Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mein GMX-Account verschickte Spammails an Adressbuch-Adressen - Laptop war aus (https://www.trojaner-board.de/120387-gmx-account-verschickte-spammails-adressbuch-adressen-laptop-war.html)

Marika_K 25.07.2012 16:46
Mein GMX-Account verschickte Spammails an Adressbuch-Adressen - Laptop war aus
 
Hallo,

vielleicht könnt ihr mir weiterhelfen, denn auch nach einigem Lesen im Board kam ich nicht wirklich weiter (was sicher auch an meinen absolut mangelhaften PC-Kenntnissen liegt ... sorry).

Am Montag in der Nacht zwischen 2.37 und 2.47 Uhr wurden über meinen GMX-Account Spam-Mails an wahrscheinlich alle Adressen versandt, die in meinem GMX-Adressbuch aufgeführt waren. Da auch meine Geschäftsadresse dabei war, habe ich das morgens kurz nach 6 Uhr gemerkt, da ich dort eine Mail "von mir" erhielt. Es handelte sich um eine Mail ohne Betreff mit einem Link.

Ich habe mich dann bei GMX eingeloggt. Bei meiner Anmeldung in GMX (vom Arbeitspc aus) war als letzter Login derselbe Montag mit 2.37 Uhr verzeichnet! Ich war das nicht (da schlaf ich in der Regel)! Mein Laptop war zu diesem Zeitpunkt ausgeschaltet und sogar von der Stromversorgung getrennt. WLAN nutzen wir nicht, sondern gehen immer über Kabelverbindung ins Internet, also gab es auch kein Zugang über unser Netzwerk zuhause (WLAN ausgeschaltet am Router).

Im "Gesendet"-Ordner beim Account waren die gesendeten Mails nicht vorhanden. Im Posteingang befanden sich drei Failure-Mails, da drei der verwendeten Adressen nicht mehr aktuell waren (ich habe das Adressbuch nur wenig benutzt). Es wurden wohl mehrere Nachrichten abgesandt, jede wohl an 5 Adressen, der Link variierte.

Den Text einer der E-Mails füge ich hier an:

Code:
 
Hi. This is the qmail-send program at mailout-de.gmx.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<xxx@t-online.de>:
194.25.134.9_does_not_like_recipient./Remote_host_said:_550-5.1.1_user_unknown/550_5.1.1_Unknown_recipient./Giving_up_on_194.25.134.9./

--- Below this line is a copy of the message.

Return-Path: <xxx@gmx.de>
Received: (qmail 4230 invoked by uid 0); 23 Jul 2012 00:47:41 -0000
Received: from 41.103.166.118 by www016.gmx.net with HTTP;
 Mon, 23 Jul 2012 02:47:39 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Date: Mon, 23 Jul 2012 02:47:39 +0200
From: "xxx" <xxx@gmx.de>
Message-ID: <20120723004739.69240@gmx.net>
MIME-Version: 1.0
To: xxx@yahoo.de, xxx@gmx.de,
 xxx@web.de, xxx@gmx.de, xxx@t-online.de
X-Authenticated: #2434747
X-Flags: 0001
X-Mailer: WWW-Mail 6100 (Global Message Exchange)
X-Priority: 3
X-Provags-ID: V01U2FsdGVkX1/T/B9CRkXTvLeYCZzY3Bm3f1fWsg0kUpZTHQ6owx
 Dj+609OSE1ji3HSbmwBEPc/ve1ulUy+/gKpA==
Content-Transfer-Encoding: 8bit
X-GMX-UID: fPp+cGh6eSEqSNpFTnQhwuh+IGRvb8C9
X-GMX-Antivirus: 0 (no virus found)

hxxp://mentalgolfhelp.com/css/likeit.php?education208.html
Ich habe zunächst folgendes unternommen:
- Originalmail an mich gelöscht (sorry, Schreckreaktion)
- WarnSMS und Warnmail an alle aus dem Adressbuch versandt
- E-Mail-Passwort und alle anderen Internetpasswörter geändert
- Adressbuch bei GMX komplett gelöscht

Ich benutze kein E-Mail-Programm, sondern logge mich direkt über die Internetseite ein. Für die E-Mails nutze ich den Laptop zuhause und den ArbeitsPC sowie ganz selten den PrivatPC meines Bruders, kein Handy o.ä. Zugang ins Internet erfolgt immer über Kabel.
Im Urlaub kann auch mal ein fremder PC genutzt worden sein. In den letzten 6 Monaten habe ich mich allerdings sicher von keinem fremden PC mehr eingeloggt.

Ich nutze Mozilla Firefox, Windows 7 64bit, dazu Avira Antivir.

Nach dem Lesen im Board habe ich einen Scan des Laptops mit Malwarebytes gemacht - dabei wurde nichts gefunden.
Zudem habe ich Avira komplett als Scan laufen lassen - nichts.
Defogger hat keine Fehlermeldung ausgegeben.
OTL hat die angehängten Dokus erzeugt.

Könnt ihr damit schon etwas anfangen?

Haben wir uns nun einen Trojaner eingefangen oder war es ein externer Angriff auf den GMX-Account (ich fürchte nicht, fehlgeschlagene Logins gab es in der Vergangenheit nicht)?

Wie bekomme ich meinen Laptop wieder sauber? Wäre ein Neuaufspielen oder das Wiederherstellen über die Systemsteuerung auf den Zeitpunkt nach Kauf (Februar 2011) sinnvoll und ausreichend (ist eh eine Menge ungenutzter Programme drauf). Oder gibts eine andere Möglichkeit, den Schädling auszurotten?

Einen Trojaner beim ArbeitsPC kann ich denke ich ausschließen, da dieses Netzwerk extrem gut abgesichert ist (sehrgroße Anzahl Nutzer).

Ich freue mich, wenn ihr euch meines Problems annehmen könntet. Für die Mühe jetzt schon vielen Dank!

cosinus 30.07.2012 10:47
Hattest du ein zu einfaches Passwort? Beschreib mal wie das Passwort vorher war, also Länge und Zeichensatz.
Ein schwaches Passwort besteht zB nur aus kleinen Buchstaben oder nur aus Zahlen und ist kürzer als 8 Stellen.

Vgl. auch => Über 300.000 GMX-Accounts kompromittiert | heise Security

Marika_K 30.07.2012 19:13
Hallo Arne,

hüstel...ja, mein Passwort war wirklich nicht das beste. Es war der Vorname einer Freundin plus vier Ziffern, insgesamt also 4 kleine Buchstaben und 4 Ziffern. Dazu hatte ich es noch sehr viele Jahre in Gebrauch (*Reue* ja, ja, ich bin schon ganz klein mit Hut).:pfeiff:

Ich habs inzwischen von einem sicheren FremdPC auf ein wirklich langes (17stelliges) kombiniertes Passwort aus Groß-, Kleinbuchstaben, Sonderzeichen und Ziffern geändert...

Fehllogins hatte ich aber auf meine Account bis dato keine (sieht man mal von meinen eigenen wenigen Vertippten ab).

Noch ein Hinweis: Ich hatte das Passwort auch in Mozilla hinterlegt... auch das habe ich jetzt abgestellt... Kann es daran gelegen haben? Kann man da mitlesen o.ä.?

Weitere Scans in den letzten Tagen erbrachten übrigens auch kein neues Ergebnis mehr.

Entgegen der Vermutung in dem Bericht deines interessanten Links (danke!) habe ich das alte Passwort aber nie für andere Logins / Websites genutzt.

Danke für deine Unterstützung!

cosinus 30.07.2012 20:56
Ja, Passwörter über den Browser abzuspeichern empfand ich noch nie als besonders clevere Idee :pfeiff:
Nimm lieber sowas wie KeePass
Ist zwar etwas unbequemer, aber dafür auch sicherer, Passwörter sind dann sicher und verschlüsselt im Passwort-Tresor :daumenhoc

Marika_K 31.07.2012 08:30
Hallo Arne,

danke, werds beherzigen. Aus Schaden wird frau klug! :rolleyes:

Eine letzte Frage: Muss ich nun noch etwas unternehmen oder kann ich die Sache für mich abhaken? Sprich: muss ich davon ausgehen, dass sich vielleicht doch auf meinem Laptop ein Programm versteckt, das die Eingaben im Internet mitliest und an Dritte weitergibt? Bisher habe ich mich noch nicht wieder getraut, die geänderten Passwörter z.B. für Amazon und Ebay am Laptop zu verwenden.

Und falls es noch ein Risiko gibt: Hilft eine komplette Neuinstallation von Win7 dagegen oder wäre das die Kanonenkugel auf den Spatz? Gibts eine Möglichkeit, einen Befall wirklich auszuschließen?

