| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ASK Toolbar, bzw. Umleitung von google auf ASKWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.10.2012, 20:31
| #1 |
 |  ASK Toolbar, bzw. Umleitung von google auf ASK http://www.trojaner-board.de/125759-...ufgerufen.html Hallo liebe Gemeinde, ich bin neu hier und habe, so wie die meissten "Neuen" wahrscheinlich, ein Problem am Laptop. Da ich mich bereits über die Suchfunktion etwas eingelesen habe bin ich auf den oben angegebenen Thread gestoßen, welcher mein Problem recht treffend beschreibt. Ich habe mir "Freeware" runtergeladen und trotz deaktivieren der Checkbox bei der Ask-Toolbar wurde mein Firefox mit diesem Addon "infiziert". Manuelle Deinstallation dachte ich, das bringt mir das Verschwinden der Ask Einträge. ABER: wenn ich nun die Suche über die Firefox Startseite mache werden mir Suchergebnisse der Ask Seite angezeigt. Bei Suche über die Suchmaschine oben rechts im Firefox (das kleine Eingabefenster neben der Adressleiste) werden ganz "normal" die Google Suchergebnisse angezeigt. Sonst (bisher) keine Auffälligkeiten am Rechner. Ich hab leider nicht ausreichend die Anleitung der Forenregeln gelesen und bin direkt dazu übergegangen die Schritte, die im oben genannten Thread von einem Helfenden angesagt wurden, nachzumachen. So hab ich nun diverse Logdateien, aber leider nicht klar verstanden das die ERST gelesen / gepostet werden müssen, bevor ich weitere Schritte ausführe. Sorry!!  Vielleicht ist ja trotzdem jemand so freundlich und nimmt sich meinem Hilfeersuchen an. Welche Logs ich posten muss oder ob ich die Prozedur nochmal neu beginne, ich weiß es ja nicht  Vielen Dank schonmal im Voraus, beste Grüße, Rex Geändert von Rex.Kramer (20.10.2012 um 21:03 Uhr) |
|
21.10.2012, 13:19
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | ASK Toolbar, bzw. Umleitung von google auf ASK Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
21.10.2012, 19:23
| #3 |
| | ASK Toolbar, bzw. Umleitung von google auf ASK Hallo,
__________________als Erstes Mal: Vielen Dank für Deine Antwort und Mühe! Ich hoffe wir haben Erfolg  Nun die Logs, es gibt mehrere, ich poste sie der Reihe nach (ich habe mir erlaubt die Angaben zum Nutzernamen durch "XXX" zu ersetzen) : 1: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.19.14 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 XXX :: XXX [Administrator] Schutz: Aktiviert 20.10.2012 02:04:26 mbam-log-2012-10-20 (02-04-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 336731 Laufzeit: 51 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.20.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 XXX :: XXX [Administrator] Schutz: Aktiviert 20.10.2012 21:38:48 mbam-log-2012-10-20 (21-38-48).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 337292 Laufzeit: 44 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 3: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.21.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 XXX :: XXX [Administrator] Schutz: Aktiviert 21.10.2012 19:26:11 mbam-log-2012-10-21 (19-26-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 337238 Laufzeit: 33 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 1: Code:
ATTFilter 2012/10/20 02:03:48 +0200 XXX-TOSH XXX MESSAGE Starting protection
2012/10/20 02:03:48 +0200 XXX-TOSH XXX MESSAGE Protection started successfully
2012/10/20 02:03:48 +0200 XXX-TOSH XXX MESSAGE Starting IP protection
2012/10/20 02:03:50 +0200 XXX-TOSH XXX MESSAGE IP Protection started successfully
2012/10/20 02:03:56 +0200 XXX-TOSH XXX MESSAGE Starting database refresh
2012/10/20 02:03:56 +0200 XXX-TOSH XXX MESSAGE Stopping IP protection
2012/10/20 02:03:57 +0200 XXX-TOSH XXX MESSAGE IP Protection stopped successfully
2012/10/20 02:03:59 +0200 XXX-TOSH XXX MESSAGE Database refreshed successfully
2012/10/20 02:03:59 +0200 XXX-TOSH XXX MESSAGE Starting IP protection
2012/10/20 02:04:00 +0200 XXX-TOSH XXX MESSAGE IP Protection started successfully
2012/10/20 02:04:02 +0200 XXX-TOSH XXX MESSAGE Starting database refresh
2012/10/20 02:04:02 +0200 XXX-TOSH XXX MESSAGE Stopping IP protection
2012/10/20 02:04:02 +0200 XXX-TOSH XXX MESSAGE IP Protection stopped successfully
2012/10/20 02:04:05 +0200 XXX-TOSH XXX MESSAGE Database refreshed successfully
2012/10/20 02:04:05 +0200 XXX-TOSH XXX MESSAGE Starting IP protection
2012/10/20 02:04:06 +0200 XXX-TOSH XXX MESSAGE IP Protection started successfully
2012/10/20 17:14:39 +0200 XXX-TOSH XXX MESSAGE Starting protection
2012/10/20 17:14:39 +0200 XXX-TOSH XXX MESSAGE Protection started successfully
2012/10/20 17:14:40 +0200 XXX-TOSH XXX MESSAGE Starting IP protection
2012/10/20 17:14:42 +0200 XXX-TOSH XXX MESSAGE IP Protection started successfully
2012/10/20 21:38:10 +0200 XXX-TOSH XXX MESSAGE Starting database refresh
2012/10/20 21:38:10 +0200 XXX-TOSH XXX MESSAGE Stopping IP protection
2012/10/20 21:38:10 +0200 XXX-TOSH XXX MESSAGE IP Protection stopped successfully
2012/10/20 21:38:12 +0200 XXX-TOSH XXX MESSAGE Database refreshed successfully
2012/10/20 21:38:12 +0200 XXX-TOSH XXX MESSAGE Starting IP protection
2012/10/20 21:38:14 +0200 XXX-TOSH XXX MESSAGE IP Protection started successfully
2012/10/20 21:57:33 +0200 XXX-TOSH XXX IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51220, Process: firefox.exe)
2012/10/20 21:57:33 +0200 XXX-TOSH XXX IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51221, Process: firefox.exe)
2012/10/20 21:57:33 +0200 XXX-TOSH XXX IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51224, Process: firefox.exe)
2012/10/20 21:57:33 +0200 XXX-TOSH XXX IP-BLOCK 213.131.252.251 (Type: outgoing, Port: 51225, Process: firefox.exe)
2012/10/20 22:28:31 +0200 XXX-TOSH XXX MESSAGE Starting protection
2012/10/20 22:28:32 +0200 XXX-TOSH XXX MESSAGE Protection started successfully
2012/10/20 22:28:32 +0200 XXX-TOSH XXX MESSAGE Starting IP protection
2012/10/20 22:28:35 +0200 XXX-TOSH XXX MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/10/21 10:55:47 +0200 XXX-TOSH XXX MESSAGE Starting protection
2012/10/21 10:55:47 +0200 XXX-TOSH XXX MESSAGE Protection started successfully
2012/10/21 10:55:47 +0200 XXX-TOSH XXX MESSAGE Starting IP protection
2012/10/21 10:55:50 +0200 XXX-TOSH XXX MESSAGE IP Protection started successfully
2012/10/21 19:11:08 +0200 XXX-TOSH XXX MESSAGE Executing scheduled update: Daily
2012/10/21 19:11:08 +0200 XXX-TOSH XXX MESSAGE Starting protection
2012/10/21 19:11:08 +0200 XXX-TOSH XXX MESSAGE Protection started successfully
2012/10/21 19:11:08 +0200 XXX-TOSH XXX MESSAGE Starting IP protection
2012/10/21 19:11:11 +0200 XXX-TOSH XXX MESSAGE IP Protection started successfully
2012/10/21 19:11:16 +0200 XXX-TOSH XXX MESSAGE Starting database refresh
2012/10/21 19:11:16 +0200 XXX-TOSH XXX MESSAGE Scheduled update executed successfully: database updated from version v2012.10.20.08 to version v2012.10.21.05
2012/10/21 19:11:16 +0200 XXX-TOSH XXX MESSAGE Stopping IP protection
2012/10/21 19:11:16 +0200 XXX-TOSH XXX MESSAGE IP Protection stopped successfully
2012/10/21 19:11:18 +0200 XXX-TOSH XXX MESSAGE Database refreshed successfully
2012/10/21 19:11:18 +0200 XXX-TOSH XXX MESSAGE Starting IP protection
2012/10/21 19:11:21 +0200 XXX-TOSH XXX MESSAGE IP Protection started successfully
|
|
22.10.2012, 09:37
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ASK Toolbar, bzw. Umleitung von google auf ASK adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.10.2012, 16:12
| #5 |
| | ASK Toolbar, bzw. Umleitung von google auf ASK Hallo, es hat leider etwas gedauert, sorry, ich musste zu einem Seminar (beruflich). Hier die Daten: Code:
ATTFilter # AdwCleaner v2.005 - Datei am 25/10/2012 um 17:09:06 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : XXX - XXX-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\XXX\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\XXX\Desktop\Ask
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ei2avujm.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1313 octets] - [20/10/2012 11:32:37]
AdwCleaner[S1].txt - [1510 octets] - [20/10/2012 17:12:23]
AdwCleaner[R2].txt - [993 octets] - [20/10/2012 22:26:28]
AdwCleaner[S2].txt - [1054 octets] - [20/10/2012 22:27:03]
AdwCleaner[R3].txt - [1033 octets] - [25/10/2012 17:09:06]
########## EOF - C:\AdwCleaner[R3].txt - [1093 octets] ##########
Code:
ATTFilter # AdwCleaner v2.005 - Datei am 20/10/2012 um 11:32:37 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : XXX - XXX-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\XXX\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\XXX\AppData\Local\Temp\AskSearch
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://nl.ask.com/?l=dis&o=14597
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ei2avujm.default\prefs.js
Gefunden : user_pref("browser.search.order.1", "Ask.com");
*************************
AdwCleaner[R1].txt - [1188 octets] - [20/10/2012 11:32:37]
########## EOF - C:\AdwCleaner[R1].txt - [1248 octets] ##########
Code:
ATTFilter # AdwCleaner v2.005 - Datei am 20/10/2012 um 17:12:23 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : XXX - XXX-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\XXX\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\XXX\AppData\Local\Temp\AskSearch
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://nl.ask.com/?l=dis&o=14597 --> hxxp://www.google.com
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ei2avujm.default\prefs.js
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ei2avujm.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
*************************
AdwCleaner[R1].txt - [1313 octets] - [20/10/2012 11:32:37]
AdwCleaner[S1].txt - [1385 octets] - [20/10/2012 17:12:23]
########## EOF - C:\AdwCleaner[S1].txt - [1445 octets] ##########
|
|
25.10.2012, 19:41
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ASK Toolbar, bzw. Umleitung von google auf ASK Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> ASK Toolbar, bzw. Umleitung von google auf ASK |
|
29.10.2012, 18:14
| #7 |
| | ASK Toolbar, bzw. Umleitung von google auf ASK Und wieder mit etwas Zeitverzögerung: Code:
