Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner Schweiz Polizei Cyber Crime Investigation

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.12.2012, 11:49   #1
cha145106
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



Hallo zusammen, Ich habe auf einem Konto auf diesem Laptop den Polizei-Trojaner. Anti Malewarebyte habe ich schon gemacht, bei Quick-scan wird nichts gefunden, bei vollständigem Scan wird nach ca 10 min. blockiert und es erscheint ein blauer Bildschirm mit error-Meldung. Ich kann via anderen Kontos noch zugreifen. Hoffentlich weiss jemand Rat. Soll ich das infizierte Konto einfach entfernen? Wäre das eine Lösung?
Vielen Dank im Voraus
Liebe Grüsse

Geändert von cha145106 (06.12.2012 um 11:57 Uhr)

Alt 06.12.2012, 15:04   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Mach bitte für den Anfang erstmal einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 09.12.2012, 21:51   #3
cha145106
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



Hallo cosinus,
ich hatte noch Zonealarm drauf, nach deinstallieren ging der vollständige Scan mit Malware, aber ohne Befund. Habe jetzt OTL gescannt, unten der Report. ich hoffe alles richtig.
Mit freundlichen Grüssen





[code]msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.12.2012 21:12:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\sylvia\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 6.56 Gb Available Physical Memory | 82.26% Memory free
15.95 Gb Paging File | 13.64 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.91 Gb Total Space | 352.61 Gb Free Space | 78.55% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 465.66 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-TOSH | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.09 21:08:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sylvia\Downloads\OTL.exe
PRC - [2012.09.12 12:17:12 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012.07.02 16:12:42 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
PRC - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
PRC - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.05.06 18:06:08 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.03.11 22:14:58 | 000,030,064 | ---- | M] () -- c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
PRC - [2011.03.10 18:20:00 | 000,701,856 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2011.02.01 21:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 21:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.14 10:55:14 | 000,572,712 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.12.03 22:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010.08.16 18:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010.06.05 00:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
PRC - [2010.05.21 00:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010.03.11 22:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.07.29 04:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.03.11 02:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.28 09:06:06 | 000,594,432 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012.05.24 10:50:32 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011.07.07 13:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2010.01.11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.10 16:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2012.06.25 14:07:34 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2012.06.22 06:38:04 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012.06.22 06:34:52 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012.06.22 06:33:12 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.04.20 19:45:38 | 000,480,256 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011.04.07 21:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011.04.06 03:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010.12.25 04:14:38 | 000,526,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010.12.08 23:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010.10.20 22:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.10.16 13:05:20 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012.04.05 11:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.06 18:06:08 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.11 22:14:58 | 000,030,064 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe -- (UDSS)
SRV - [2011.02.10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011.02.01 21:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 21:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.14 10:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.11.29 22:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.05.21 00:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010.04.13 19:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010.04.12 18:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 22:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.29 00:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.11 02:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.14 15:26:40 | 000,073,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
DRV:64bit: - [2012.07.14 19:14:03 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.07.14 19:14:03 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.06.22 06:40:58 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012.06.22 06:38:16 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012.06.22 06:36:54 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012.06.22 06:36:12 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012.06.22 06:35:02 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012.06.22 06:34:22 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012.06.22 06:34:00 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.04.20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.08 16:59:28 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011.06.02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.06.02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.06.02 06:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011.06.02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.05.03 01:45:04 | 000,175,192 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011.04.26 04:51:04 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011.03.28 06:54:02 | 000,122,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 22:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 22:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.02.09 03:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011.02.04 03:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.02.01 20:13:38 | 000,173,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.01.27 23:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011.01.14 03:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.13 01:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.18 03:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.18 22:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.06.19 00:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010.04.13 19:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2010.03.22 18:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.31 04:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 23:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.30 00:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009.06.29 18:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009.06.20 03:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.04.17 19:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2012.03.29 15:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F5E0CF88-2570-4249-8425-E385FA3B96A5}
IE:64bit: - HKLM\..\SearchScopes\{F5E0CF88-2570-4249-8425-E385FA3B96A5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {F5E0CF88-2570-4249-8425-E385FA3B96A5}
IE - HKLM\..\SearchScopes\{F5E0CF88-2570-4249-8425-E385FA3B96A5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN115838898822794-1452&toolbarId=base&affiliateId=1452&Lan=en&utid=fc5dbb9a000000000000b870f4d17a92
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\..\SearchScopes,DefaultScope = {8CF0F2BF-F150-46C9-BAB9-A432ACCFA719}
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\..\SearchScopes\{1ED402DB-31AE-4117-81C9-BF7878C8A9E3}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\..\SearchScopes\{8CF0F2BF-F150-46C9-BAB9-A432ACCFA719}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN115838898822794-1452&toolbarId=base&affiliateId=1452&Lan=en&utid=fc5dbb9a000000000000b870f4d17a92&q={searchTerms}&r=97
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\..\SearchScopes\{A636BBC9-8612-4B18-A835-8AFD5834C33C}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\..\SearchScopes\{E9012A50-4619-4C1B-990E-3EDFFE370669}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\..\SearchScopes,DefaultScope = {F2178C88-EB91-4546-A958-5ACBFF9C0DD8}
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\..\SearchScopes\{765C2963-6DED-4D5D-AD9E-EF8D4C83C518}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\..\SearchScopes\{CC9E252D-D9F4-4C34-BA87-6A373FA224AD}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\..\SearchScopes\{F2178C88-EB91-4546-A958-5ACBFF9C0DD8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.11.07 11:30:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.10.22 20:15:41 | 000,000,000 | ---D | M]
 