Wiederherstellen mit Rücksetzungspunkt ist ja glaube ich nicht leider nicht wirksam bei solch einem Problem, oder?

cosinus 31.07.2012 11:20
Wirklich ausschließen kann man eigentlich so nie etwas aber abklopen kann man dein System schon. Nur panisch hysterisch gleich alles wegformatieren find ich gelinde gesagt übertrieben v.a. wenn man noch rein garkeine Anhaltspunkte auf ein infiziertes System hat


Bitte erstmal routinemäßig einen neuen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Marika_K 01.08.2012 12:03
Hallo Arne,

hier kommen die Ergebnisse:

a) Malwarebytes

Code:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Melli :: GROSSER [Administrator]

Schutz: Aktiviert

31.07.2012 15:27:41
mbam-log-2012-07-31 (15-27-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 459441
Laufzeit: 2 Stunde(n), 9 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
dazu noch das Log davor:

Code:

www.malwarebytes.org

Datenbank Version: v2012.07.23.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Melli :: GROSSER [Administrator]

Schutz: Aktiviert

23.07.2012 21:35:04
mbam-log-2012-07-23 (21-35-04).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213570
Laufzeit: 3 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Und nun die Ergebnisse des ESET-Scanners:

Code:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=381fa9a0aaff3840a46a717ef257620b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 07:31:51
# local_time=2012-07-31 09:31:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 10813718 10813718 0 0
# compatibility_mode=5893 16776574 100 94 74282 95380434 0 0
# compatibility_mode=8192 67108863 100 0 610 610 0 0
# scanned=270649
# found=0
# cleaned=0
# scan_time=12547
Das sieht doch gut aus! :)

cosinus 02.08.2012 11:46
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Marika_K 03.08.2012 08:23
Hallo Arne,

anbei das Log:


Code:

# AdwCleaner v1.800 - Logfile created 08/03/2012 at 09:19:58
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Melli - GROSSER
# Running from : C:\Users\Melli\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Melli\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Olli\AppData\LocalLow\AskToolbar

***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
[x64] Key Found : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\504pyo9v.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\yri1tb7c.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1202 octets] - [03/08/2012 09:19:58]

########## EOF - C:\AdwCleaner[R1].txt - [1330 octets] ##########
Können wir langsam Entwarnung geben?

Viele Grüße
Marika

cosinus 03.08.2012 18:43
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Marika_K 04.08.2012 15:03
So, anbei die Textdatei.


Code:
# AdwCleaner v1.800 - Logfile created 08/04/2012 at 15:57:24
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Melli - GROSSER
# Running from : C:\Users\Melli\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Melli\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Olli\AppData\LocalLow\AskToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
[x64] Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Melli\AppData\Roaming\Mozilla\Firefox\Profiles\504pyo9v.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Olli\AppData\Roaming\Mozilla\Firefox\Profiles\yri1tb7c.default\prefs.js

[OK] File is clean.

*************************
Bin gespannt auf deine Einschätzung!

Danke auf jeden Fall schonmal und viele Grüße

cosinus 04.08.2012 18:34
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Marika_K 05.08.2012 19:52
Windows läuft ohne Probleme - ich hatte aber auch gar keine Probleme mit Windows, kein Start im abgesicherten Modus o.ä. Am Laptop ist und war überhaupt nichts ungewöhnliches.

Startmenu ist ganz normal, leere Ordner habe ich nicht. Es funktioniert alles wie gehabt.

cosinus 05.08.2012 19:55
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Marika_K 06.08.2012 19:40
Also, das war das Ergebnis:

OTL Logfile:
Code:
OTL logfile created on: 06.08.2012 20:16:35 - Run 2
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\XXX\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 64,29% Memory free
7,72 Gb Paging File | 6,07 Gb Available in Paging File | 78,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 177,93 Gb Free Space | 76,40% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 106,65 Gb Free Space | 45,87% Space Free | Partition Type: NTFS
 
Computer Name: GROSSER | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.06 20:12:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Downloads\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.05.11 09:30:21 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.11 09:30:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.11 09:30:21 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
PRC - [2012.01.01 14:19:00 | 001,396,576 | ---- | M] (Jumping Bytes) -- C:\Program Files (x86)\Mobile Master\MMAgent.exe
PRC - [2012.01.01 14:18:54 | 000,913,248 | ---- | M] (Jumping Bytes) -- C:\Program Files (x86)\Mobile Master\MMScan.exe
PRC - [2011.06.30 14:04:38 | 000,399,320 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
PRC - [2011.05.06 12:46:50 | 000,368,128 | ---- | M] () -- C:\Program Files (x86)\Polar\Daemon\polard.exe
PRC - [2010.08.15 20:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.30 14:04:42 | 000,183,256 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011.06.30 14:04:40 | 000,060,888 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011.06.30 14:04:32 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomPackage.dll
MOD - [2011.06.30 14:04:30 | 007,964,160 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtGui4.dll
MOD - [2011.06.30 14:04:30 | 002,302,464 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtCore4.dll
MOD - [2011.06.30 14:04:30 | 000,980,480 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll
MOD - [2011.06.30 14:04:30 | 000,357,888 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXml4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.15 10:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012.07.29 21:25:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.11 09:30:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.11 09:30:21 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2011.05.06 12:46:50 | 000,368,128 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Polar\Daemon\polard.exe -- (Polar Daemon)
SRV - [2010.09.28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.07.28 23:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.05.11 10:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.04.06 15:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.02.25 14:07:14 | 000,196,464 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010.02.23 18:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010.02.05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.10.06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.11 09:30:21 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.11 09:30:21 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.26 10:51:02 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.12.26 10:46:11 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010.03.15 11:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.15 10:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.10 16:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.03 12:04:00 | 000,060,408 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.01.12 15:37:34 | 000,325,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.12.07 19:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.07 19:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.12.02 16:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.10.12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.09.24 18:55:00 | 000,212,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.05 13:56:00 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.28 21:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009.07.24 12:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.13 23:12:00 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.19 11:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009.06.19 10:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009.06.17 13:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.04.17 12:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2011.04.04 21:30:29 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {00D87EFE-5060-4EDD-A12A-5FF2FEB843F5}
IE:64bit: - HKLM\..\SearchScopes\{00D87EFE-5060-4EDD-A12A-5FF2FEB843F5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {54121BB5-C9C1-4DAF-88DB-3B031A8B7292}
IE - HKLM\..\SearchScopes\{54121BB5-C9C1-4DAF-88DB-3B031A8B7292}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1588642341-3654694621-1514214323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-1588642341-3654694621-1514214323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-1588642341-3654694621-1514214323-1000\..\SearchScopes,DefaultScope = {54121BB5-C9C1-4DAF-88DB-3B031A8B7292}
IE - HKU\S-1-5-21-1588642341-3654694621-1514214323-1000\..\SearchScopes\{5E0510B2-1446-4873-A9B5-D99D2A1197C5}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1588642341-3654694621-1514214323-1000\..\SearchScopes\{C8C559A3-8046-45AA-B9B9-882BFAC7A0A7}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-1588642341-3654694621-1514214323-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.29 21:25:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 21:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files (x86)\Mobile Master\ext\1\ [2012.01.01 23:25:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.29 21:25:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 21:41:09 | 000,000,000 | ---D | M]
 
