0331 3876  UNS - ok
18:05:59.0371 3876  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:05:59.0451 3876  upnphost - ok
18:05:59.0471 3876  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:59.0491 3876  usbccgp - ok
18:05:59.0521 3876  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:05:59.0541 3876  usbcir - ok
18:05:59.0561 3876  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:05:59.0581 3876  usbehci - ok
18:05:59.0601 3876  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:05:59.0621 3876  usbhub - ok
18:05:59.0651 3876  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:05:59.0671 3876  usbohci - ok
18:05:59.0701 3876  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:05:59.0721 3876  usbprint - ok
18:05:59.0751 3876  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:05:59.0771 3876  USBSTOR - ok
18:05:59.0801 3876  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:05:59.0821 3876  usbuhci - ok
18:05:59.0851 3876  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:05:59.0891 3876  usbvideo - ok
18:05:59.0921 3876  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:05:59.0997 3876  UxSms - ok
18:06:00.0012 3876  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:06:00.0028 3876  VaultSvc - ok
18:06:00.0059 3876  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:06:00.0075 3876  vdrvroot - ok
18:06:00.0122 3876  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:06:00.0184 3876  vds - ok
18:06:00.0215 3876  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:06:00.0231 3876  vga - ok
18:06:00.0246 3876  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:06:00.0278 3876  VgaSave - ok
18:06:00.0309 3876  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:06:00.0324 3876  vhdmp - ok
18:06:00.0356 3876  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:06:00.0371 3876  viaide - ok
18:06:00.0402 3876  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:06:00.0418 3876  volmgr - ok
18:06:00.0465 3876  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:06:00.0480 3876  volmgrx - ok
18:06:00.0527 3876  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:06:00.0558 3876  volsnap - ok
18:06:00.0590 3876  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:06:00.0605 3876  vsmraid - ok
18:06:00.0668 3876  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:06:00.0746 3876  VSS - ok
18:06:00.0761 3876  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:06:00.0777 3876  vwifibus - ok
18:06:00.0792 3876  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:06:00.0808 3876  vwififlt - ok
18:06:00.0839 3876  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:06:00.0902 3876  W32Time - ok
18:06:00.0917 3876  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:06:00.0933 3876  WacomPen - ok
18:06:00.0964 3876  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:06:00.0995 3876  WANARP - ok
18:06:00.0995 3876  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:06:01.0026 3876  Wanarpv6 - ok
18:06:01.0073 3876  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:06:01.0136 3876  wbengine - ok
18:06:01.0167 3876  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:06:01.0198 3876  WbioSrvc - ok
18:06:01.0229 3876  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:06:01.0276 3876  wcncsvc - ok
18:06:01.0307 3876  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:06:01.0323 3876  WcsPlugInService - ok
18:06:01.0354 3876  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:06:01.0370 3876  Wd - ok
18:06:01.0401 3876  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:06:01.0432 3876  Wdf01000 - ok
18:06:01.0448 3876  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:06:01.0463 3876  WdiServiceHost - ok
18:06:01.0479 3876  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:06:01.0494 3876  WdiSystemHost - ok
18:06:01.0541 3876  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:06:01.0588 3876  WebClient - ok
18:06:01.0619 3876  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:06:01.0666 3876  Wecsvc - ok
18:06:01.0697 3876  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:06:01.0744 3876  wercplsupport - ok
18:06:01.0760 3876  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:06:01.0791 3876  WerSvc - ok
18:06:01.0791 3876  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:06:01.0822 3876  WfpLwf - ok
18:06:01.0853 3876  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:06:01.0853 3876  WIMMount - ok
18:06:01.0884 3876  WinDefend - ok
18:06:01.0884 3876  WinHttpAutoProxySvc - ok
18:06:01.0931 3876  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:06:01.0978 3876  Winmgmt - ok
18:06:02.0056 3876  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:06:02.0118 3876  WinRM - ok
18:06:02.0150 3876  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:06:02.0165 3876  WinUsb - ok
18:06:02.0212 3876  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:06:02.0259 3876  Wlansvc - ok
18:06:02.0321 3876  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:06:02.0337 3876  wlcrasvc - ok
18:06:02.0477 3876  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:06:02.0524 3876  wlidsvc - ok
18:06:02.0555 3876  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:06:02.0571 3876  WmiAcpi - ok
18:06:02.0586 3876  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:06:02.0602 3876  wmiApSrv - ok
18:06:02.0633 3876  WMPNetworkSvc - ok
18:06:02.0649 3876  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:06:02.0680 3876  WPCSvc - ok
18:06:02.0711 3876  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:06:02.0727 3876  WPDBusEnum - ok
18:06:02.0758 3876  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:06:02.0836 3876  ws2ifsl - ok
18:06:02.0867 3876  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:06:02.0898 3876  wscsvc - ok
18:06:02.0898 3876  WSearch - ok
18:06:02.0992 3876  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:06:03.0070 3876  wuauserv - ok
18:06:03.0070 3876  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:06:03.0132 3876  WudfPf - ok
18:06:03.0164 3876  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:06:03.0210 3876  WUDFRd - ok
18:06:03.0226 3876  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:06:03.0257 3876  wudfsvc - ok
18:06:03.0273 3876  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:06:03.0288 3876  WwanSvc - ok
18:06:03.0351 3876  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:06:03.0382 3876  YahooAUService - ok
18:06:03.0398 3876  ================ Scan global ===============================
18:06:03.0429 3876  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:06:03.0460 3876  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:06:03.0476 3876  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:06:03.0507 3876  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:06:03.0538 3876  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:06:03.0554 3876  [Global] - ok
18:06:03.0554 3876  ================ Scan MBR ==================================
18:06:03.0569 3876  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:06:04.0569 3876  \Device\Harddisk0\DR0 - ok
18:06:04.0569 3876  ================ Scan VBR ==================================
18:06:04.0599 3876  [ A862F2630AA27836F567590672C51D09 ] \Device\Harddisk0\DR0\Partition1
18:06:04.0599 3876  \Device\Harddisk0\DR0\Partition1 - ok
18:06:04.0619 3876  [ 3C328E709F2049E0F743010C9A6E5AA5 ] \Device\Harddisk0\DR0\Partition2
18:06:04.0629 3876  \Device\Harddisk0\DR0\Partition2 - ok
18:06:04.0629 3876  ============================================================
18:06:04.0629 3876  Scan finished
18:06:04.0629 3876  ============================================================
18:06:04.0649 5784  Detected object count: 1
18:06:04.0649 5784  Actual detected object count: 1
18:06:18.0298 5784  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:06:18.0298 5784  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:48.0715 5080  Deinitialize success
         