[2012.12.05 14:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r  /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" File not found
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003..\Run: [] C:\Users\sylvia\AppData\Local\Temp\bejwbkqnzillsoeewxtgdspx.exe File not found
O4 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\www\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1957645914-3698406036-2859641716-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3458DD22-42AA-417D-B56B-93ED965CC8C5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3e069da0-9f59-11e1-b0ac-b870f4d17a92}\Shell - "" = AutoRun
O33 - MountPoints2\{3e069da0-9f59-11e1-b0ac-b870f4d17a92}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{10704284-6773-4685-AF3B-A250CC8DF260} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - c:\PROGRA~2\COMMON~1\ULEADS~1\Vio\Dvacm.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.06 11:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.06 11:28:41 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.12.06 11:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.05 14:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Point Software Technologies LTD
[2012.12.05 14:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.05 14:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012.11.29 19:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Klett
[2012.11.29 19:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klett
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.09 21:04:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.12.09 20:56:56 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012.12.09 20:53:35 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 20:53:35 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 20:46:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.09 20:46:04 | 2129,149,951 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.06 11:36:19 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.06 11:03:02 | 000,002,279 | ---- | M] () -- C:\Users\Christian\Desktop\Resume ZoneAlarm Security Install.lnk
[2012.12.06 11:00:49 | 884,342,588 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012.12.05 14:07:51 | 000,000,126 | ---- | M] () -- C:\user.js
[2012.11.29 19:33:38 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Blitzrechnen.lnk
[2012.11.18 22:09:52 | 000,300,952 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.06 11:28:46 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.06 11:03:02 | 000,002,279 | ---- | C] () -- C:\Users\Christian\Desktop\Resume ZoneAlarm Security Install.lnk
[2012.12.05 14:07:51 | 000,000,126 | ---- | C] () -- C:\user.js
[2012.11.29 19:33:38 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Blitzrechnen.lnk
[2012.11.18 21:50:50 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.18 21:46:10 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.06.26 15:02:40 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012.06.26 15:02:38 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2012.06.26 15:02:38 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2012.06.26 15:02:38 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2012.06.26 15:02:38 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2012.06.12 18:42:42 | 000,005,510 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.05.16 14:25:58 | 000,000,680 | RHS- | C] () -- C:\Users\Christian\ntuser.pol
[2011.09.08 17:37:02 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011.02.04 03:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.23 16:42:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2012.06.01 18:57:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.01 18:58:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy
[2012.05.16 15:08:45 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Sony
[2012.05.16 14:18:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Toshiba