[2011.02.27 22:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2012.07.30 17:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\504pyo9v.default\extensions
[2012.07.23 21:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.20 21:31:49 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}
[2012.07.29 21:25:16 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.27 21:19:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.27 21:19:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.27 21:19:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.27 21:19:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.27 21:19:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.27 21:19:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\CHIP MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\CHIP MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1588642341-3654694621-1514214323-1000..\Run: [MMAgent] C:\Program Files (x86)\Mobile Master\MMAgent.exe (Jumping Bytes)
O4 - HKU\S-1-5-21-1588642341-3654694621-1514214323-1000..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D710A5D-46C8-4F99-91B3-BB0881FA2FBF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4130559C-5357-4133-A536-8321DFB2F479}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4250EDED-4004-4B9C-9963-A0E6A9A0E43D}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C0951DC-474C-434C-8640-B9A1FFD5365A}: NameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c9a809c-9203-11e0-a654-1c7508761139}\Shell - "" = AutoRun
O33 - MountPoints2\{0c9a809c-9203-11e0-a654-1c7508761139}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0c9a80b8-9203-11e0-a654-1c7508761139}\Shell - "" = AutoRun
O33 - MountPoints2\{0c9a80b8-9203-11e0-a654-1c7508761139}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7df27b44-dbdd-11e1-8f1f-1c7508761139}\Shell - "" = AutoRun
O33 - MountPoints2\{7df27b44-dbdd-11e1-8f1f-1c7508761139}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: 00TCrdMain - hkey= - key= - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: SmartFaceVWatcher - hkey= - key= - C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosNC - hkey= - key= - C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TWebCamera - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:64bit: >{D6650514-E1E0-46B1-9512-63063248A6CF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 17:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.30 21:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.07.30 17:30:20 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.07.30 17:06:46 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Free Download Manager
[2012.07.30 17:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2012.07.30 17:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2012.07.25 16:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.07.25 16:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.07.25 16:29:10 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2012.07.23 21:33:02 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes
[2012.07.23 21:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.23 21:32:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.23 21:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.23 21:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.08 18:23:01 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Fotobuch2011_neu_mcf-Dateien
[2012.07.08 17:48:02 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Fotobuch_Cover_2011_mcf-Dateien
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.06 20:17:53 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 20:17:53 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 20:09:58 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.06 20:09:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.06 20:09:11 | 3110,080,512 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.05 20:39:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.01 16:27:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.01 16:27:28 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.01 16:27:28 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.01 16:27:28 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.01 16:27:28 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.31 21:31:05 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job
[2012.07.31 15:20:24 | 000,328,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.30 17:06:46 | 000,001,078 | ---- | M] () -- C:\Users\XXX\Desktop\Free Download Manager.lnk
[2012.07.25 16:29:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2012.07.25 16:28:49 | 000,000,000 | ---- | M] () -- C:\Users\XXX\defogger_reenable
[2012.07.23 21:32:56 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.22 08:54:57 | 000,123,758 | ---- | M] () -- C:\Users\XXX\Documents\Fotobuch2011_neu.mcf
[2012.07.22 08:54:48 | 000,123,758 | ---- | M] () -- C:\Users\XXX\Documents\Fotobuch2011_neu.mcf~
[2012.07.08 17:49:37 | 000,241,862 | ---- | M] () -- C:\Users\XXX\Documents\Fotobuch2011_Flächig_bearbeitet1.mcf
[2012.07.08 17:48:03 | 000,071,203 | ---- | M] () -- C:\Users\XXX\Documents\Fotobuch_Cover_2011.mcf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.30 17:06:46 | 000,001,078 | ---- | C] () -- C:\Users\XXX\Desktop\Free Download Manager.lnk
[2012.07.25 16:28:49 | 000,000,000 | ---- | C] () -- C:\Users\XXX\defogger_reenable
[2012.07.23 21:32:56 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.08 18:23:01 | 000,123,758 | ---- | C] () -- C:\Users\XXX\Documents\Fotobuch2011_neu.mcf~
[2012.07.08 18:23:01 | 000,123,758 | ---- | C] () -- C:\Users\XXX\Documents\Fotobuch2011_neu.mcf
[2012.07.08 17:48:02 | 000,071,203 | ---- | C] () -- C:\Users\XXX\Documents\Fotobuch_Cover_2011.mcf
[2011.12.30 21:51:18 | 003,686,400 | ---- | C] () -- C:\Program Files\Samsung New PC Studio USB Driver Installer.msi
[2011.12.30 21:51:18 | 000,105,472 | ---- | C] () -- C:\Program Files\1031.MST
[2011.12.30 21:51:18 | 000,015,832 | ---- | C] () -- C:\Program Files\0x0407.ini
[2011.03.11 23:02:59 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.04 22:12:44 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.02.27 22:20:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.26 11:01:43 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010.12.26 10:39:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.26 10:37:31 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.07.30 21:49:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Free Download Manager
[2012.01.01 23:24:34 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Jumping Bytes
[2011.05.31 19:49:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Lexware
[2012.07.30 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MediaMonkey
[2012.01.03 21:35:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mobile Master
[2011.04.04 21:33:06 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\PC Suite
[2011.12.30 22:03:34 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Samsung
[2011.04.04 20:34:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\SoftGrid Client
[2011.02.27 21:35:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Toshiba
[2011.03.11 23:03:33 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TP
[2012.06.08 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WildTangent
[2011.06.01 22:03:53 | 000,000,000 | ---D | M] -- C:\Users\XXY\AppData\Roaming\Lexware
[2011.03.12 00:19:56 | 000,000,000 | ---D | M] -- C:\Users\XXY\AppData\Roaming\SoftGrid Client
[2011.03.05 23:38:26 | 000,000,000 | ---D | M] -- C:\Users\XXY\AppData\Roaming\Toshiba
[2012.07.31 21:31:05 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\MT66 Software Update.job
[2012.06.15 21:05:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.10 17:29:55 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Adobe
[2011.02.27 21:20:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ATI
[2012.03.28 14:18:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Avira
[2011.03.04 22:12:56 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Corel
[2012.07.30 21:49:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Free Download Manager
[2011.10.09 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\HpUpdate
[2011.02.27 21:19:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Identities
[2011.08.14 11:25:45 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\InstallShield
[2012.01.01 23:24:34 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Jumping Bytes
[2011.05.31 19:49:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Lexware
[2010.11.11 18:56:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Macromedia
[2012.07.23 21:33:02 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Media Center Programs
[2012.07.30 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MediaMonkey
[2012.04.22 09:45:30 | 000,000,000 | --SD | M] -- C:\Users\XXX\AppData\Roaming\Microsoft
[2012.01.03 21:35:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mobile Master
[2011.02.27 22:20:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla
[2011.02.27 21:20:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Nero
[2011.04.04 21:33:06 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\PC Suite
[2011.12.30 22:03:34 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Samsung
[2011.04.04 20:34:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\SoftGrid Client
[2011.02.27 21:35:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Toshiba
[2011.03.11 23:03:33 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TP
[2012.06.08 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WildTangent
 
< %APPDATA%\*.exe /s >
[2011.11.13 12:14:44 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\XXX\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.08.19 15:29:29 | 000,004,710 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:16:13 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\scrrun.dll

< End of report >
Ich hoffe, du sprichst besser spanisch als ich :dummguck:
und bin gespannt auf die Übersetzung!

Viele Grüße
Marika

cosinus 07.08.2012 13:30
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - user.js - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\CHIP MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c9a809c-9203-11e0-a654-1c7508761139}\Shell - "" = AutoRun
O33 - MountPoints2\{0c9a809c-9203-11e0-a654-1c7508761139}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0c9a80b8-9203-11e0-a654-1c7508761139}\Shell - "" = AutoRun
O33 - MountPoints2\{0c9a80b8-9203-11e0-a654-1c7508761139}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7df27b44-dbdd-11e1-8f1f-1c7508761139}\Shell - "" = AutoRun
O33 - MountPoints2\{7df27b44-dbdd-11e1-8f1f-1c7508761139}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Marika_K 09.08.2012 13:49
Hallo Arne,

jetzt hab ichs endlcih geschafft, deine Anweisungen umzusetzen. Ergebnis des OTL:

Code:


User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: XXX
->Temp folder emptied: 901508854 bytes
->Temporary Internet Files folder emptied: 22325552 bytes
->Java cache emptied: 357136 bytes
->FireFox cache emptied: 61988439 bytes
->Flash cache emptied: 56950 bytes
 
User: XXY
->Temp folder emptied: 7003567 bytes
->Temporary Internet Files folder emptied: 27569402 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 467343253 bytes
->Flash cache emptied: 65226 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 397926199 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 754992 bytes
 
Total Files Cleaned = 1.800,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: XXX
->Flash cache emptied: 291 bytes
 
User: XXY
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.1 log created on 08092012_143726

Files\Folders moved on Reboot...
C:\Users\XXX\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\XXX\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
PC läuft - soweit ich das schon sagen kann - störungsfrei. Gibts noch etwas zu tun?

Grüße
Marika

cosinus 10.08.2012 13:07
Log ist leider unvollständig

Marika_K 10.08.2012 13:35
Sorry, zweiter Versuch:


Code:

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{120A8821-2BEE-4C29-BCDA-62C577781992} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{120A8821-2BEE-4C29-BCDA-62C577781992}\ deleted successfully.
C:\Program Files (x86)\MedienTeam66\CHIP MP3 Recorder for YouTube\IEPlugin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c9a809c-9203-11e0-a654-1c7508761139}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c9a809c-9203-11e0-a654-1c7508761139}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c9a809c-9203-11e0-a654-1c7508761139}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c9a809c-9203-11e0-a654-1c7508761139}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c9a80b8-9203-11e0-a654-1c7508761139}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c9a80b8-9203-11e0-a654-1c7508761139}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c9a80b8-9203-11e0-a654-1c7508761139}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c9a80b8-9203-11e0-a654-1c7508761139}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7df27b44-dbdd-11e1-8f1f-1c7508761139}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7df27b44-dbdd-11e1-8f1f-1c7508761139}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7df27b44-dbdd-11e1-8f1f-1c7508761139}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7df27b44-dbdd-11e1-8f1f-1c7508761139}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Melli
->Temp folder emptied: 901508854 bytes
->Temporary Internet Files folder emptied: 22325552 bytes
->Java cache emptied: 357136 bytes
->FireFox cache emptied: 61988439 bytes
->Flash cache emptied: 56950 bytes
 
User: Olli
->Temp folder emptied: 7003567 bytes
->Temporary Internet Files folder emptied: 27569402 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 467343253 bytes
->Flash cache emptied: 65226 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 397926199 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 754992 bytes
 