ATTFilter OTL logfile created on: 29.10.2012 17:49:49 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXX\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 57,42% Memory free 7,72 Gb Paging File | 5,79 Gb Available in Paging File | 74,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 349,32 Gb Total Space | 80,76 Gb Free Space | 23,12% Space Free | Partition Type: NTFS Drive D: | 348,93 Gb Total Space | 238,84 Gb Free Space | 68,45% Space Free | Partition Type: NTFS Computer Name: XXX-TOSH | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.29 17:45:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe PRC - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.08 17:24:21 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 14:57:22 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 14:57:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.02.23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.01.26 11:26:48 | 000,573,224 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.08.15 19:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE PRC - [2010.02.24 16:54:04 | 002,721,120 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2010.02.24 01:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe PRC - [2010.02.04 15:06:00 | 000,427,416 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2009.11.18 15:10:00 | 000,664,904 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2008.07.24 11:24:00 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe ========== Modules (No Company Name) ========== MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ========== Services (SafeList) ========== SRV:64bit: - [2010.03.15 09:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2012.10.27 18:41:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.05.08 14:57:22 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 14:57:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.01.26 11:26:48 | 000,573,224 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.09.28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.05.11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2010.04.06 14:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.02.25 13:07:14 | 000,196,464 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2010.02.23 17:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV - [2010.02.05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV - [2010.01.28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.10.06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.05.08 14:57:23 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 14:57:23 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.24 18:43:27 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.12.24 18:38:31 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.03.22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2010.03.15 10:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.03.15 09:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.02.10 15:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.03 11:04:00 | 000,060,408 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2010.01.15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.01.12 14:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.07 09:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.12.02 15:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.09.24 17:55:00 | 000,212,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.05 12:56:00 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd) DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.28 20:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom) DRV:64bit: - [2009.07.24 11:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds) DRV:64bit: - [2009.07.14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 22:12:00 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec) DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009.06.19 10:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid) DRV:64bit: - [2009.06.19 09:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp) DRV:64bit: - [2009.06.17 12:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{1DD22DB5-4F84-43D6-BA70-BD909723FE49}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{7AE628C5-8AEA-4035-AC45-2CC4E9C3107C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3381630921-447404086-930336115-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3381630921-447404086-930336115-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3381630921-447404086-930336115-1001\..\SearchScopes\{0A0001C4-5F27-495C-8AB5-349205B49D48}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-3381630921-447404086-930336115-1001\..\SearchScopes\{68664B4D-3805-4C72-8481-0FB5F4662815}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-3381630921-447404086-930336115-1001\..\SearchScopes\{B7BC5EA5-3350-41FA-8457-36D72FCCA5EF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=^FV&apn_dtid=^YYYYYY^YY^NL&apn_uid=4a12157a-b8c7-41f5-bf5a-e1a44f7cbc45&apn_sauid=CBCE33E1-46C5-4AC2-B0D3-926B2FA8C038 IE - HKU\S-1-5-21-3381630921-447404086-930336115-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3381630921-447404086-930336115-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.4 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 FF - prefs.js..network.proxy.ftp: "87.98.136.60" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.http: "87.98.136.60" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "87.98.136.60" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "87.98.136.60" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 18:41:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 18:41:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 18:41:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 18:41:11 | 000,000,000 | ---D | M] [2011.03.03 19:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2012.10.23 07:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ei2avujm.default\extensions [2011.07.31 09:11:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ei2avujm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.23 07:32:00 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ei2avujm.default\extensions\stealthyextension@gmail.com.xpi [2012.10.27 18:41:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.10.27 18:41:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.27 18:41:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.27 18:41:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.10.27 18:41:13 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.12 19:38:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.02 18:13:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.12 19:38:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.12 19:38:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.12 19:38:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.12 19:38:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3381630921-447404086-930336115-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-21-3381630921-447404086-930336115-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-3381630921-447404086-930336115-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3381630921-447404086-930336115-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3381630921-447404086-930336115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B43D96A8-B7D0-47F6-A407-014F55E23679}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX:64bit: >{D6650514-E1E0-46B1-9512-63063248A6CF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.29 17:45:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe [2012.10.29 15:05:39 | 000,000,000 | ---D | C] -- C:\Users\Uschi\AppData\Local\{53307260-A02D-4280-BBC3-E3D58410E41D} [2012.10.27 22:29:34 | 000,000,000 | ---D | C] -- C:\Users\Uschi\AppData\Local\{72A86D35-668D-43BF-A578-4E1648A0CC79} [2012.10.27 18:41:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.27 09:45:55 | 000,000,000 | ---D | C] -- C:\Users\Uschi\AppData\Local\{DF86B288-931D-474D-81A7-0F7BC9AA5A9F} [2012.10.26 12:45:06 | 000,000,000 | ---D | C] -- C:\Users\Uschi\AppData\Local\{46F1BBBD-E04B-4C14-921D-A09C08118548} [2012.10.25 14:05:48 | 000,000,000 | ---D | C] -- C:\Users\Uschi\AppData\Local\{F044CC23-C6F7-416E-A1AE-3242E34DB67F} [2012.10.23 11:05:45 | 000,000,000 | ---D | C] -- C:\Users\Uschi\AppData\Local\{FE847F50-F275-434A-B91F-82660725F75A} [2012.10.21 18:11:44 | 000,000,000 | ---D | C] -- C:\Users\Uschi\Desktop\ASK [2012.10.20 17:05:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.20 16:58:54 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.20 16:50:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.20 16:50:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.20 16:50:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.20 16:50:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.20 16:50:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.20 08:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.20 01:03:39 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2012.10.20 01:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.20 01:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.20 01:03:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.20 01:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.19 15:53:26 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\FFOutput [2012.10.19 15:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime [2012.10.19 15:10:09 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{F23DA5A2-61BE-457B-AB05-904482AA125C} [2012.10.19 15:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.10.18 13:46:20 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{A85D0D93-48D0-42CC-A390-56E093B37E12} [2012.10.17 12:05:34 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{1660DC48-7187-4532-9025-120F21F11FE9} [2012.10.16 13:38:51 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{CD4BD768-6AF7-44A9-90CD-EBCFCC926042} [2012.10.15 10:27:55 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{95D345E5-B546-4BFD-B1D4-FF89895AAC4A} [2012.10.14 17:47:14 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{F04C08B8-D208-4B70-B0EF-1C697CFB5839} [2012.10.13 17:27:26 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{092DB49D-8335-4D40-BD18-5D2890DCCB6D} [2012.10.12 12:17:10 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{AB4FE0FF-FD7A-4886-B6DF-B68D2A2CAB53} [2012.10.11 07:10:02 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{50AAD184-4C0B-4D47-A6E2-DE3119BDD8B1} [2012.10.10 09:22:30 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{5D83F02F-5B2D-44F4-8883-AB3C3C170360} [2012.10.09 08:50:05 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{50FDABDE-7CEE-426F-9649-6FE7AD7B0FAD} [2012.10.08 18:48:37 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{45A0A1AF-5F92-47B9-9510-316ABEDED73B} [2012.10.07 10:28:38 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{E891FCDB-60AE-40BC-8ACF-07565017BB29} [2012.10.02 