[2012.06.12 18:43:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP
[2012.06.01 18:59:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software
[2012.05.16 14:13:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WinBatch
[2012.12.06 11:01:09 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\CheckPoint
[2012.05.16 14:29:53 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\Toshiba
[2012.06.13 07:38:52 | 000,000,000 | ---D | M] -- C:\Users\Henry\AppData\Roaming\TuneUp Software
[2012.12.05 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\sylvia\AppData\Roaming\CheckPoint
[2012.07.26 16:40:11 | 000,000,000 | ---D | M] -- C:\Users\sylvia\AppData\Roaming\Downloaded Installations
[2012.06.01 19:29:12 | 000,000,000 | ---D | M] -- C:\Users\sylvia\AppData\Roaming\DVDVideoSoft
[2012.12.09 21:11:35 | 000,000,000 | ---D | M] -- C:\Users\sylvia\AppData\Roaming\Nitro PDF
[2012.12.02 18:50:45 | 000,000,000 | ---D | M] -- C:\Users\sylvia\AppData\Roaming\SoftGrid Client
[2012.05.16 15:32:13 | 000,000,000 | ---D | M] -- C:\Users\sylvia\AppData\Roaming\Sony
[2012.06.01 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\sylvia\AppData\Roaming\Toshiba
[2012.06.01 19:04:29 | 000,000,000 | ---D | M] -- C:\Users\sylvia\AppData\Roaming\TuneUp Software
[2012.05.16 15:30:59 | 000,000,000 | ---D | M] -- C:\Users\sylvia\AppData\Roaming\WildTangent
[2012.12.05 14:27:52 | 000,000,000 | ---D | M] -- C:\Users\www\AppData\Roaming\CheckPoint
[2012.09.23 17:09:31 | 000,000,000 | ---D | M] -- C:\Users\www\AppData\Roaming\DVDVideoSoft
[2012.08.27 14:55:51 | 000,000,000 | ---D | M] -- C:\Users\www\AppData\Roaming\Nitro PDF
[2012.07.14 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\www\AppData\Roaming\Samsung
[2012.11.04 00:33:40 | 000,000,000 | ---D | M] -- C:\Users\www\AppData\Roaming\SoftGrid Client
[2012.07.14 19:49:02 | 000,000,000 | ---D | M] -- C:\Users\www\AppData\Roaming\Sony
[2012.09.23 19:37:33 | 000,000,000 | ---D | M] -- C:\Users\www\AppData\Roaming\Toshiba
[2012.06.14 09:50:35 | 000,000,000 | ---D | M] -- C:\Users\www\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.09.24 21:07:22 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.05.26 04:59:33 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.12.06 11:07:10 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.06.12 18:48:47 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.12.06 11:07:10 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.06 11:28:40 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.05 14:07:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.12.09 21:14:23 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.07.14 20:54:02 | 000,000,000 | ---D | M] -- C:\Temp
[2012.07.26 16:17:30 | 000,000,000 | ---D | M] -- C:\Toshiba
[2012.07.29 22:03:04 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.06 11:00:49 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.25 17:52:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Adobe
[2012.09.23 16:42:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2012.06.01 18:57:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.16 14:14:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Identities
[2011.05.25 19:57:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Macromedia
[2012.06.13 20:52:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2010.11.21 08:16:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Center Programs
[2012.05.25 17:52:42 | 000,000,000 | --SD | M] -- C:\Users\Christian\AppData\Roaming\Microsoft
[2012.06.01 18:58:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy
[2012.05.16 15:08:45 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Sony
[2012.05.16 14:18:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Toshiba
[2012.06.12 18:43:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP
[2012.06.01 18:59:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software
[2012.05.16 14:13:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WinBatch
 