Total Files Cleaned = 1.800,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Melli
->Flash cache emptied: 291 bytes
 
User: Olli
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.1 log created on 08092012_143726

Files\Folders moved on Reboot...
C:\Users\Melli\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Melli\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
Jetzt okay?

cosinus 11.08.2012 15:36
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Marika_K 12.08.2012 20:24
Hallo Arne,

danke für deine Rückmeldung. Der TDDS-Killer (kuscheliger Name :crazy:!) hat eine verdächtige Datei ausgemacht:

Code:
21:14:45.0001 1816        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:14:45.0266 1816        ============================================================
21:14:45.0266 1816        Current date / time: 2012/08/12 21:14:45.0266
21:14:45.0266 1816        SystemInfo:
21:14:45.0266 1816       
21:14:45.0266 1816        OS Version: 6.1.7601 ServicePack: 1.0
21:14:45.0266 1816        Product type: Workstation
21:14:45.0266 1816        ComputerName: GROSSER
21:14:45.0266 1816        UserName: Melli
21:14:45.0266 1816        Windows directory: C:\Windows
21:14:45.0266 1816        System windows directory: C:\Windows
21:14:45.0266 1816        Running under WOW64
21:14:45.0266 1816        Processor architecture: Intel x64
21:14:45.0266 1816        Number of processors: 4
21:14:45.0266 1816        Page size: 0x1000
21:14:45.0266 1816        Boot type: Normal boot
21:14:45.0266 1816        ============================================================
21:14:45.0812 1816        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:14:45.0812 1816        ============================================================
21:14:45.0812 1816        \Device\Harddisk0\DR0:
21:14:45.0812 1816        MBR partitions:
21:14:45.0812 1816        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1D1C3000
21:14:45.0812 1816        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D28B800, BlocksNum 0x1D0FA800
21:14:45.0812 1816        ============================================================
21:14:45.0843 1816        C: <-> \Device\Harddisk0\DR0\Partition0
21:14:45.0875 1816        D: <-> \Device\Harddisk0\DR0\Partition1
21:14:45.0875 1816        ============================================================
21:14:45.0875 1816        Initialize success
21:14:45.0875 1816        ============================================================
21:14:58.0823 1084        ============================================================
21:14:58.0823 1084        Scan started
21:14:58.0823 1084        Mode: Manual; SigCheck; TDLFS;
21:14:58.0823 1084        ============================================================
21:15:00.0242 1084        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:15:00.0383 1084        1394ohci - ok
21:15:00.0445 1084        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:15:00.0476 1084        ACPI - ok
21:15:00.0523 1084        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:15:00.0601 1084        AcpiPmi - ok
21:15:00.0695 1084        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:15:00.0726 1084        adp94xx - ok
21:15:00.0773 1084        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:15:00.0804 1084        adpahci - ok
21:15:00.0835 1084        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:15:00.0851 1084        adpu320 - ok
21:15:00.0882 1084        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:15:01.0007 1084        AeLookupSvc - ok
21:15:01.0085 1084        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:15:01.0163 1084        AFD - ok
21:15:01.0194 1084        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:15:01.0209 1084        agp440 - ok
21:15:01.0241 1084        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:15:01.0287 1084        ALG - ok
21:15:01.0334 1084        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:15:01.0365 1084        aliide - ok
21:15:01.0428 1084        AMD External Events Utility (57b773d82e8cc3c6d7e02cc8a6632043) C:\Windows\system32\atiesrxx.exe
21:15:01.0521 1084        AMD External Events Utility - ok
21:15:01.0568 1084        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:15:01.0599 1084        amdide - ok
21:15:01.0646 1084        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:15:01.0724 1084        AmdK8 - ok
21:15:02.0255 1084        amdkmdag        (aefaf27f1b7e52c705df4fb6c96732f6) C:\Windows\system32\DRIVERS\atipmdag.sys
21:15:02.0442 1084        amdkmdag - ok
21:15:02.0598 1084        amdkmdap        (8149db73be27950ec72767a1193153a6) C:\Windows\system32\DRIVERS\atikmpag.sys
21:15:02.0629 1084        amdkmdap - ok
21:15:02.0676 1084        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:15:02.0723 1084        AmdPPM - ok
21:15:02.0769 1084        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:15:02.0785 1084        amdsata - ok
21:15:02.0816 1084        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:15:02.0832 1084        amdsbs - ok
21:15:02.0847 1084        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:15:02.0863 1084        amdxata - ok
21:15:02.0957 1084        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:15:02.0972 1084        AntiVirSchedulerService - ok
21:15:03.0003 1084        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:15:03.0003 1084        AntiVirService - ok
21:15:03.0050 1084        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:15:03.0222 1084        AppID - ok
21:15:03.0253 1084        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:15:03.0347 1084        AppIDSvc - ok
21:15:03.0409 1084        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:15:03.0456 1084        Appinfo - ok
21:15:03.0503 1084        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:15:03.0503 1084        arc - ok
21:15:03.0518 1084        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:15:03.0534 1084        arcsas - ok
21:15:03.0549 1084        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:15:03.0643 1084        AsyncMac - ok
21:15:03.0690 1084        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:15:03.0705 1084        atapi - ok
21:15:03.0815 1084        athr            (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
21:15:03.0924 1084        athr - ok
21:15:04.0142 1084        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:15:04.0220 1084        AudioEndpointBuilder - ok
21:15:04.0220 1084        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:15:04.0251 1084        AudioSrv - ok
21:15:04.0314 1084        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
21:15:04.0579 1084        avgntflt - ok
21:15:04.0610 1084        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
21:15:04.0626 1084        avipbb - ok
21:15:04.0641 1084        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:15:04.0657 1084        avkmgr - ok
21:15:04.0704 1084        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:15:04.0797 1084        AxInstSV - ok
21:15:04.0860 1084        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:15:04.0922 1084        b06bdrv - ok
21:15:04.0969 1084        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:15:05.0016 1084        b57nd60a - ok
21:15:05.0187 1084        BBSvc          (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
21:15:05.0219 1084        BBSvc - ok
21:15:05.0328 1084        BBUpdate        (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
21:15:05.0343 1084        BBUpdate - ok
21:15:05.0609 1084        BCM43XX        (5b5c36b2ec500462a715db6bcbaf5da7) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:15:05.0687 1084        BCM43XX - ok
21:15:05.0827 1084        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:15:05.0874 1084        BDESVC - ok
21:15:05.0921 1084        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:15:06.0014 1084        Beep - ok
21:15:06.0123 1084        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:15:06.0170 1084        BFE - ok
21:15:06.0248 1084        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:15:06.0311 1084        BITS - ok
21:15:06.0373 1084        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:15:06.0404 1084        blbdrive - ok
21:15:06.0451 1084        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:15:06.0498 1084        bowser - ok
21:15:06.0529 1084        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:15:06.0576 1084        BrFiltLo - ok
21:15:06.0576 1084        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:15:06.0607 1084        BrFiltUp - ok
21:15:06.0654 1084        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:15:06.0732 1084        Browser - ok
21:15:06.0779 1084        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:15:06.0825 1084        Brserid - ok
21:15:06.0841 1084        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:15:06.0872 1084        BrSerWdm - ok
21:15:06.0888 1084        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:15:06.0935 1084        BrUsbMdm - ok
21:15:06.0950 1084        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:15:06.0981 1084        BrUsbSer - ok
21:15:06.0981 1084        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:15:07.0013 1084        BTHMODEM - ok
21:15:07.0059 1084        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:15:07.0137 1084        bthserv - ok
21:15:07.0153 1084        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:15:07.0200 1084        cdfs - ok
21:15:07.0262 1084        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:15:07.0293 1084        cdrom - ok
21:15:07.0325 1084        CeKbFilter      (7e83e47bd1ff93e11cd69f1ad65a9581) C:\Windows\system32\DRIVERS\CeKbFilter.sys
21:15:07.0340 1084        CeKbFilter - ok
21:15:07.0387 1084        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:15:07.0481 1084        CertPropSvc - ok
21:15:07.0605 1084        cfWiMAXService  (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
21:15:07.0621 1084        cfWiMAXService - ok
21:15:07.0668 1084        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:15:07.0699 1084        circlass - ok
21:15:07.0777 1084        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:15:07.0808 1084        CLFS - ok
21:15:07.0871 1084        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:15:07.0886 1084        clr_optimization_v2.0.50727_32 - ok
21:15:07.0933 1084        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:15:07.0949 1084        clr_optimization_v2.0.50727_64 - ok
21:15:08.0042 1084        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:15:08.0058 1084        clr_optimization_v4.0.30319_32 - ok
21:15:08.0089 1084        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:15:08.0105 1084        clr_optimization_v4.0.30319_64 - ok
21:15:08.0151 1084        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:15:08.0183 1084        CmBatt - ok
21:15:08.0214 1084        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:15:08.0229 1084        cmdide - ok
21:15:08.0276 1084        cmnsusbser      (2b3b8cbea1ba1bce5700607fbdb31034) C:\Windows\system32\DRIVERS\cmnsusbser.sys
21:15:08.0339 1084        cmnsusbser - ok
21:15:08.0385 1084        CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