18:41:11 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\2012_10_02 [2012.10.02 18:32:38 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{765F124E-1004-4ECD-AC25-7CE624272AD5} [2012.10.02 18:32:28 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Windows Live Writer [2012.10.02 18:32:28 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Windows Live Writer [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.29 17:45:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe [2012.10.29 17:45:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.28 08:53:44 | 019,924,106 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.28 08:53:44 | 006,529,258 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.28 08:53:44 | 006,397,280 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.28 08:53:44 | 005,771,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.28 08:53:44 | 000,005,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.21 18:18:05 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.21 18:18:04 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.21 18:10:28 | 3110,080,512 | -HS- | M] () -- C:\hiberfil.sys [2012.10.10 09:23:26 | 001,379,387 | ---- | M] () -- C:\Users\XXX\image002.jpg [2012.10.02 21:45:52 | 000,001,457 | ---- | M] () -- C:\Users\XXX\Desktop\Windows Live Mail.lnk [2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.20 16:50:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.20 16:50:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.20 16:50:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.20 16:50:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.20 16:50:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.10 10:57:52 | 002,858,493 | ---- | C] () -- C:\Users\XXX\image002cut.jpg [2012.10.10 10:57:41 | 001,379,387 | ---- | C] () -- C:\Users\XXX\image002.jpg [2012.10.02 21:45:52 | 000,001,457 | ---- | C] () -- C:\Users\XXX\Desktop\Windows Live Mail.lnk [2011.11.24 17:40:31 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2011.10.13 21:15:31 | 000,007,601 | ---- | C] () -- C:\Users\XXX\AppData\Local\resmon.resmoncfg [2011.03.18 16:47:19 | 000,000,600 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\winscp.rnd [2011.03.03 22:17:44 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.03 20:55:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.24 18:53:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2010.12.24 18:33:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.12.24 18:30:28 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.03.05 01:05:23 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AMS [2012.10.02 18:44:05 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canon [2012.07.08 10:05:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoft [2011.07.31 09:25:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.22 00:01:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Itwale [2012.10.20 00:56:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\SoftGrid Client [2012.07.28 07:50:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Syzyki [2011.05.22 10:42:52 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Toshiba [2011.03.03 22:18:22 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TP [2012.06.30 16:53:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Vofa [2012.10.02 22:20:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.20 17:05:28 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.03.03 19:08:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.12.24 18:34:07 | 000,000,000 | ---D | M] -- C:\Intel [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.09.14 11:47:51 | 000,000,000 | R--D | M] -- C:\Program Files [2012.10.27 22:29:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2012.10.20 01:03:25 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.03.03 19:08:12 | 000,000,000 | -HSD | M] -- C:\Programme [2012.10.20 16:58:55 | 000,000,000 | ---D | M] -- C:\Qoobox [2012.10.29 17:51:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.03.03 19:16:41 | 000,000,000 | ---D | M] -- C:\Toshiba [2011.03.03 19:08:21 | 000,000,000 | R--D | M] -- C:\Users [2012.10.20 16:58:54 | 000,000,000 | ---D | M] -- C:\Windows < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.03.04 17:42:27 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Adobe [2011.03.05 01:05:23 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AMS [2012.09.11 19:46:23 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Apple Computer [2011.03.03 19:17:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ATI [2011.11.03 21:51:34 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Avira [2012.10.02 18:44:05 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canon [2012.07.08 10:05:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoft [2011.07.31 09:25:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.03 19:16:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Identities [2012.07.22 00:01:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Itwale [2010.11.11 17:56:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Macromedia [2012.10.20 01:03:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Media Center Programs [2012.06.30 16:53:12 | 000,000,000 | --SD | M] -- C:\Users\XXX\AppData\Roaming\Microsoft [2011.03.03 19:36:33 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla [2012.01.30 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Nero [2012.07.27 23:35:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Skype [2012.07.27 23:35:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\skypePM [2012.10.20 00:56:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\SoftGrid Client [2012.07.28 07:50:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Syzyki [2011.05.22 10:42:52 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Toshiba [2011.03.03 22:18:22 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TP [2012.05.06 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\vlc [2012.06.30 16:53:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Vofa [2012.10.02 22:20:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Windows Live Writer [2011.03.05 14:11:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.09.20 15:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\XXX\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > < End of report > |
|
31.10.2012, 15:03
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ASK Toolbar, bzw. Umleitung von google auf ASKCode:
ATTFilter [2012.10.20 16:50:15 | 000,000,000 | ---D | C] -- C:\Qoobox
Ohne Anweisung sollte das nicht gemacht werden, warum hast du nichtmal das Log dazu gepostet? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.10.2012, 21:50
| #9 |
| | ASK Toolbar, bzw. Umleitung von google auf ASKIch hatte es zu Anfang des Threads geschrieben, hab gedacht ich krieg es alleine hin  Ich hab leider chronisch wenig Zeit und mich in diesem Fall wie ein Anfänger benommen  Hoffe wir kriegen es trotzdem hin und ich hab nichts verschlimmbessert: Code:
ATTFilter ComboFix 12-10-19.01 - XXX 20.10.2012 17:51:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3955.2117 [GMT 2:00]
ausgeführt von:: c:\users\XXX\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-20 bis 2012-10-20 ))))))))))))))))))))))))))))))
.
.
2012-10-20 15:55 . 2012-10-20 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-20 07:34 . 2012-10-20 07:34 -------- d-----w- c:\program files (x86)\ESET
2012-10-20 00:03 . 2012-10-20 00:03 -------- d-----w- c:\users\XXX\AppData\Roaming\Malwarebytes
2012-10-20 00:03 . 2012-10-20 00:03 -------- d-----w- c:\programdata\Malwarebytes
2012-10-20 00:03 . 2012-10-20 00:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-20 00:03 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-19 14:52 . 2012-10-20 09:24 -------- d-----w- c:\program files (x86)\FreeTime
2012-10-19 14:09 . 2012-10-19 14:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-08 17:50 . 2012-10-20 15:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD44BC74-04A5-487A-A38E-3A43C3FA6192}\offreg.dll
2012-10-02 17:32 . 2012-10-02 21:20 -------- d-----w- c:\users\XXX\AppData\Roaming\Windows Live Writer
2012-10-02 17:32 . 2012-10-02 17:32 -------- d-----w- c:\users\XXX\AppData\Local\Windows Live Writer
2012-10-02 15:56 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD44BC74-04A5-487A-A38E-3A43C3FA6192}\mpengine.dll
2012-10-02 15:54 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 13:32 . 2012-07-11 16:00 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 13:32 . 2011-09-25 16:37 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-30 22:43 . 2011-03-03 18:46 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-22 18:12 . 2012-09-11 18:33 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-11 18:33 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-11 18:33 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-11 18:33 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 11:01 . 2012-09-14 10:48 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2011-04-08 18:03 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2011-04-08 18:03 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-02 17:58 . 2012-09-11 18:34 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-11 18:34 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-03 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-10-28 1406248]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-2-24 2721120]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-19 115168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-26 573224]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 188928]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2010-12-24 20592]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 14576764
*Deregistered* - 14576764
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Uschi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ei2avujm.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 46.23.64.124
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-11 21:22; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-19 16:09; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Essiuneks - c:\users\XXX\AppData\Roaming\Syzyki\byihd.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-20 17:58:52
ComboFix-quarantined-files.txt 2012-10-20 15:58
.
Vor Suchlauf: 8 Verzeichnis(se), 82.075.824.128 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 98.410.930.176 Bytes frei
.