< %APPDATA%\*.exe /s >
[2010.09.20 15:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Christian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.05.17 00:21:50 | 027,567,008 | ---- | M] (TuneUp Software) -- C:\Users\Christian\AppData\Roaming\OpenCandy\16B30972D78546869315F7277C475286\TuneUpUtilities2012_de-DE_1002180.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
 
<           >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012.10.16 13:05:20 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job

< End of report >
         
--- --- ---
__________________

Alt 10.12.2012, 12:08   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



Hast du noch weitere Logs von Malwarebytes oder anderen Virenscannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.12.2012, 17:18   #5
cha145106
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



Hallo, habe noch den von Malwarebyte, aber ohne Befund.
[code]
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.12.06.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
sylvia :: CHRISTIAN-TOSH [limited]

06.12.2012 12:22:58
mbam-log-2012-12-06 (12-22-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 370975
Time elapsed: 1 hour(s), 4 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)]
[code/]


Alt 16.12.2012, 14:55   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



Sagmal ist das so schwierig mit den CODE-Tags?!
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> Trojaner Schweiz Polizei Cyber Crime Investigation

Alt 18.12.2012, 15:01   #7
cha145106
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



Hallo cosinus,
ist wohl nicht so schwierig, aber die Tücken der Technik, hatte direkt Antworten genommen, da gabs dann keine Vorschau.
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-18 14:29:19
-----------------------------
14:29:19.497    OS Version: Windows x64 6.1.7601 Service Pack 1
14:29:19.497    Number of processors: 8 586 0x2A07
14:29:19.497    ComputerName: CHRISTIAN-TOSH  UserName: Christian
14:29:21.369    Initialize success
14:31:54.953    AVAST engine defs: 12121800
14:32:51.425    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:32:51.425    Disk 0 Vendor: Seagate_ TD27 Size: 476940MB BusType: 3
14:32:51.441    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:32:51.441    Disk 1 Vendor: Seagate_ 0002 Size: 476940MB BusType: 3
14:32:51.456    Disk 0 MBR read successfully
14:32:51.456    Disk 0 MBR scan
14:32:51.472    Disk 0 Windows VISTA default MBR code
14:32:51.488    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
14:32:51.488    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       459684 MB offset 3074048
14:32:51.503    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS        15755 MB offset 944506880
14:32:51.519    Disk 0 scanning C:\windows\system32\drivers
14:32:58.461    Service scanning
14:33:09.849    Modules scanning
14:33:09.864    Disk 0 trace - called modules:
14:33:09.880    ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll 
14:33:09.880    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c11060]
14:33:09.896    3 CLASSPNP.SYS[fffff8800174e43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8007c10060]
14:33:09.896    5 thpdrv.sys[fffff88001dc4cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800764c050]
14:33:11.502    AVAST engine scan C:\windows
14:33:13.608    AVAST engine scan C:\windows\system32
14:35:46.426    AVAST engine scan C:\windows\system32\drivers
14:35:54.897    AVAST engine scan C:\Users\Christian
14:38:50.647    AVAST engine scan C:\ProgramData
14:43:04.335    Scan finished successfully
14:44:24.098    Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"
14:44:24.113    The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt"
         