21:15:08.0417 1084        CNG - ok
21:15:08.0463 1084        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:15:08.0479 1084        Compbatt - ok
21:15:08.0526 1084        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:15:08.0557 1084        CompositeBus - ok
21:15:08.0573 1084        COMSysApp - ok
21:15:08.0666 1084        ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
21:15:08.0682 1084        ConfigFree Service - ok
21:15:08.0713 1084        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:15:08.0729 1084        crcdisk - ok
21:15:08.0775 1084        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:15:08.0838 1084        CryptSvc - ok
21:15:08.0916 1084        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:15:08.0994 1084        DcomLaunch - ok
21:15:09.0041 1084        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:15:09.0103 1084        defragsvc - ok
21:15:09.0150 1084        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:15:09.0212 1084        DfsC - ok
21:15:09.0259 1084        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:15:09.0306 1084        Dhcp - ok
21:15:09.0337 1084        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:15:09.0368 1084        discache - ok
21:15:09.0399 1084        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:15:09.0415 1084        Disk - ok
21:15:09.0462 1084        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:15:09.0509 1084        Dnscache - ok
21:15:09.0540 1084        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:15:09.0618 1084        dot3svc - ok
21:15:09.0665 1084        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:15:09.0727 1084        DPS - ok
21:15:09.0758 1084        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:15:09.0774 1084        drmkaud - ok
21:15:09.0867 1084        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:15:09.0914 1084        DXGKrnl - ok
21:15:09.0945 1084        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:15:09.0992 1084        EapHost - ok
21:15:10.0242 1084        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:15:10.0335 1084        ebdrv - ok
21:15:10.0476 1084        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:15:10.0538 1084        EFS - ok
21:15:10.0663 1084        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:15:10.0725 1084        ehRecvr - ok
21:15:10.0741 1084        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:15:10.0788 1084        ehSched - ok
21:15:10.0897 1084        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:15:10.0928 1084        elxstor - ok
21:15:10.0959 1084        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:15:10.0991 1084        ErrDev - ok
21:15:11.0069 1084        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:15:11.0131 1084        EventSystem - ok
21:15:11.0178 1084        ewusbnet        (8adacffad67394c711698ea074ce3bab) C:\Windows\system32\DRIVERS\ewusbnet.sys
21:15:11.0225 1084        ewusbnet - ok
21:15:11.0287 1084        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:15:11.0349 1084        exfat - ok
21:15:11.0381 1084        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:15:11.0443 1084        fastfat - ok
21:15:11.0552 1084        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:15:11.0615 1084        Fax - ok
21:15:11.0646 1084        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:15:11.0661 1084        fdc - ok
21:15:11.0677 1084        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:15:11.0755 1084        fdPHost - ok
21:15:11.0771 1084        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:15:11.0817 1084        FDResPub - ok
21:15:11.0833 1084        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:15:11.0849 1084        FileInfo - ok
21:15:11.0849 1084        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:15:11.0895 1084        Filetrace - ok
21:15:11.0927 1084        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:15:11.0942 1084        flpydisk - ok
21:15:12.0005 1084        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:15:12.0036 1084        FltMgr - ok
21:15:12.0129 1084        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:15:12.0192 1084        FontCache - ok
21:15:12.0254 1084        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:15:12.0270 1084        FontCache3.0.0.0 - ok
21:15:12.0301 1084        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:15:12.0317 1084        FsDepends - ok
21:15:12.0348 1084        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:15:12.0379 1084        Fs_Rec - ok
21:15:12.0426 1084        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:15:12.0457 1084        fvevol - ok
21:15:12.0473 1084        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:15:12.0488 1084        gagp30kx - ok
21:15:12.0566 1084        GameConsoleService (1fda0df739234c4023851a282dd28704) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
21:15:12.0582 1084        GameConsoleService - ok
21:15:12.0660 1084        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:15:12.0738 1084        gpsvc - ok
21:15:12.0816 1084        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:15:12.0831 1084        gupdate - ok
21:15:12.0831 1084        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:15:12.0847 1084        gupdatem - ok
21:15:12.0863 1084        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:15:12.0909 1084        hcw85cir - ok
21:15:12.0987 1084        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:15:13.0034 1084        HdAudAddService - ok
21:15:13.0065 1084        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:15:13.0097 1084        HDAudBus - ok
21:15:13.0159 1084        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:15:13.0159 1084        HECIx64 - ok
21:15:13.0175 1084        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:15:13.0206 1084        HidBatt - ok
21:15:13.0221 1084        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:15:13.0253 1084        HidBth - ok
21:15:13.0268 1084        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:15:13.0284 1084        HidIr - ok
21:15:13.0315 1084        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:15:13.0362 1084        hidserv - ok
21:15:13.0409 1084        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:15:13.0409 1084        HidUsb - ok
21:15:13.0455 1084        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:15:13.0549 1084        hkmsvc - ok
21:15:13.0596 1084        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:15:13.0643 1084        HomeGroupListener - ok
21:15:13.0689 1084        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:15:13.0736 1084        HomeGroupProvider - ok
21:15:13.0783 1084        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:15:13.0799 1084        HpSAMD - ok
21:15:13.0908 1084        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:15:13.0955 1084        HTTP - ok
21:15:14.0017 1084        hwdatacard      (d969d0e26c5b1e813b17066a8318d5d4) C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:15:14.0048 1084        hwdatacard - ok
21:15:14.0079 1084        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:15:14.0095 1084        hwpolicy - ok
21:15:14.0126 1084        hwusbdev        (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
21:15:14.0157 1084        hwusbdev - ok
21:15:14.0204 1084        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:15:14.0220 1084        i8042prt - ok
21:15:14.0282 1084        iaStor          (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
21:15:14.0313 1084        iaStor - ok
21:15:14.0391 1084        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:15:14.0423 1084        iaStorV - ok
21:15:14.0547 1084        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:15:14.0579 1084        idsvc - ok
21:15:14.0625 1084        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:15:14.0657 1084        iirsp - ok
21:15:14.0735 1084        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:15:14.0797 1084        IKEEXT - ok
21:15:14.0859 1084        Impcd          (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
21:15:14.0906 1084        Impcd - ok
21:15:15.0125 1084        IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\Windows\system32\drivers\RTKVHD64.sys
21:15:15.0171 1084        IntcAzAudAddService - ok
21:15:15.0281 1084        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:15:15.0296 1084        intelide - ok
21:15:15.0343 1084        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:15:15.0374 1084        intelppm - ok
21:15:15.0405 1084        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:15:15.0452 1084        IPBusEnum - ok
21:15:15.0483 1084        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:15:15.0561 1084        IpFilterDriver - ok
21:15:15.0624 1084        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:15:15.0702 1084        iphlpsvc - ok
21:15:15.0749 1084        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:15:15.0780 1084        IPMIDRV - ok
21:15:15.0811 1084        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:15:15.0873 1084        IPNAT - ok
21:15:15.0889 1084        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:15:15.0983 1084        IRENUM - ok
21:15:16.0014 1084        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:15:16.0029 1084        isapnp - ok
21:15:16.0076 1084        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:15:16.0107 1084        iScsiPrt - ok
21:15:16.0170 1084        IviRegMgr      (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:15:16.0185 1084        IviRegMgr - ok
21:15:16.0201 1084        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:15:16.0232 1084        kbdclass - ok
21:15:16.0263 1084        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:15:16.0295 1084        kbdhid - ok
21:15:16.0341 1084        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:15:16.0357 1084        KeyIso - ok
21:15:16.0388 1084        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
21:15:16.0404 1084        KSecDD - ok
21:15:16.0435 1084        KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
21:15:16.0451 1084        KSecPkg - ok
21:15:16.0497 1084        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:15:16.0575 1084        ksthunk - ok
21:15:16.0622 1084        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:15:16.0669 1084        KtmRm - ok
21:15:16.0731 1084        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:15:16.0809 1084        LanmanServer - ok
21:15:16.0856 1084        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:15:16.0903 1084        LanmanWorkstation - ok
21:15:16.0934 1084        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:15:16.0965 1084        lltdio - ok
21:15:17.0012 1084        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:15:17.0059 1084        lltdsvc - ok
21:15:17.0090 1084        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:15:17.0121 1084        lmhosts - ok
21:15:17.0215 1084        LMS            (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:15:17.0231 1084        LMS - ok
21:15:17.0277 1084        LPCFilter      (2825a71e7501cb33b3b9f856610c729d) C:\Windows\system32\DRIVERS\LPCFilter.sys