Jetzt habe ich wieder zwei Warnmeldungen von Avira bekommen diesmal mit nem anderen Virus

In der Datei 'C:\Users\Sagran\AppData\Roaming\Gunik\tywov.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.234496.30' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

So langsam verlier ich den Überblick und bin mir garnicht mehr sicher ob ich den Laptop überhaupt noch nutzen sollte...

Ich habe da nochmal ne Frage.

Was soll ich mit den ganzen Funden in der Avira Quarantäne machen?Kann ich die einfach löschen???Mittlerweile sind es nämlich schon 9 Stück.

Zitat:

Was soll ich mit den ganzen Funden in der Avira Quarantäne machen?Kann ich die einfach löschen???Mittlerweile sind es nämlich schon 9 Stück.

Was habt ihr alle immer nur mit der Quarantäne?
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo...

nachdem ich gestern noch des öfteren Warnmeldungen von Avira bekam, habe ich immer auf Entfernen geklickt und siehe da es scheint als ob Avira die Sachen wirklich gelöscht hat.Nachdem ich dann auch die Sachen aus der Qarantäne gelöscht habe (Sorry schonmal dafür,aber das hat mich einfach wuschig gemacht ) Habe ich einen Scan mit Antivir gemacht und es wurd kein Fund angezeigt.

Gleich heute morgen habe ich erneut einen Scan gemacht und wieder keinen Fund.

Hier der Bericht

Code: Alles auswählenAufklappen

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 1. März 2013  10:47

Es wird nach 5103743 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : ***

Versionsinformationen:
BUILD.DAT      : 12.1.9.1236    40872 Bytes  11.10.2012 15:29:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  14.11.2012 16:39:37
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 17:06:53
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 17:06:53
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 17:06:53
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 20:11:26
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 21:49:35
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 20:15:58
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 21:05:55
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 17:00:28
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 17:26:39
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 15:50:57
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 19:57:44
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 19:57:44
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 19:57:45
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 19:57:45
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 19:57:45
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 15:45:27
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 15:44:44
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 19:30:49
VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 20:02:17
VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 18:26:57
VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 11:00:01
VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 12:03:58
VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 19:43:00
VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 17:24:40
VBASE022.VDF   : 7.11.62.111   136192 Bytes  23.02.2013 18:41:35
VBASE023.VDF   : 7.11.62.157   143360 Bytes  25.02.2013 18:40:02
VBASE024.VDF   : 7.11.62.237   199168 Bytes  27.02.2013 18:21:05
VBASE025.VDF   : 7.11.62.238     2048 Bytes  27.02.2013 18:21:05
VBASE026.VDF   : 7.11.62.239     2048 Bytes  27.02.2013 18:21:05
VBASE027.VDF   : 7.11.62.240     2048 Bytes  27.02.2013 18:21:05
VBASE028.VDF   : 7.11.62.241     2048 Bytes  27.02.2013 18:21:05
VBASE029.VDF   : 7.11.62.242     2048 Bytes  27.02.2013 18:21:05
VBASE030.VDF   : 7.11.62.243     2048 Bytes  27.02.2013 18:21:05
VBASE031.VDF   : 7.11.63.42    154624 Bytes  28.02.2013 21:39:02
Engineversion  : 8.2.12.10 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 17:45:16
AESCRIPT.DLL   : 8.1.4.94      467324 Bytes  22.02.2013 18:12:11
AESCN.DLL      : 8.1.10.0      131445 Bytes  13.12.2012 16:47:37
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 15:18:34
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 13:12:40
AEPACK.DLL     : 8.3.1.12      815480 Bytes  28.02.2013 18:00:26
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 18:00:27
AEHEUR.DLL     : 8.1.4.222    5767545 Bytes  28.02.2013 18:00:26
AEHELP.DLL     : 8.1.25.2      258423 Bytes  11.10.2012 17:00:25
AEGEN.DLL      : 8.1.6.16      434549 Bytes  24.01.2013 19:40:05
AEEXP.DLL      : 8.4.0.6       192885 Bytes  28.02.2013 18:00:26
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 17:45:16
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 12:04:00
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 18:00:25
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 17:06:52
AVPREF.DLL     : 12.3.0.32      50720 Bytes  14.11.2012 16:39:37
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 17:06:53
AVARKT.DLL     : 12.3.0.33     209696 Bytes  14.11.2012 16:39:37
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 17:06:53
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 17:06:53
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  08.08.2012 08:35:51
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 17:06:53
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  08.08.2012 08:35:49
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  14.11.2012 16:39:36