- - End Of File - - 1D055CAC53AF5A9DB4CD1F44451F37C1
|
|
31.10.2012, 22:13
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ASK Toolbar, bzw. Umleitung von google auf ASK 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.10.2012, 22:41
| #11 |
| | ASK Toolbar, bzw. Umleitung von google auf ASK asw-MBR Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-31 22:19:00
-----------------------------
22:19:00.321 OS Version: Windows x64 6.1.7601 Service Pack 1
22:19:00.321 Number of processors: 4 586 0x2505
22:19:00.322 ComputerName: XXX-TOSH UserName: XXX
22:19:02.239 Initialize success
22:20:08.117 AVAST engine defs: 12103100
22:20:12.617 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:20:12.620 Disk 0 Vendor: TOSHIBA_ GN00 Size: 715404MB BusType: 3
22:20:12.703 Disk 0 MBR read successfully
22:20:12.707 Disk 0 MBR scan
22:20:12.711 Disk 0 Windows 7 default MBR code
22:20:12.722 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
22:20:12.736 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 357702 MB offset 821248
22:20:12.765 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 357301 MB offset 733394944
22:20:12.805 Disk 0 scanning C:\Windows\system32\drivers
22:20:23.833 Service scanning
22:20:57.470 Modules scanning
22:20:57.481 Disk 0 trace - called modules:
22:20:57.552 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:20:57.568 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c8b060]
22:20:57.572 3 CLASSPNP.SYS[fffff88001abb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049bb050]
22:20:58.752 AVAST engine scan C:\Windows
22:21:01.698 AVAST engine scan C:\Windows\system32
22:23:46.428 AVAST engine scan C:\Windows\system32\drivers
22:24:01.218 AVAST engine scan C:\Users\XXX
22:30:49.921 AVAST engine scan C:\ProgramData
22:32:04.976 Scan finished successfully
22:33:42.519 Disk 0 MBR has been saved successfully to "C:\Users\XXX\Desktop\MBR.dat"
22:33:42.523 The log file has been saved successfully to "C:\Users\XXX\Desktop\aswMBR.txt"
TDSS-Killer Code:
ATTFilter 22:35:27.0482 4788 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
22:35:27.0564 4788 ============================================================
22:35:27.0564 4788 Current date / time: 2012/10/31 22:35:27.0564
22:35:27.0564 4788 SystemInfo:
22:35:27.0564 4788
22:35:27.0564 4788 OS Version: 6.1.7601 ServicePack: 1.0
22:35:27.0564 4788 Product type: Workstation
22:35:27.0564 4788 ComputerName: XXX-TOSH
22:35:27.0564 4788 UserName: XXX
22:35:27.0564 4788 Windows directory: C:\Windows
22:35:27.0564 4788 System windows directory: C:\Windows
22:35:27.0564 4788 Running under WOW64
22:35:27.0564 4788 Processor architecture: Intel x64
22:35:27.0564 4788 Number of processors: 4
22:35:27.0564 4788 Page size: 0x1000
22:35:27.0564 4788 Boot type: Normal boot
22:35:27.0564 4788 ============================================================
22:35:27.0974 4788 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:35:28.0013 4788 ============================================================
22:35:28.0013 4788 \Device\Harddisk0\DR0:
22:35:28.0013 4788 MBR partitions:
22:35:28.0013 4788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x2BAA3000
22:35:28.0013 4788 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2BB6B800, BlocksNum 0x2B9DA800
22:35:28.0013 4788 ============================================================
22:35:28.0085 4788 C: <-> \Device\Harddisk0\DR0\Partition1
22:35:28.0116 4788 D: <-> \Device\Harddisk0\DR0\Partition2
22:35:28.0116 4788 ============================================================
22:35:28.0116 4788 Initialize success
22:35:28.0116 4788 ============================================================
22:35:54.0021 5460 ============================================================
22:35:54.0021 5460 Scan started
22:35:54.0021 5460 Mode: Manual; SigCheck; TDLFS;
22:35:54.0021 5460 ============================================================
22:35:54.0441 5460 ================ Scan system memory ========================
22:35:54.0441 5460 System memory - ok
22:35:54.0442 5460 ================ Scan services =============================
22:35:54.0642 5460 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:35:54.0732 5460 1394ohci - ok
22:35:54.0787 5460 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:35:54.0803 5460 ACPI - ok
22:35:54.0837 5460 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:35:54.0854 5460 AcpiPmi - ok
22:35:54.0906 5460 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:35:54.0952 5460 adp94xx - ok
22:35:54.0979 5460 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:35:54.0996 5460 adpahci - ok
22:35:55.0033 5460 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:35:55.0047 5460 adpu320 - ok
22:35:55.0083 5460 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:35:55.0154 5460 AeLookupSvc - ok
22:35:55.0238 5460 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:35:55.0256 5460 AFD - ok
22:35:55.0298 5460 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:35:55.0309 5460 agp440 - ok
22:35:55.0342 5460 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:35:55.0421 5460 ALG - ok
22:35:55.0466 5460 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:35:55.0477 5460 aliide - ok
22:35:55.0546 5460 [ 57B773D82E8CC3C6D7E02CC8A6632043 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:35:55.0606 5460 AMD External Events Utility - ok
22:35:55.0640 5460 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:35:55.0649 5460 amdide - ok
22:35:55.0712 5460 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:35:55.0728 5460 AmdK8 - ok
22:35:55.0877 5460 [ AEFAF27F1B7E52C705DF4FB6C96732F6 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
22:35:56.0010 5460 amdkmdag - ok
22:35:56.0064 5460 [ 8149DB73BE27950EC72767A1193153A6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:35:56.0100 5460 amdkmdap - ok
22:35:56.0137 5460 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:35:56.0151 5460 AmdPPM - ok
22:35:56.0208 5460 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:35:56.0222 5460 amdsata - ok
22:35:56.0259 5460 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:35:56.0273 5460 amdsbs - ok
22:35:56.0285 5460 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:35:56.0295 5460 amdxata - ok
22:35:56.0398 5460 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:35:56.0460 5460 AntiVirSchedulerService - ok
22:35:56.0510 5460 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:35:56.0520 5460 AntiVirService - ok
22:35:56.0574 5460 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:35:56.0610 5460 AppID - ok
22:35:56.0652 5460 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:35:56.0695 5460 AppIDSvc - ok
22:35:56.0770 5460 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:35:56.0807 5460 Appinfo - ok
22:35:56.0950 5460 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:35:56.0964 5460 Apple Mobile Device - ok
22:35:57.0029 5460 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:35:57.0043 5460 arc - ok
22:35:57.0057 5460 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:35:57.0068 5460 arcsas - ok
22:35:57.0095 5460 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:35:57.0130 5460 AsyncMac - ok
22:35:57.0197 5460 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:35:57.0210 5460 atapi - ok
22:35:57.0264 5460 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:35:57.0297 5460 athr - ok
22:35:57.0384 5460 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:35:57.0428 5460 AudioEndpointBuilder - ok
22:35:57.0438 5460 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:35:57.0476 5460 AudioSrv - ok
22:35:57.0494 5460 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:35:57.0648 5460 avgntflt - ok
22:35:57.0701 5460 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:35:57.0716 5460 avipbb - ok
22:35:57.0730 5460 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:35:57.0741 5460 avkmgr - ok
22:35:57.0792 5460 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:35:57.0907 5460 AxInstSV - ok
22:35:57.0990 5460 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:35:58.0070 5460 b06bdrv - ok
22:35:58.0135 5460 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:35:58.0170 5460 b57nd60a - ok
22:35:58.0280 5460 [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
22:35:58.0344 5460 BCM43XX - ok
22:35:58.0369 5460 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:35:58.0400 5460 BDESVC - ok
22:35:58.0464 5460 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:35:58.0501 5460 Beep - ok
22:35:58.0584 5460 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:35:58.0626 5460 BFE - ok
22:35:58.0642 5460 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:35:58.0698 5460 BITS - ok
22:35:58.0721 5460 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:35:58.0731 5460 blbdrive - ok
22:35:58.0833 5460 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:35:58.0846 5460 Bonjour Service - ok
22:35:58.0908 5460 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:35:58.0930 5460 bowser - ok
22:35:58.0985 5460 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:35:59.0019 5460 BrFiltLo - ok
22:35:59.0034 5460 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:35:59.0049 5460 BrFiltUp - ok
22:35:59.0119 5460 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:35:59.0154 5460 BridgeMP - ok
22:35:59.0206 5460 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:35:59.0233 5460 Browser - ok
22:35:59.0252 5460 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:35:59.0288 5460 Brserid - ok
22:35:59.0311 5460 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:35:59.0326 5460 BrSerWdm - ok
22:35:59.0351 5460 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:35:59.0371 5460 BrUsbMdm - ok
22:35:59.0393 5460 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:35:59.0411 5460 BrUsbSer - ok
22:35:59.0436 5460 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:35:59.0483 5460 BTHMODEM - ok
22:35:59.0535 5460 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:35:59.0591 5460 bthserv - ok
22:35:59.0647 5460 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:35:59.0683 5460 cdfs - ok
22:35:59.0725 5460 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:35:59.0755 5460 cdrom - ok
22:35:59.0813 5460 [ 7E83E47BD1FF93E11CD69F1AD65A9581 ] CeKbFilter C:\Windows\system32\DRIVERS\CeKbFilter.sys
22:35:59.0824 5460 CeKbFilter - ok
22:35:59.0897 5460 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:35:59.0958 5460 CertPropSvc - ok
22:36:00.0071 5460 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
22:36:00.0081 5460 cfWiMAXService - ok
22:36:00.0127 5460 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:36:00.0144 5460 circlass - ok
22:36:00.0186 5460 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:36:00.0202 5460 CLFS - ok
22:36:00.0270 5460 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:36:00.0281 5460 clr_optimization_v2.0.50727_32 - ok