21:15:17.0293 1084        LPCFilter - ok
21:15:17.0340 1084        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:15:17.0355 1084        LSI_FC - ok
21:15:17.0371 1084        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:15:17.0387 1084        LSI_SAS - ok
21:15:17.0387 1084        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:15:17.0402 1084        LSI_SAS2 - ok
21:15:17.0418 1084        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:15:17.0418 1084        LSI_SCSI - ok
21:15:17.0449 1084        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:15:17.0511 1084        luafv - ok
21:15:17.0574 1084        MBAMProtector  (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
21:15:17.0589 1084        MBAMProtector - ok
21:15:17.0730 1084        MBAMService    (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:15:17.0761 1084        MBAMService - ok
21:15:17.0808 1084        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:15:17.0870 1084        Mcx2Svc - ok
21:15:17.0886 1084        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:15:17.0886 1084        megasas - ok
21:15:17.0933 1084        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:15:17.0948 1084        MegaSR - ok
21:15:17.0979 1084        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:15:18.0042 1084        MMCSS - ok
21:15:18.0057 1084        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:15:18.0089 1084        Modem - ok
21:15:18.0120 1084        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:15:18.0167 1084        monitor - ok
21:15:18.0213 1084        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:15:18.0229 1084        mouclass - ok
21:15:18.0260 1084        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:15:18.0291 1084        mouhid - ok
21:15:18.0338 1084        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:15:18.0354 1084        mountmgr - ok
21:15:18.0447 1084        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:15:18.0463 1084        MozillaMaintenance - ok
21:15:18.0510 1084        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:15:18.0525 1084        mpio - ok
21:15:18.0557 1084        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:15:18.0619 1084        mpsdrv - ok
21:15:18.0697 1084        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:15:18.0775 1084        MpsSvc - ok
21:15:18.0806 1084        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:15:18.0853 1084        MRxDAV - ok
21:15:18.0900 1084        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:15:18.0947 1084        mrxsmb - ok
21:15:18.0993 1084        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:15:19.0040 1084        mrxsmb10 - ok
21:15:19.0056 1084        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:15:19.0071 1084        mrxsmb20 - ok
21:15:19.0103 1084        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:15:19.0118 1084        msahci - ok
21:15:19.0149 1084        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:15:19.0165 1084        msdsm - ok
21:15:19.0212 1084        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:15:19.0243 1084        MSDTC - ok
21:15:19.0290 1084        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:15:19.0337 1084        Msfs - ok
21:15:19.0352 1084        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:15:19.0383 1084        mshidkmdf - ok
21:15:19.0415 1084        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:15:19.0430 1084        msisadrv - ok
21:15:19.0461 1084        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:15:19.0508 1084        MSiSCSI - ok
21:15:19.0508 1084        msiserver - ok
21:15:19.0524 1084        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:15:19.0571 1084        MSKSSRV - ok
21:15:19.0571 1084        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:15:19.0617 1084        MSPCLOCK - ok
21:15:19.0617 1084        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:15:19.0664 1084        MSPQM - ok
21:15:19.0711 1084        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:15:19.0742 1084        MsRPC - ok
21:15:19.0789 1084        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:15:19.0789 1084        mssmbios - ok
21:15:19.0805 1084        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:15:19.0836 1084        MSTEE - ok
21:15:19.0851 1084        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:15:19.0851 1084        MTConfig - ok
21:15:19.0883 1084        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:15:19.0914 1084        Mup - ok
21:15:19.0976 1084        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:15:20.0054 1084        napagent - ok
21:15:20.0101 1084        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:15:20.0132 1084        NativeWifiP - ok
21:15:20.0257 1084        NAUpdate        (9d1cce440552500ded3a62f9d779cdb4) c:\Program Files (x86)\Nero\Update\NASvc.exe
21:15:20.0273 1084        NAUpdate - ok
21:15:20.0382 1084        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:15:20.0413 1084        NDIS - ok
21:15:20.0444 1084        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:15:20.0491 1084        NdisCap - ok
21:15:20.0522 1084        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:15:20.0553 1084        NdisTapi - ok
21:15:20.0600 1084        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:15:20.0678 1084        Ndisuio - ok
21:15:20.0709 1084        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:15:20.0772 1084        NdisWan - ok
21:15:20.0803 1084        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:15:20.0850 1084        NDProxy - ok
21:15:20.0881 1084        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:15:20.0943 1084        NetBIOS - ok
21:15:20.0975 1084        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:15:21.0021 1084        NetBT - ok
21:15:21.0053 1084        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:15:21.0068 1084        Netlogon - ok
21:15:21.0115 1084        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:15:21.0162 1084        Netman - ok
21:15:21.0209 1084        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:15:21.0255 1084        netprofm - ok
21:15:21.0333 1084        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:15:21.0349 1084        NetTcpPortSharing - ok
21:15:21.0396 1084        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:15:21.0411 1084        nfrd960 - ok
21:15:21.0474 1084        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:15:21.0552 1084        NlaSvc - ok
21:15:21.0567 1084        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:15:21.0599 1084        Npfs - ok
21:15:21.0630 1084        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:15:21.0677 1084        nsi - ok
21:15:21.0677 1084        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:15:21.0723 1084        nsiproxy - ok
21:15:21.0864 1084        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:15:21.0942 1084        Ntfs - ok
21:15:22.0051 1084        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:15:22.0113 1084        Null - ok
21:15:22.0160 1084        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:15:22.0176 1084        nvraid - ok
21:15:22.0207 1084        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:15:22.0223 1084        nvstor - ok
21:15:22.0254 1084        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:15:22.0269 1084        nv_agp - ok
21:15:22.0379 1084        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:15:22.0410 1084        odserv - ok
21:15:22.0441 1084        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:15:22.0457 1084        ohci1394 - ok
21:15:22.0535 1084        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:15:22.0566 1084        ose - ok
21:15:22.0737 1084        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:15:22.0784 1084        p2pimsvc - ok
21:15:22.0831 1084        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:15:22.0862 1084        p2psvc - ok
21:15:22.0893 1084        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:15:22.0909 1084        Parport - ok
21:15:22.0925 1084        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:15:22.0940 1084        partmgr - ok
21:15:22.0971 1084        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:15:23.0003 1084        PcaSvc - ok
21:15:23.0049 1084        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:15:23.0081 1084        pci - ok
21:15:23.0096 1084        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:15:23.0096 1084        pciide - ok
21:15:23.0143 1084        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:15:23.0159 1084        pcmcia - ok
21:15:23.0174 1084        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:15:23.0190 1084        pcw - ok
21:15:23.0237 1084        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:15:23.0299 1084        PEAUTH - ok
21:15:23.0377 1084        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:15:23.0408 1084        PerfHost - ok
21:15:23.0455 1084        PGEffect        (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
21:15:23.0471 1084        PGEffect - ok
21:15:23.0580 1084        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:15:23.0658 1084        pla - ok
21:15:23.0736 1084        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:15:23.0767 1084        PlugPlay - ok
21:15:23.0798 1084        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:15:23.0814 1084        PNRPAutoReg - ok
21:15:23.0845 1084        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:15:23.0861 1084        PNRPsvc - ok
21:15:23.0954 1084        Polar Daemon    (d8fc3064e3a3a9c482019d1f1bd1420a) C:\Program Files (x86)\Polar\Daemon\polard.exe
21:15:23.0985 1084        Polar Daemon ( UnsignedFile.Multi.Generic ) - warning
21:15:23.0985 1084        Polar Daemon - detected UnsignedFile.Multi.Generic (1)
21:15:24.0048 1084        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:15:24.0095 1084        PolicyAgent - ok
21:15:24.0126 1084        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:15:24.0173 1084        Power - ok
21:15:24.0251 1084        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:15:24.0297 1084        PptpMiniport - ok
21:15:24.0329 1084        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:15:24.0360 1084        Processor - ok
21:15:24.0407 1084        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:15:24.0453 1084        ProfSvc - ok
21:15:24.0485 1084        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:15:24.0500 1084        ProtectedStorage - ok
21:15:24.0531 1084        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:15:24.0594 1084        Psched - ok
21:15:24.0672 1084        PSI_SVC_2      (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
21:15:24.0687 1084        PSI_SVC_2 - ok
21:15:24.0812 1084        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:15:24.0859 1084        ql2300 - ok
21:15:24.0999 1084        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:15:25.0015 1084        ql40xx - ok
21:15:25.0062 1084        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:15:25.0093 1084        QWAVE - ok