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: ignorieren
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 1. März 2013  10:47

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSwMgr.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'NDSTray.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'YahooAUService.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '11325' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <WINDOWS>
Beginne mit der Suche in 'D:\' <Data>
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert


Ende des Suchlaufs: Freitag, 1. März 2013  11:50
Benötigte Zeit:  1:02:22 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  31797 Verzeichnisse wurden überprüft
 784587 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 784587 Dateien ohne Befall
   4022 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
 567594 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         

Natürlich werde ich noch deinen Anweisungen folgen um zu sehen ob der Schein nur trügt oder doch alles weg ist.

Soll ich jetzt als nächstes Combofix ausführen oder doch etwas anderes?

Zitat:

orry schonmal dafür,aber das hat mich einfach wuschig gemacht

Einfach mal überlegen und nachlesen was eine Q ist, es gibt keinen Grund sich darüber den Kopf zu zerbrechen!

Und ja bitte jetzt CF ausführen

Hier ist das Combofix Log

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-02-26.01 - Sagran 01.03.2013  15:56:11.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.6233 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\Documents\~WRL1075.tmp
c:\users\***\videos\anyvideoconverter-free.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-01 bis 2013-03-01  ))))))))))))))))))))))))))))))
.
.
2013-03-01 14:59 . 2013-03-01 14:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-01 06:23 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3B48637-FB5E-4712-99C9-0F45461FD670}\mpengine.dll
2013-02-28 13:49 . 2013-02-28 13:49	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-27 15:15 . 2013-02-27 15:41	--------	d-----w-	c:\users***\AppData\Roaming\Iryls
2013-02-27 15:15 . 2013-02-27 15:15	--------	d-----w-	c:\users\***\AppData\Roaming\Wairs
2013-02-13 07:53 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 07:53 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 07:53 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 07:53 . 2012-12-26 05:47	1111040	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 07:53 . 2012-12-26 04:49	760320	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 08:56 . 2011-06-04 20:14	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-09 09:52 . 2012-04-19 10:13	697712	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-09 09:52 . 2011-06-03 20:13	74096	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2011-03-04 06:11	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 07:54	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-24 21:55 . 2012-12-24 21:55	27760	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2012-12-24 21:55 . 2012-12-24 21:55	14448	----a-w-	c:\windows\system32\drivers\ggflt.sys
2012-12-16 17:11 . 2012-12-21 21:42	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 21:42	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 21:42	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 21:42	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-12-24 14448]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-20 822704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-16 378984]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 09:52]
.
2013-03-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-710839426-2147656522-2442907301-1001Core.job
- c:\users\Sagran\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-14 11:35]
.
2013-03-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-710839426-2147656522-2442907301-1001UA.job
- c:\users\Sagran\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-14 11:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-01  16:00:42
ComboFix-quarantined-files.txt  2013-03-01 15:00
.
Vor Suchlauf: 8 Verzeichnis(se), 250.176.258.048 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 249.756.336.128 Bytes frei
.
- - End Of File - - A88F2139E9829FC6C48A1742AA0FDF67
         

Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

• Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
• Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
• Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
• Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
  
  Code: Alles auswählenAufklappen

  ATTFilter

  Folder::
  c:\users\***\AppData\Roaming\Iryls
  c:\users\***\AppData\Roaming\Wairs
  
  Filelook::
  c:\windows\SysWow64\user.exe
           

  Die Sternchen musst du VORHER in deinen richtigen Benutzernamen wieder zurück editieren!!!
  
  
• Speichere dies als CFScript.txt auf deinem Desktop.
• Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
  Danach wieder anstellen nicht vergessen!
• Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
• Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  
  
• Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
• Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
  Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!