22:36:00.0325 5460 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:36:00.0336 5460 clr_optimization_v2.0.50727_64 - ok
22:36:00.0388 5460 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:36:00.0414 5460 clr_optimization_v4.0.30319_32 - ok
22:36:00.0441 5460 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:36:00.0451 5460 clr_optimization_v4.0.30319_64 - ok
22:36:00.0478 5460 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:36:00.0515 5460 CmBatt - ok
22:36:00.0549 5460 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:36:00.0560 5460 cmdide - ok
22:36:00.0622 5460 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:36:00.0654 5460 CNG - ok
22:36:00.0699 5460 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:36:00.0710 5460 Compbatt - ok
22:36:00.0739 5460 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:36:00.0754 5460 CompositeBus - ok
22:36:00.0766 5460 COMSysApp - ok
22:36:00.0808 5460 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
22:36:00.0816 5460 ConfigFree Service - ok
22:36:00.0865 5460 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:36:00.0876 5460 crcdisk - ok
22:36:00.0918 5460 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:36:00.0932 5460 CryptSvc - ok
22:36:01.0071 5460 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:36:01.0093 5460 cvhsvc - ok
22:36:01.0162 5460 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:36:01.0210 5460 DcomLaunch - ok
22:36:01.0242 5460 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:36:01.0282 5460 defragsvc - ok
22:36:01.0337 5460 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:36:01.0393 5460 DfsC - ok
22:36:01.0451 5460 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:36:01.0506 5460 Dhcp - ok
22:36:01.0542 5460 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:36:01.0579 5460 discache - ok
22:36:01.0608 5460 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:36:01.0619 5460 Disk - ok
22:36:01.0642 5460 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:36:01.0672 5460 Dnscache - ok
22:36:01.0715 5460 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:36:01.0751 5460 dot3svc - ok
22:36:01.0771 5460 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:36:01.0804 5460 DPS - ok
22:36:01.0842 5460 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:36:01.0857 5460 drmkaud - ok
22:36:01.0903 5460 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:36:01.0933 5460 DXGKrnl - ok
22:36:01.0960 5460 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:36:01.0996 5460 EapHost - ok
22:36:02.0074 5460 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:36:02.0131 5460 ebdrv - ok
22:36:02.0178 5460 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:36:02.0203 5460 EFS - ok
22:36:02.0277 5460 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:36:02.0321 5460 ehRecvr - ok
22:36:02.0361 5460 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:36:02.0386 5460 ehSched - ok
22:36:02.0436 5460 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:36:02.0456 5460 elxstor - ok
22:36:02.0476 5460 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:36:02.0490 5460 ErrDev - ok
22:36:02.0540 5460 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:36:02.0580 5460 EventSystem - ok
22:36:02.0607 5460 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:36:02.0658 5460 exfat - ok
22:36:02.0678 5460 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:36:02.0714 5460 fastfat - ok
22:36:02.0780 5460 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:36:02.0836 5460 Fax - ok
22:36:02.0881 5460 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:36:02.0910 5460 fdc - ok
22:36:02.0945 5460 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:36:02.0981 5460 fdPHost - ok
22:36:02.0994 5460 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:36:03.0027 5460 FDResPub - ok
22:36:03.0050 5460 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:36:03.0060 5460 FileInfo - ok
22:36:03.0070 5460 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:36:03.0115 5460 Filetrace - ok
22:36:03.0157 5460 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:36:03.0169 5460 flpydisk - ok
22:36:03.0225 5460 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:36:03.0242 5460 FltMgr - ok
22:36:03.0288 5460 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:36:03.0335 5460 FontCache - ok
22:36:03.0398 5460 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:36:03.0407 5460 FontCache3.0.0.0 - ok
22:36:03.0429 5460 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:36:03.0441 5460 FsDepends - ok
22:36:03.0480 5460 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:36:03.0492 5460 Fs_Rec - ok
22:36:03.0539 5460 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:36:03.0556 5460 fvevol - ok
22:36:03.0592 5460 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:36:03.0603 5460 gagp30kx - ok
22:36:03.0667 5460 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:36:03.0676 5460 GEARAspiWDM - ok
22:36:03.0729 5460 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:36:03.0782 5460 gpsvc - ok
22:36:03.0820 5460 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:36:03.0863 5460 hcw85cir - ok
22:36:03.0898 5460 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:36:03.0918 5460 HdAudAddService - ok
22:36:03.0949 5460 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:36:03.0964 5460 HDAudBus - ok
22:36:04.0014 5460 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:36:04.0025 5460 HECIx64 - ok
22:36:04.0054 5460 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:36:04.0067 5460 HidBatt - ok
22:36:04.0088 5460 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:36:04.0108 5460 HidBth - ok
22:36:04.0132 5460 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:36:04.0146 5460 HidIr - ok
22:36:04.0169 5460 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:36:04.0224 5460 hidserv - ok
22:36:04.0270 5460 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:36:04.0282 5460 HidUsb - ok
22:36:04.0319 5460 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:36:04.0367 5460 hkmsvc - ok
22:36:04.0408 5460 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:36:04.0458 5460 HomeGroupListener - ok
22:36:04.0501 5460 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:36:04.0517 5460 HomeGroupProvider - ok
22:36:04.0552 5460 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:36:04.0564 5460 HpSAMD - ok
22:36:04.0617 5460 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:36:04.0662 5460 HTTP - ok
22:36:04.0694 5460 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:36:04.0704 5460 hwpolicy - ok
22:36:04.0740 5460 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:36:04.0754 5460 i8042prt - ok
22:36:04.0804 5460 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:36:04.0819 5460 iaStor - ok
22:36:04.0863 5460 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:36:04.0881 5460 iaStorV - ok
22:36:04.0942 5460 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:36:04.0965 5460 idsvc - ok
22:36:05.0004 5460 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:36:05.0014 5460 iirsp - ok
22:36:05.0060 5460 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:36:05.0105 5460 IKEEXT - ok
22:36:05.0161 5460 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
22:36:05.0175 5460 Impcd - ok
22:36:05.0252 5460 [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:36:05.0302 5460 IntcAzAudAddService - ok
22:36:05.0344 5460 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:36:05.0355 5460 intelide - ok
22:36:05.0385 5460 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:36:05.0398 5460 intelppm - ok
22:36:05.0424 5460 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:36:05.0460 5460 IPBusEnum - ok
22:36:05.0491 5460 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:36:05.0546 5460 IpFilterDriver - ok
22:36:05.0587 5460 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:36:05.0629 5460 iphlpsvc - ok
22:36:05.0658 5460 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:36:05.0682 5460 IPMIDRV - ok
22:36:05.0704 5460 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:36:05.0740 5460 IPNAT - ok
22:36:05.0813 5460 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:36:05.0833 5460 iPod Service - ok
22:36:05.0861 5460 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:36:05.0894 5460 IRENUM - ok
22:36:05.0934 5460 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:36:05.0944 5460 isapnp - ok
22:36:05.0969 5460 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:36:05.0986 5460 iScsiPrt - ok
22:36:06.0019 5460 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:36:06.0031 5460 kbdclass - ok
22:36:06.0041 5460 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:36:06.0053 5460 kbdhid - ok
22:36:06.0067 5460 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:36:06.0080 5460 KeyIso - ok
22:36:06.0112 5460 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:36:06.0124 5460 KSecDD - ok
22:36:06.0138 5460 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:36:06.0150 5460 KSecPkg - ok
22:36:06.0181 5460 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:36:06.0225 5460 ksthunk - ok
22:36:06.0246 5460 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:36:06.0284 5460 KtmRm - ok
22:36:06.0351 5460 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:36:06.0388 5460 LanmanServer - ok
22:36:06.0446 5460 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:36:06.0483 5460 LanmanWorkstation - ok
22:36:06.0513 5460 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:36:06.0558 5460 lltdio - ok
22:36:06.0592 5460 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:36:06.0644 5460 lltdsvc - ok
22:36:06.0654 5460 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:36:06.0688 5460 lmhosts - ok
22:36:06.0782 5460 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:36:06.0796 5460 LMS - ok
22:36:06.0831 5460 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
22:36:06.0841 5460 LPCFilter - ok
22:36:06.0871 5460 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:36:06.0884 5460 LSI_FC - ok
22:36:06.0900 5460 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:36:06.0911 5460 LSI_SAS - ok
22:36:06.0925 5460 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:36:06.0936 5460 LSI_SAS2 - ok
22:36:06.0955 5460 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:36:06.0967 5460 LSI_SCSI - ok
22:36:06.0987 5460 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:36:07.0024 5460 luafv - ok
22:36:07.0074 5460 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:36:07.0087 5460 MBAMProtector - ok
22:36:07.0166 5460 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:36:07.0186 5460 MBAMScheduler - ok
22:36:07.0222 5460 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:36:07.0241 5460 MBAMService - ok