21:15:25.0109 1084        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:15:25.0140 1084        QWAVEdrv - ok
21:15:25.0140 1084        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:15:25.0187 1084        RasAcd - ok
21:15:25.0233 1084        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:15:25.0280 1084        RasAgileVpn - ok
21:15:25.0311 1084        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:15:25.0358 1084        RasAuto - ok
21:15:25.0405 1084        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:15:25.0452 1084        Rasl2tp - ok
21:15:25.0530 1084        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:15:25.0608 1084        RasMan - ok
21:15:25.0655 1084        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:15:25.0701 1084        RasPppoe - ok
21:15:25.0717 1084        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:15:25.0764 1084        RasSstp - ok
21:15:25.0795 1084        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:15:25.0842 1084        rdbss - ok
21:15:25.0857 1084        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:15:25.0873 1084        rdpbus - ok
21:15:25.0904 1084        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:15:25.0935 1084        RDPCDD - ok
21:15:25.0951 1084        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:15:25.0998 1084        RDPENCDD - ok
21:15:26.0013 1084        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:15:26.0045 1084        RDPREFMP - ok
21:15:26.0091 1084        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:15:26.0107 1084        RDPWD - ok
21:15:26.0154 1084        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:15:26.0169 1084        rdyboost - ok
21:15:26.0201 1084        regi            (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
21:15:26.0216 1084        regi - ok
21:15:26.0232 1084        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:15:26.0294 1084        RemoteAccess - ok
21:15:26.0341 1084        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:15:26.0403 1084        RemoteRegistry - ok
21:15:26.0435 1084        ROOTMODEM      (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
21:15:26.0481 1084        ROOTMODEM - ok
21:15:26.0497 1084        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:15:26.0544 1084        RpcEptMapper - ok
21:15:26.0575 1084        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:15:26.0606 1084        RpcLocator - ok
21:15:26.0669 1084        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:15:26.0715 1084        RpcSs - ok
21:15:26.0731 1084        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:15:26.0793 1084        rspndr - ok
21:15:26.0840 1084        RSUSBSTOR      (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
21:15:26.0871 1084        RSUSBSTOR - ok
21:15:26.0918 1084        RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys
21:15:26.0934 1084        RTHDMIAzAudService - ok
21:15:26.0996 1084        RTL8167        (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:15:27.0012 1084        RTL8167 - ok
21:15:27.0043 1084        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:15:27.0059 1084        SamSs - ok
21:15:27.0105 1084        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:15:27.0121 1084        sbp2port - ok
21:15:27.0168 1084        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:15:27.0215 1084        SCardSvr - ok
21:15:27.0246 1084        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:15:27.0277 1084        scfilter - ok
21:15:27.0386 1084        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:15:27.0464 1084        Schedule - ok
21:15:27.0495 1084        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:15:27.0527 1084        SCPolicySvc - ok
21:15:27.0542 1084        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:15:27.0573 1084        SDRSVC - ok
21:15:27.0620 1084        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:15:27.0683 1084        secdrv - ok
21:15:27.0714 1084        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:15:27.0745 1084        seclogon - ok
21:15:27.0776 1084        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:15:27.0823 1084        SENS - ok
21:15:27.0839 1084        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:15:27.0870 1084        SensrSvc - ok
21:15:27.0885 1084        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:15:27.0901 1084        Serenum - ok
21:15:27.0932 1084        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:15:27.0963 1084        Serial - ok
21:15:28.0010 1084        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:15:28.0026 1084        sermouse - ok
21:15:28.0073 1084        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:15:28.0119 1084        SessionEnv - ok
21:15:28.0151 1084        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:15:28.0197 1084        sffdisk - ok
21:15:28.0213 1084        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:15:28.0213 1084        sffp_mmc - ok
21:15:28.0229 1084        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:15:28.0260 1084        sffp_sd - ok
21:15:28.0275 1084        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:15:28.0322 1084        sfloppy - ok
21:15:28.0385 1084        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:15:28.0447 1084        SharedAccess - ok
21:15:28.0509 1084        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:15:28.0572 1084        ShellHWDetection - ok
21:15:28.0603 1084        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:15:28.0619 1084        SiSRaid2 - ok
21:15:28.0619 1084        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:15:28.0634 1084        SiSRaid4 - ok
21:15:28.0650 1084        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:15:28.0697 1084        Smb - ok
21:15:28.0728 1084        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:15:28.0743 1084        SNMPTRAP - ok
21:15:28.0759 1084        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:15:28.0775 1084        spldr - ok
21:15:28.0837 1084        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:15:28.0884 1084        Spooler - ok
21:15:29.0149 1084        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:15:29.0243 1084        sppsvc - ok
21:15:29.0367 1084        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:15:29.0445 1084        sppuinotify - ok
21:15:29.0523 1084        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:15:29.0586 1084        srv - ok
21:15:29.0633 1084        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:15:29.0664 1084        srv2 - ok
21:15:29.0695 1084        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:15:29.0726 1084        srvnet - ok
21:15:29.0773 1084        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:15:29.0835 1084        SSDPSRV - ok
21:15:29.0851 1084        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:15:29.0882 1084        SstpSvc - ok
21:15:29.0913 1084        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:15:29.0913 1084        stexstor - ok
21:15:29.0991 1084        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:15:30.0038 1084        stisvc - ok
21:15:30.0069 1084        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:15:30.0069 1084        swenum - ok
21:15:30.0132 1084        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:15:30.0179 1084        swprv - ok
21:15:30.0257 1084        SynTP          (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
21:15:30.0272 1084        SynTP - ok
21:15:30.0413 1084        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:15:30.0491 1084        SysMain - ok
21:15:30.0615 1084        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:15:30.0662 1084        TabletInputService - ok
21:15:30.0709 1084        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:15:30.0771 1084        TapiSrv - ok
21:15:30.0787 1084        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:15:30.0834 1084        TBS - ok
21:15:31.0037 1084        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:15:31.0083 1084        Tcpip - ok
21:15:31.0364 1084        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:15:31.0411 1084        TCPIP6 - ok
21:15:31.0536 1084        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:15:31.0598 1084        tcpipreg - ok
21:15:31.0661 1084        tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
21:15:31.0676 1084        tdcmdpst - ok
21:15:31.0707 1084        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:15:31.0754 1084        TDPIPE - ok
21:15:31.0785 1084        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:15:31.0817 1084        TDTCP - ok
21:15:31.0863 1084        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:15:31.0941 1084        tdx - ok
21:15:32.0051 1084        TemproMonitoringService (40e154b3125e17ce6f2afad57afcfeb2) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
21:15:32.0066 1084        TemproMonitoringService - ok
21:15:32.0113 1084        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:15:32.0129 1084        TermDD - ok
21:15:32.0191 1084        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:15:32.0253 1084        TermService - ok
21:15:32.0269 1084        TFsExDisk - ok
21:15:32.0300 1084        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:15:32.0331 1084        Themes - ok
21:15:32.0363 1084        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:15:32.0409 1084        THREADORDER - ok
21:15:32.0472 1084        TMachInfo      (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:15:32.0487 1084        TMachInfo - ok
21:15:32.0503 1084        TODDSrv        (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
21:15:32.0519 1084        TODDSrv - ok
21:15:32.0628 1084        TosCoSrv        (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:15:32.0643 1084        TosCoSrv - ok
21:15:32.0706 1084        TOSHIBA Bluetooth Service (895f6972480306cb2a2a246991e34c68) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
21:15:32.0721 1084        TOSHIBA Bluetooth Service - ok
21:15:32.0784 1084        TOSHIBA eco Utility Service (2ab7a4697462edb0c9dfafc529746ba9) C:\Program Files\TOSHIBA\TECO\TecoService.exe
21:15:32.0799 1084        TOSHIBA eco Utility Service - ok
21:15:32.0846 1084        TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:15:32.0862 1084        TOSHIBA HDD SSD Alert Service - ok
21:15:32.0924 1084        tosporte        (8021f63311797085949fa387f7c83583) C:\Windows\system32\DRIVERS\tosporte.sys
21:15:32.0940 1084        tosporte - ok
21:15:32.0987 1084        tosrfbd        (1b09357180034639e62cf745e77ac66e) C:\Windows\system32\DRIVERS\tosrfbd.sys
21:15:33.0002 1084        tosrfbd - ok
21:15:33.0033 1084        tosrfbnp        (62512b5277d88600f8bd4b7aec43569d) C:\Windows\system32\Drivers\tosrfbnp.sys
21:15:33.0033 1084        tosrfbnp - ok
21:15:33.0080 1084        Tosrfcom        (c523a9186c39d65cc9adebb2e1b93ccd) C:\Windows\system32\Drivers\tosrfcom.sys
21:15:33.0096 1084        Tosrfcom - ok
21:15:33.0143 1084        tosrfec        (11699d47b3491d86249c168496d55c92) C:\Windows\system32\DRIVERS\tosrfec.sys
21:15:33.0143 1084        tosrfec - ok
21:15:33.0174 1084        Tosrfhid        (451b8c1815c6cc39650af916c2a382cd) C:\Windows\system32\DRIVERS\Tosrfhid.sys
21:15:33.0189 1084        Tosrfhid - ok
21:15:33.0205 1084        tosrfnds        (b6fdc3c76ffe9c5171eea9c37ea367c2) C:\Windows\system32\DRIVERS\tosrfnds.sys
21:15:33.0221 1084        tosrfnds - ok
21:15:33.0267 1084        TosRfSnd        (e1e045240c1184fa6628f3c7e7ff85d8) C:\Windows\system32\drivers\tosrfsnd.sys
21:15:33.0283 1084        TosRfSnd - ok
21:15:33.0314 1084        Tosrfusb        (de44a2a2459d0504f146e599f4bd2074) C:\Windows\system32\DRIVERS\tosrfusb.sys
21:15:33.0330 1084        Tosrfusb - ok
21:15:33.0439 1084        TPCHSrv        (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
21:15:33.0455 1084        TPCHSrv - ok
21:15:33.0486 1084        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:15:33.0533 1084        TrkWks - ok
21:15:33.0611 1084        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:15:33.0673 1084        TrustedInstaller - ok
21:15:33.0704 1084        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:15:33.0735 1084        tssecsrv - ok
21:15:33.0782 1084        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:15:33.0829 1084        TsUsbFlt - ok
21:15:33.0891 1084        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:15:33.0969 1084        tunnel - ok
21:15:34.0016 1084        TVALZ          (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:15:34.0016 1084        TVALZ - ok
21:15:34.0063 1084        TVALZFL        (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
21:15:34.0079 1084        TVALZFL - ok
21:15:34.0110 1084        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:15:34.0125 1084        uagp35 - ok
21:15:34.0172 1084        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:15:34.0235 1084        udfs - ok
21:15:34.0266 1084        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:15:34.0281 1084        UI0Detect - ok
21:15:34.0313 1084        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:15:34.0344 1084        uliagpkx - ok
21:15:34.0375 1084        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:15:34.0406 1084        umbus - ok
21:15:34.0422 1084        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:15:34.0453 1084        UmPass - ok
21:15:34.0718 1084        UNS            (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:15:34.0781 1084        UNS - ok
21:15:34.0905 1084        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:15:34.0983 1084        upnphost - ok
21:15:35.0030 1084        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:15:35.0077 1084        usbccgp - ok
21:15:35.0108 1084        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:15:35.0124 1084        usbcir - ok
21:15:35.0155 1084        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:15:35.0186 1084        usbehci - ok
21:15:35.0217 1084        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:15:35.0264 1084        usbhub - ok
21:15:35.0264 1084        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:15:35.0295 1084        usbohci - ok
21:15:35.0342 1084        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:15:35.0358 1084        usbprint - ok
21:15:35.0420 1084        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:15:35.0451 1084        usbscan - ok
21:15:35.0498 1084        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:15:35.0545 1084        USBSTOR - ok
21:15:35.0576 1084        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:15:35.0607 1084        usbuhci - ok
21:15:35.0670 1084        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:15:35.0732 1084        usbvideo - ok
21:15:35.0779 1084        usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
21:15:35.0795 1084        usb_rndisx - ok
21:15:35.0826 1084        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:15:35.0888 1084        UxSms - ok
21:15:35.0919 1084        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:15:35.0935 1084        VaultSvc - ok
21:15:35.0982 1084        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:15:35.0997 1084        vdrvroot - ok
21:15:36.0060 1084        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:15:36.0153 1084        vds - ok
21:15:36.0200 1084        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:15:36.0231 1084        vga - ok
21:15:36.0247 1084        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:15:36.0294 1084        VgaSave - ok
21:15:36.0341 1084        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:15:36.0372 1084        vhdmp - ok
21:15:36.0387 1084        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:15:36.0387 1084        viaide - ok
21:15:36.0403 1084        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:15:36.0419 1084        volmgr - ok
21:15:36.0481 1084        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:15:36.0512 1084        volmgrx - ok
21:15:36.0543 1084        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:15:36.0559 1084        volsnap - ok
21:15:36.0606 1084        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:15:36.0621 1084        vsmraid - ok
21:15:36.0777 1084        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:15:36.0840 1084        VSS - ok
21:15:36.0949 1084        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:15:36.0980 1084        vwifibus - ok
21:15:37.0011 1084        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:15:37.0058 1084        vwififlt - ok
21:15:37.0121 1084        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:15:37.0167 1084        W32Time - ok
21:15:37.0167 1084        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:15:37.0199 1084        WacomPen - ok
21:15:37.0230 1084        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:15:37.0277 1084        WANARP - ok
21:15:37.0277 1084        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:15:37.0323 1084        Wanarpv6 - ok
21:15:37.0448 1084        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:15:37.0511 1084        wbengine - ok
21:15:37.0635 1084        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:15:37.0667 1084        WbioSrvc - ok
21:15:37.0713 1084        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:15:37.0729 1084        wcncsvc - ok
21:15:37.0760 1084        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:15:37.0776 1084        WcsPlugInService - ok
21:15:37.0807 1084        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:15:37.0838 1084        Wd - ok
21:15:37.0885 1084        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:15:37.0932 1084        Wdf01000 - ok
21:15:37.0947 1084        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:15:38.0057 1084        WdiServiceHost - ok
21:15:38.0057 1084        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:15:38.0072 1084        WdiSystemHost - ok
21:15:38.0119 1084        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:15:38.0166 1084        WebClient - ok
21:15:38.0213 1084        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:15:38.0259 1084        Wecsvc - ok
21:15:38.0275 1084        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:15:38.0322 1084        wercplsupport - ok
21:15:38.0322 1084        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:15:38.0369 1084        WerSvc - ok
21:15:38.0415 1084        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:15:38.0478 1084        WfpLwf - ok
21:15:38.0493 1084        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:15:38.0509 1084        WIMMount - ok
21:15:38.0525 1084        WinDefend - ok
21:15:38.0540 1084        WinHttpAutoProxySvc - ok
21:15:38.0618 1084        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:15:38.0681 1084        Winmgmt - ok
21:15:38.0837 1084        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:15:38.0915 1084        WinRM - ok
21:15:39.0055 1084        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:15:39.0086 1084        WinUsb - ok
21:15:39.0164 1084        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:15:39.0211 1084        Wlansvc - ok
21:15:39.0273 1084        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:15:39.0289 1084        wlcrasvc - ok
21:15:39.0507 1084        wlidsvc        (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:15:39.0570 1084        wlidsvc - ok
21:15:39.0710 1084        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:15:39.0741 1084        WmiAcpi - ok
21:15:39.0788 1084        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:15:39.0835 1084        wmiApSrv - ok
21:15:39.0882 1084        WMPNetworkSvc - ok
21:15:39.0913 1084        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:15:39.0944 1084        WPCSvc - ok
21:15:39.0975 1084        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:15:39.0991 1084        WPDBusEnum - ok
21:15:40.0022 1084        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:15:40.0069 1084        ws2ifsl - ok
21:15:40.0085 1084        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:15:40.0116 1084        wscsvc - ok
21:15:40.0131 1084        WSearch - ok
21:15:40.0256 1084        WTGService      (624809fe31f0ebba33fd4c98e016dd83) C:\Program Files (x86)\XSManager\WTGService.exe
21:15:40.0287 1084        WTGService - ok
21:15:40.0475 1084        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:15:40.0537 1084        wuauserv - ok
21:15:40.0662 1084        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:15:40.0724 1084        WudfPf - ok
21:15:40.0755 1084        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:15:40.0787 1084        WUDFRd - ok
21:15:40.0818 1084        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:15:40.0849 1084        wudfsvc - ok
21:15:40.0880 1084        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:15:40.0911 1084        WwanSvc - ok
21:15:40.0958 1084        XS Stick Service (e430a4b710c041e87dd0fc46c5963720) C:\Windows\service4g.exe
21:15:40.0974 1084        XS Stick Service - ok
21:15:41.0021 1084        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:15:41.0333 1084        \Device\Harddisk0\DR0 - ok
21:15:41.0364 1084        Boot (0x1200)  (5c573190d2c485cfebf5b2be2ce3fb86) \Device\Harddisk0\DR0\Partition0
21:15:41.0379 1084        \Device\Harddisk0\DR0\Partition0 - ok
21:15:41.0395 1084        Boot (0x1200)  (5f1de8207542db87694ca51272f19bc3) \Device\Harddisk0\DR0\Partition1
21:15:41.0395 1084        \Device\Harddisk0\DR0\Partition1 - ok
21:15:41.0395 1084        ============================================================
21:15:41.0395 1084        Scan finished
21:15:41.0395 1084        ============================================================
21:15:41.0411 2888        Detected object count: 1
21:15:41.0411 2888        Actual detected object count: 1
21:15:53.0423 2888        Polar Daemon ( UnsignedFile.Multi.Generic ) - skipped by user
21:15:53.0423 2888        Polar Daemon ( UnsignedFile.Multi.Generic ) - User select action: Skip
... diese Datei könnte von der Polar Pulsuhr und dem Polar WebSync herrühren. Oder auch nicht...?

Vielen Dank auf jeden Fall schonmal für deine Hilfe an diesem wohl doch nicht so kleinen Problem...

cosinus 13.08.2012 16:05
Die Datei sollt ok sein

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19