22:36:07.0290 5460 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:36:07.0305 5460 Mcx2Svc - ok
22:36:07.0318 5460 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:36:07.0329 5460 megasas - ok
22:36:07.0357 5460 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:36:07.0371 5460 MegaSR - ok
22:36:07.0403 5460 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:36:07.0438 5460 MMCSS - ok
22:36:07.0447 5460 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:36:07.0482 5460 Modem - ok
22:36:07.0499 5460 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:36:07.0531 5460 monitor - ok
22:36:07.0565 5460 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:36:07.0576 5460 mouclass - ok
22:36:07.0608 5460 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:36:07.0621 5460 mouhid - ok
22:36:07.0652 5460 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:36:07.0664 5460 mountmgr - ok
22:36:07.0731 5460 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:36:07.0743 5460 MozillaMaintenance - ok
22:36:07.0764 5460 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:36:07.0776 5460 mpio - ok
22:36:07.0795 5460 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:36:07.0845 5460 mpsdrv - ok
22:36:07.0888 5460 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:36:07.0949 5460 MpsSvc - ok
22:36:07.0986 5460 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:36:08.0004 5460 MRxDAV - ok
22:36:08.0039 5460 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:36:08.0064 5460 mrxsmb - ok
22:36:08.0097 5460 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:36:08.0114 5460 mrxsmb10 - ok
22:36:08.0126 5460 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:36:08.0140 5460 mrxsmb20 - ok
22:36:08.0165 5460 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:36:08.0176 5460 msahci - ok
22:36:08.0196 5460 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:36:08.0208 5460 msdsm - ok
22:36:08.0234 5460 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:36:08.0249 5460 MSDTC - ok
22:36:08.0271 5460 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:36:08.0306 5460 Msfs - ok
22:36:08.0330 5460 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:36:08.0376 5460 mshidkmdf - ok
22:36:08.0393 5460 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:36:08.0401 5460 msisadrv - ok
22:36:08.0433 5460 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:36:08.0489 5460 MSiSCSI - ok
22:36:08.0492 5460 msiserver - ok
22:36:08.0536 5460 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:36:08.0572 5460 MSKSSRV - ok
22:36:08.0588 5460 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:36:08.0643 5460 MSPCLOCK - ok
22:36:08.0667 5460 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:36:08.0701 5460 MSPQM - ok
22:36:08.0740 5460 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:36:08.0759 5460 MsRPC - ok
22:36:08.0784 5460 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:36:08.0794 5460 mssmbios - ok
22:36:08.0833 5460 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:36:08.0869 5460 MSTEE - ok
22:36:08.0886 5460 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:36:08.0904 5460 MTConfig - ok
22:36:08.0919 5460 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:36:08.0929 5460 Mup - ok
22:36:08.0968 5460 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:36:09.0031 5460 napagent - ok
22:36:09.0082 5460 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:36:09.0112 5460 NativeWifiP - ok
22:36:09.0204 5460 [ 2A66DD37F5A44CD4548FA89E4088FD01 ] NAUpdate c:\Program Files (x86)\Nero\Update\NASvc.exe
22:36:09.0220 5460 NAUpdate - ok
22:36:09.0278 5460 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:36:09.0304 5460 NDIS - ok
22:36:09.0326 5460 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:36:09.0377 5460 NdisCap - ok
22:36:09.0414 5460 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:36:09.0456 5460 NdisTapi - ok
22:36:09.0501 5460 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:36:09.0536 5460 Ndisuio - ok
22:36:09.0574 5460 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:36:09.0609 5460 NdisWan - ok
22:36:09.0650 5460 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:36:09.0694 5460 NDProxy - ok
22:36:09.0733 5460 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:36:09.0778 5460 NetBIOS - ok
22:36:09.0824 5460 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:36:09.0861 5460 NetBT - ok
22:36:09.0879 5460 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:36:09.0892 5460 Netlogon - ok
22:36:09.0930 5460 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:36:09.0985 5460 Netman - ok
22:36:10.0008 5460 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:36:10.0062 5460 netprofm - ok
22:36:10.0085 5460 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:36:10.0094 5460 NetTcpPortSharing - ok
22:36:10.0138 5460 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:36:10.0150 5460 nfrd960 - ok
22:36:10.0205 5460 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:36:10.0264 5460 NlaSvc - ok
22:36:10.0287 5460 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:36:10.0322 5460 Npfs - ok
22:36:10.0346 5460 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:36:10.0388 5460 nsi - ok
22:36:10.0400 5460 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:36:10.0436 5460 nsiproxy - ok
22:36:10.0494 5460 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:36:10.0530 5460 Ntfs - ok
22:36:10.0550 5460 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:36:10.0597 5460 Null - ok
22:36:10.0645 5460 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:36:10.0659 5460 nvraid - ok
22:36:10.0685 5460 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:36:10.0697 5460 nvstor - ok
22:36:10.0730 5460 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:36:10.0742 5460 nv_agp - ok
22:36:10.0764 5460 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:36:10.0776 5460 ohci1394 - ok
22:36:10.0801 5460 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:36:10.0811 5460 ose - ok
22:36:10.0927 5460 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:36:11.0005 5460 osppsvc - ok
22:36:11.0035 5460 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:36:11.0082 5460 p2pimsvc - ok
22:36:11.0105 5460 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:36:11.0123 5460 p2psvc - ok
22:36:11.0150 5460 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:36:11.0164 5460 Parport - ok
22:36:11.0190 5460 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:36:11.0202 5460 partmgr - ok
22:36:11.0288 5460 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:36:11.0307 5460 PcaSvc - ok
22:36:11.0349 5460 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:36:11.0362 5460 pci - ok
22:36:11.0419 5460 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:36:11.0430 5460 pciide - ok
22:36:11.0461 5460 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:36:11.0476 5460 pcmcia - ok
22:36:11.0492 5460 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:36:11.0502 5460 pcw - ok
22:36:11.0527 5460 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:36:11.0584 5460 PEAUTH - ok
22:36:11.0650 5460 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:36:11.0664 5460 PerfHost - ok
22:36:11.0708 5460 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
22:36:11.0718 5460 PGEffect - ok
22:36:11.0772 5460 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:36:11.0826 5460 pla - ok
22:36:11.0877 5460 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:36:11.0903 5460 PlugPlay - ok
22:36:11.0931 5460 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:36:11.0945 5460 PNRPAutoReg - ok
22:36:11.0968 5460 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:36:11.0985 5460 PNRPsvc - ok
22:36:12.0024 5460 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
22:36:12.0034 5460 Point64 - ok
22:36:12.0078 5460 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:36:12.0132 5460 PolicyAgent - ok
22:36:12.0163 5460 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:36:12.0216 5460 Power - ok
22:36:12.0257 5460 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:36:12.0293 5460 PptpMiniport - ok
22:36:12.0309 5460 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:36:12.0333 5460 Processor - ok
22:36:12.0374 5460 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:36:12.0404 5460 ProfSvc - ok
22:36:12.0413 5460 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:36:12.0425 5460 ProtectedStorage - ok
22:36:12.0467 5460 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:36:12.0515 5460 Psched - ok
22:36:12.0567 5460 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:36:12.0604 5460 ql2300 - ok
22:36:12.0639 5460 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:36:12.0652 5460 ql40xx - ok
22:36:12.0682 5460 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:36:12.0702 5460 QWAVE - ok
22:36:12.0715 5460 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:36:12.0751 5460 QWAVEdrv - ok
22:36:12.0765 5460 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:36:12.0800 5460 RasAcd - ok
22:36:12.0829 5460 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:36:12.0864 5460 RasAgileVpn - ok
22:36:12.0888 5460 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:36:12.0939 5460 RasAuto - ok
22:36:12.0980 5460 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:36:13.0014 5460 Rasl2tp - ok
22:36:13.0060 5460 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:36:13.0112 5460 RasMan - ok
22:36:13.0146 5460 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:36:13.0183 5460 RasPppoe - ok
22:36:13.0201 5460 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:36:13.0252 5460 RasSstp - ok
22:36:13.0291 5460 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:36:13.0327 5460 rdbss - ok
22:36:13.0358 5460 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:36:13.0371 5460 rdpbus - ok
22:36:13.0395 5460 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:36:13.0430 5460 RDPCDD - ok
22:36:13.0439 5460 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:36:13.0483 5460 RDPENCDD - ok
22:36:13.0502 5460 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:36:13.0533 5460 RDPREFMP - ok
22:36:13.0561 5460 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:36:13.0615 5460 RDPWD - ok
22:36:13.0663 5460 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:36:13.0676 5460 rdyboost - ok
22:36:13.0699 5460 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:36:13.0736 5460 RemoteAccess - ok
22:36:13.0768 5460 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:36:13.0818 5460 RemoteRegistry - ok
22:36:13.0830 5460 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:36:13.0864 5460 RpcEptMapper - ok
22:36:13.0890 5460 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:36:13.0904 5460 RpcLocator - ok
22:36:13.0942 5460 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:36:13.0982 5460 RpcSs - ok
22:36:14.0017 5460 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:36:14.0062 5460 rspndr - ok
22:36:14.0104 5460 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
22:36:14.0119 5460 RSUSBSTOR - ok
22:36:14.0167 5460 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
22:36:14.0180 5460 RTHDMIAzAudService - ok
22:36:14.0212 5460 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:36:14.0227 5460 RTL8167 - ok
22:36:14.0235 5460 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:36:14.0247 5460 SamSs - ok
22:36:14.0273 5460 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:36:14.0284 5460 sbp2port - ok
22:36:14.0313 5460 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:36:14.0367 5460 SCardSvr - ok
22:36:14.0409 5460 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:36:14.0444 5460 scfilter - ok
22:36:14.0489 5460 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:36:14.0537 5460 Schedule - ok
22:36:14.0577 5460 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:36:14.0614 5460 SCPolicySvc - ok
22:36:14.0632 5460 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:36:14.0702 5460 SDRSVC - ok
22:36:14.0744 5460 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:36:14.0779 5460 secdrv - ok
22:36:14.0809 5460 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:36:14.0843 5460 seclogon - ok
22:36:14.0873 5460 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:36:14.0909 5460 SENS - ok
22:36:14.0923 5460 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:36:14.0965 5460 SensrSvc - ok
22:36:14.0984 5460 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:36:14.0997 5460 Serenum - ok
22:36:15.0029 5460 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:36:15.0043 5460 Serial - ok
22:36:15.0078 5460 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:36:15.0091 5460 sermouse - ok
22:36:15.0135 5460 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:36:15.0189 5460 SessionEnv - ok
22:36:15.0211 5460 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:36:15.0248 5460 sffdisk - ok
22:36:15.0257 5460 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:36:15.0268 5460 sffp_mmc - ok
22:36:15.0271 5460 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:36:15.0285 5460 sffp_sd - ok
22:36:15.0325 5460 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:36:15.0337 5460 sfloppy - ok
22:36:15.0374 5460 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:36:15.0395 5460 Sftfs - ok
22:36:15.0454 5460 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:36:15.0471 5460 sftlist - ok
22:36:15.0516 5460 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:36:15.0529 5460 Sftplay - ok
22:36:15.0539 5460 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:36:15.0548 5460 Sftredir - ok
22:36:15.0575 5460 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:36:15.0582 5460 Sftvol - ok
22:36:15.0594 5460 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:36:15.0604 5460 sftvsa - ok
22:36:15.0645 5460 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:36:15.0684 5460 SharedAccess - ok
22:36:15.0729 5460 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:36:15.0764 5460 ShellHWDetection - ok
22:36:15.0787 5460 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:36:15.0798 5460 SiSRaid2 - ok
22:36:15.0810 5460 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:36:15.0821 5460 SiSRaid4 - ok
22:36:15.0845 5460 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:36:15.0896 5460 Smb - ok
22:36:15.0948 5460 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:36:15.0962 5460 SNMPTRAP - ok
22:36:15.0996 5460 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:36:16.0006 5460 spldr - ok
22:36:16.0047 5460 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:36:16.0068 5460 Spooler - ok
22:36:16.0159 5460 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:36:16.0237 5460 sppsvc - ok
22:36:16.0267 5460 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:36:16.0301 5460 sppuinotify - ok
22:36:16.0339 5460 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:36:16.0356 5460 srv - ok
22:36:16.0378 5460 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:36:16.0406 5460 srv2 - ok
22:36:16.0424 5460 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:36:16.0447 5460 srvnet - ok
22:36:16.0492 5460 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:36:16.0546 5460 SSDPSRV - ok
22:36:16.0562 5460 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:36:16.0610 5460 SstpSvc - ok
22:36:16.0631 5460 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:36:16.0641 5460 stexstor - ok
22:36:16.0692 5460 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:36:16.0719 5460 stisvc - ok
22:36:16.0745 5460 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:36:16.0756 5460 swenum - ok
22:36:16.0785 5460 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:36:16.0828 5460 swprv - ok
22:36:16.0832 5460 sxuptp - ok
22:36:16.0876 5460 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:36:16.0892 5460 SynTP - ok
22:36:16.0964 5460 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:36:17.0012 5460 SysMain - ok
22:36:17.0049 5460 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:36:17.0085 5460 TabletInputService - ok
22:36:17.0100 5460 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:36:17.0152 5460 TapiSrv - ok
22:36:17.0175 5460 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:36:17.0220 5460 TBS - ok
22:36:17.0300 5460 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:36:17.0344 5460 Tcpip - ok
22:36:17.0373 5460 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:36:17.0407 5460 TCPIP6 - ok
22:36:17.0448 5460 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:36:17.0498 5460 tcpipreg - ok
22:36:17.0548 5460 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:36:17.0556 5460 tdcmdpst - ok
22:36:17.0578 5460 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:36:17.0607 5460 TDPIPE - ok
22:36:17.0642 5460 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:36:17.0667 5460 TDTCP - ok
22:36:17.0715 5460 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:36:17.0751 5460 tdx - ok
22:36:17.0814 5460 [ 40E154B3125E17CE6F2AFAD57AFCFEB2 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
22:36:17.0823 5460 TemproMonitoringService - ok
22:36:17.0847 5460 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:36:17.0859 5460 TermDD - ok
22:36:17.0909 5460 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:36:17.0953 5460 TermService - ok
22:36:17.0974 5460 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:36:17.0999 5460 Themes - ok
22:36:18.0016 5460 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:36:18.0051 5460 THREADORDER - ok
22:36:18.0132 5460 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:36:18.0140 5460 TMachInfo - ok
22:36:18.0177 5460 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
22:36:18.0188 5460 TODDSrv - ok
22:36:18.0266 5460 [ DB9719688C08F42705FEB3F6A0C98B91 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:36:18.0279 5460 TosCoSrv - ok
22:36:18.0364 5460 [ 895F6972480306CB2A2A246991E34C68 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
22:36:18.0376 5460 TOSHIBA Bluetooth Service - ok
22:36:18.0464 5460 [ 2AB7A4697462EDB0C9DFAFC529746BA9 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:36:18.0478 5460 TOSHIBA eco Utility Service - ok
22:36:18.0521 5460 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:36:18.0530 5460 TOSHIBA HDD SSD Alert Service - ok
22:36:18.0557 5460 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
22:36:18.0565 5460 tosporte - ok
22:36:18.0586 5460 [ 1B09357180034639E62CF745E77AC66E ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
22:36:18.0598 5460 tosrfbd - ok
22:36:18.0612 5460 [ 62512B5277D88600F8BD4B7AEC43569D ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
22:36:18.0620 5460 tosrfbnp - ok
22:36:18.0633 5460 [ C523A9186C39D65CC9ADEBB2E1B93CCD ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
22:36:18.0641 5460 Tosrfcom - ok
22:36:18.0679 5460 [ 11699D47B3491D86249C168496D55C92 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
22:36:18.0687 5460 tosrfec - ok
22:36:18.0712 5460 [ 451B8C1815C6CC39650AF916C2A382CD ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
22:36:18.0719 5460 Tosrfhid - ok
22:36:18.0750 5460 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
22:36:18.0757 5460 tosrfnds - ok
22:36:18.0764 5460 [ E1E045240C1184FA6628F3C7E7FF85D8 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
22:36:18.0772 5460 TosRfSnd - ok
22:36:18.0811 5460 [ DE44A2A2459D0504F146E599F4BD2074 ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
22:36:18.0819 5460 Tosrfusb - ok
22:36:18.0879 5460 [ 97687D094AA597DA366E1194B218CC6C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
22:36:18.0898 5460 TPCHSrv - ok
22:36:18.0921 5460 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:36:18.0958 5460 TrkWks - ok
22:36:19.0019 5460 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:36:19.0070 5460 TrustedInstaller - ok
22:36:19.0106 5460 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:36:19.0143 5460 tssecsrv - ok
22:36:19.0206 5460 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:36:19.0248 5460 TsUsbFlt - ok
22:36:19.0283 5460 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:36:19.0321 5460 tunnel - ok
22:36:19.0385 5460 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:36:19.0395 5460 TVALZ - ok
22:36:19.0441 5460 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
22:36:19.0450 5460 TVALZFL - ok
22:36:19.0472 5460 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:36:19.0484 5460 uagp35 - ok
22:36:19.0526 5460 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:36:19.0574 5460 udfs - ok
22:36:19.0642 5460 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:36:19.0662 5460 UI0Detect - ok
22:36:19.0696 5460 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:36:19.0706 5460 uliagpkx - ok
22:36:19.0733 5460 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:36:19.0747 5460 umbus - ok
22:36:19.0773 5460 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:36:19.0786 5460 UmPass - ok
22:36:19.0918 5460 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:36:19.0958 5460 UNS - ok
22:36:19.0993 5460 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:36:20.0034 5460 upnphost - ok
22:36:20.0084 5460 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:36:20.0118 5460 USBAAPL64 - ok
22:36:20.0171 5460 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:36:20.0199 5460 usbccgp - ok
22:36:20.0236 5460 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:36:20.0251 5460 usbcir - ok
22:36:20.0304 5460 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:36:20.0325 5460 usbehci - ok
22:36:20.0348 5460 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:36:20.0366 5460 usbhub - ok
22:36:20.0386 5460 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:36:20.0413 5460 usbohci - ok
22:36:20.0441 5460 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:36:20.0465 5460 usbprint - ok
22:36:20.0492 5460 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:36:20.0529 5460 USBSTOR - ok
22:36:20.0559 5460 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:36:20.0573 5460 usbuhci - ok
22:36:20.0610 5460 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:36:20.0640 5460 usbvideo - ok
22:36:20.0670 5460 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:36:20.0720 5460 UxSms - ok
22:36:20.0736 5460 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:36:20.0746 5460 VaultSvc - ok
22:36:20.0777 5460 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:36:20.0787 5460 vdrvroot - ok
22:36:20.0830 5460 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:36:20.0879 5460 vds - ok
22:36:20.0901 5460 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:36:20.0916 5460 vga - ok
22:36:20.0931 5460 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:36:20.0966 5460 VgaSave - ok
22:36:20.0991 5460 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:36:21.0005 5460 vhdmp - ok
22:36:21.0042 5460 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:36:21.0052 5460 viaide - ok
22:36:21.0084 5460 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:36:21.0094 5460 volmgr - ok
22:36:21.0144 5460 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:36:21.0163 5460 volmgrx - ok
22:36:21.0192 5460 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:36:21.0209 5460 volsnap - ok
22:36:21.0236 5460 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:36:21.0250 5460 vsmraid - ok
22:36:21.0303 5460 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:36:21.0360 5460 VSS - ok
22:36:21.0378 5460 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:36:21.0391 5460 vwifibus - ok
22:36:21.0399 5460 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:36:21.0427 5460 vwififlt - ok
22:36:21.0465 5460 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:36:21.0494 5460 vwifimp - ok
22:36:21.0527 5460 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:36:21.0567 5460 W32Time - ok
22:36:21.0581 5460 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:36:21.0606 5460 WacomPen - ok
22:36:21.0659 5460 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:36:21.0694 5460 WANARP - ok
22:36:21.0697 5460 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:36:21.0731 5460 Wanarpv6 - ok
22:36:21.0792 5460 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:36:21.0835 5460 wbengine - ok
22:36:21.0853 5460 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:36:21.0873 5460 WbioSrvc - ok
22:36:21.0917 5460 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:36:21.0940 5460 wcncsvc - ok
22:36:21.0955 5460 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:36:21.0997 5460 WcsPlugInService - ok
22:36:22.0032 5460 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:36:22.0043 5460 Wd - ok
22:36:22.0071 5460 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:36:22.0092 5460 Wdf01000 - ok
22:36:22.0113 5460 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:36:22.0179 5460 WdiServiceHost - ok
22:36:22.0182 5460 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:36:22.0200 5460 WdiSystemHost - ok
22:36:22.0240 5460 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:36:22.0275 5460 WebClient - ok
22:36:22.0304 5460 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:36:22.0365 5460 Wecsvc - ok
22:36:22.0389 5460 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:36:22.0441 5460 wercplsupport - ok
22:36:22.0488 5460 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:36:22.0524 5460 WerSvc - ok
22:36:22.0556 5460 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:36:22.0593 5460 WfpLwf - ok
22:36:22.0612 5460 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:36:22.0621 5460 WIMMount - ok
22:36:22.0631 5460 WinDefend - ok
22:36:22.0635 5460 WinHttpAutoProxySvc - ok
22:36:22.0688 5460 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:36:22.0725 5460 Winmgmt - ok
22:36:22.0796 5460 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:36:22.0859 5460 WinRM - ok
22:36:22.0915 5460 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:36:22.0930 5460 WinUsb - ok
22:36:22.0973 5460 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:36:23.0013 5460 Wlansvc - ok
22:36:23.0075 5460 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:36:23.0084 5460 wlcrasvc - ok
22:36:23.0182 5460 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:36:23.0230 5460 wlidsvc - ok
22:36:23.0258 5460 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:36:23.0280 5460 WmiAcpi - ok
22:36:23.0309 5460 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:36:23.0324 5460 wmiApSrv - ok
22:36:23.0352 5460 WMPNetworkSvc - ok
22:36:23.0387 5460 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:36:23.0411 5460 WPCSvc - ok
22:36:23.0456 5460 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:36:23.0473 5460 WPDBusEnum - ok
22:36:23.0489 5460 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:36:23.0537 5460 ws2ifsl - ok
22:36:23.0557 5460 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:36:23.0583 5460 wscsvc - ok
22:36:23.0586 5460 WSearch - ok
22:36:23.0666 5460 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:36:23.0719 5460 wuauserv - ok
22:36:23.0733 5460 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:36:23.0782 5460 WudfPf - ok
22:36:23.0834 5460 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:36:23.0870 5460 WUDFRd - ok
22:36:23.0912 5460 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:36:23.0947 5460 wudfsvc - ok
22:36:23.0973 5460 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:36:23.0991 5460 WwanSvc - ok
22:36:24.0025 5460 ================ Scan global ===============================
22:36:24.0052 5460 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:36:24.0073 5460 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:36:24.0079 5460 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:36:24.0096 5460 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:36:24.0122 5460 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:36:24.0126 5460 [Global] - ok
22:36:24.0126 5460 ================ Scan MBR ==================================
22:36:24.0136 5460 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:36:25.0236 5460 \Device\Harddisk0\DR0 - ok
22:36:25.0236 5460 ================ Scan VBR ==================================
22:36:25.0269 5460 [ F25AC98FEBBD57BDFC97B9EAC2DF4B5F ] \Device\Harddisk0\DR0\Partition1
22:36:25.0270 5460 \Device\Harddisk0\DR0\Partition1 - ok
22:36:25.0287 5460 [ B352EE4A9AEF151E26D6E63B9FAE5A9A ] \Device\Harddisk0\DR0\Partition2
22:36:25.0289 5460 \Device\Harddisk0\DR0\Partition2 - ok
22:36:25.0289 5460 ============================================================
22:36:25.0289 5460 Scan finished
22:36:25.0289 5460 ============================================================
22:36:25.0298 5212 Detected object count: 0
22:36:25.0298 5212 Actual detected object count: 0
|
|
01.11.2012, 14:24
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ASK Toolbar, bzw. Umleitung von google auf ASK Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3381630921-447404086-930336115-1001\..\SearchScopes\{68664B4D-3805-4C72-8481-0FB5F4662815}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-3381630921-447404086-930336115-1001\..\SearchScopes\{B7BC5EA5-3350-41FA-8457-36D72FCCA5EF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=^FV&apn_dtid=^YYYYYY^YY^NL&apn_uid=4a12157a-b8c7-41f5-bf5a-e1a44f7cbc45&apn_sauid=CBCE33E1-46C5-4AC2-B0D3-926B2FA8C038
[2012.07.28 07:50:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Syzyki
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.11.2012, 12:06
| #13 |
| | ASK Toolbar, bzw. Umleitung von google auf ASK So, habs so gemacht wie angewiesen: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3381630921-447404086-930336115-1001\Software\Microsoft\Internet Explorer\SearchScopes\{68664B4D-3805-4C72-8481-0FB5F4662815}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68664B4D-3805-4C72-8481-0FB5F4662815}\ not found.
Registry key HKEY_USERS\S-1-5-21-3381630921-447404086-930336115-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B7BC5EA5-3350-41FA-8457-36D72FCCA5EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7BC5EA5-3350-41FA-8457-36D72FCCA5EF}\ not found.
C:\Users\XXX\AppData\Roaming\Syzyki folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: XXX
->Temp folder emptied: 87352016 bytes
->Temporary Internet Files folder emptied: 106704357 bytes
->Java cache emptied: 10337427 bytes
->FireFox cache emptied: 753134022 bytes
->Flash cache emptied: 60918 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3844 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 913,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 11032012_115901
Files\Folders moved on Reboot...
C:\Users\XXX\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 |
|
03.11.2012, 17:03
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ASK Toolbar, bzw. Umleitung von google auf ASK Waren nur noch die letzten Reste, die gefixt werden mussten. Wir müssten hier fast durch sein, ich würde dann nur nochmal vorschlagen den aktuellen adwCleaner laufen zu lassen und dann abschließend Kontrollscans. adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.11.2012, 18:43
| #15 |
| | ASK Toolbar, bzw. Umleitung von google auf ASK Hey, das hört sich ja schonmal super an!  Hier das Log: Code:
ATTFilter # AdwCleaner v2.006 - Datei am 04/11/2012 um 18:41:10 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : XXX - XXX-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\XXX\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\XXX\Desktop\Ask
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ei2avujm.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1313 octets] - [20/10/2012 10:32:37]
AdwCleaner[S1].txt - [1510 octets] - [20/10/2012 16:12:23]
AdwCleaner[R2].txt - [993 octets] - [20/10/2012 21:26:28]
AdwCleaner[S2].txt - [1054 octets] - [20/10/2012 21:27:03]
AdwCleaner[R3].txt - [1162 octets] - [25/10/2012 16:09:06]
AdwCleaner[R4].txt - [1220 octets] - [25/10/2012 16:14:18]
AdwCleaner[R5].txt - [1209 octets] - [04/11/2012 18:41:10]
########## EOF - C:\AdwCleaner[R5].txt - [1269 octets] ##########
|
|
| Themen zu ASK Toolbar, bzw. Umleitung von google auf ASK |
| anleitung, ask toolbar umleitung google, ask-toolbar, ausreichend, beste grüße, deaktivieren, deinstallation, direkt, diverse, firefox startseite, freeware, freundlich, gen, google, infiziert, kleine, logdateien, neu, neue, neuen, problem, recht, rechts, regeln, startseite, suche, suchergebnisse, suchmaschine, trotz, umleitung |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