Und noch der TDSSkiller
Vielen Dank und einen schönen Tag
Gruss
Code:
ATTFilter
15:04:02.0117 5392  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:04:02.0897 5392  ============================================================
15:04:02.0897 5392  Current date / time: 2012/12/18 15:04:02.0897
15:04:02.0897 5392  SystemInfo:
15:04:02.0897 5392  
15:04:02.0897 5392  OS Version: 6.1.7601 ServicePack: 1.0
15:04:02.0897 5392  Product type: Workstation
15:04:02.0897 5392  ComputerName: CHRISTIAN-TOSH
15:04:02.0897 5392  UserName: Christian
15:04:02.0897 5392  Windows directory: C:\windows
15:04:02.0897 5392  System windows directory: C:\windows
15:04:02.0897 5392  Running under WOW64
15:04:02.0897 5392  Processor architecture: Intel x64
15:04:02.0897 5392  Number of processors: 8
15:04:02.0897 5392  Page size: 0x1000
15:04:02.0897 5392  Boot type: Normal boot
15:04:02.0897 5392  ============================================================
15:04:05.0955 5392  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:04:05.0955 5392  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:04:06.0079 5392  ============================================================
15:04:06.0079 5392  \Device\Harddisk0\DR0:
15:04:06.0095 5392  MBR partitions:
15:04:06.0095 5392  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x381D2000
15:04:06.0095 5392  \Device\Harddisk1\DR1:
15:04:06.0095 5392  MBR partitions:
15:04:06.0111 5392  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1000, BlocksNum 0x3A385000
15:04:06.0111 5392  ============================================================
15:04:06.0111 5392  C: <-> \Device\Harddisk0\DR0\Partition1
15:04:06.0126 5392  D: <-> \Device\Harddisk1\DR1\Partition1
15:04:06.0126 5392  ============================================================
15:04:06.0126 5392  Initialize success
15:04:06.0126 5392  ============================================================
15:04:48.0262 6940  ============================================================
15:04:48.0262 6940  Scan started
15:04:48.0262 6940  Mode: Manual; SigCheck; TDLFS; 
15:04:48.0262 6940  ============================================================
15:04:50.0134 6940  ================ Scan system memory ========================
15:04:50.0134 6940  System memory - ok
15:04:50.0134 6940  ================ Scan services =============================
15:04:50.0368 6940  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
15:04:50.0461 6940  1394ohci - ok
15:04:50.0539 6940  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
15:04:50.0586 6940  ACPI - ok
15:04:50.0586 6940  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
15:04:50.0617 6940  AcpiPmi - ok
15:04:50.0711 6940  [ F3CD7B20B27D1772C946DF993FF3635C ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:04:50.0742 6940  AdobeFlashPlayerUpdateSvc - ok
15:04:50.0805 6940  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
15:04:50.0836 6940  adp94xx - ok
15:04:50.0914 6940  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
15:04:50.0945 6940  adpahci - ok
15:04:50.0961 6940  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
15:04:50.0976 6940  adpu320 - ok
15:04:50.0992 6940  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
15:04:51.0085 6940  AeLookupSvc - ok
15:04:51.0148 6940  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
15:04:51.0210 6940  AFD - ok
15:04:51.0226 6940  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
15:04:51.0241 6940  agp440 - ok
15:04:51.0288 6940  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
15:04:51.0335 6940  ALG - ok
15:04:51.0382 6940  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
15:04:51.0413 6940  aliide - ok
15:04:51.0444 6940  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
15:04:51.0475 6940  amdide - ok
15:04:51.0491 6940  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
15:04:51.0507 6940  AmdK8 - ok
15:04:51.0538 6940  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
15:04:51.0600 6940  AmdPPM - ok
15:04:51.0631 6940  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
15:04:51.0663 6940  amdsata - ok
15:04:51.0709 6940  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
15:04:51.0741 6940  amdsbs - ok
15:04:51.0756 6940  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
15:04:51.0772 6940  amdxata - ok
15:04:51.0772 6940  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\windows\system32\Drivers\ssadadb.sys
15:04:51.0834 6940  androidusb - ok
15:04:51.0850 6940  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
15:04:51.0881 6940  AppID - ok
15:04:51.0928 6940  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
15:04:51.0990 6940  AppIDSvc - ok
15:04:52.0021 6940  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
15:04:52.0084 6940  Appinfo - ok
15:04:52.0115 6940  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
15:04:52.0115 6940  arc - ok
15:04:52.0131 6940  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
15:04:52.0131 6940  arcsas - ok
15:04:52.0146 6940  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
15:04:52.0177 6940  AsyncMac - ok
15:04:52.0177 6940  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
15:04:52.0193 6940  atapi - ok
15:04:52.0240 6940  [ B2931C83CFB12A3223A47B180473AE1A ] athr            C:\windows\system32\DRIVERS\athrx.sys
15:04:52.0271 6940  athr - ok
15:04:52.0302 6940  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:04:52.0365 6940  AudioEndpointBuilder - ok
15:04:52.0365 6940  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
15:04:52.0411 6940  AudioSrv - ok
15:04:52.0427 6940  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
15:04:52.0458 6940  AxInstSV - ok
15:04:52.0489 6940  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
15:04:52.0552 6940  b06bdrv - ok
15:04:52.0567 6940  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
15:04:52.0630 6940  b57nd60a - ok
15:04:52.0723 6940  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
15:04:52.0755 6940  BBSvc - ok
15:04:52.0801 6940  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
15:04:52.0833 6940  BBUpdate - ok
15:04:52.0864 6940  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
15:04:52.0895 6940  BDESVC - ok
15:04:52.0911 6940  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
15:04:52.0973 6940  Beep - ok
15:04:52.0989 6940  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
15:04:53.0020 6940  BFE - ok
15:04:53.0051 6940  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
15:04:53.0082 6940  BITS - ok
15:04:53.0098 6940  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\drivers\blbdrive.sys
15:04:53.0129 6940  blbdrive - ok
15:04:53.0129 6940  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
15:04:53.0145 6940  bowser - ok
15:04:53.0145 6940  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
15:04:53.0160 6940  BrFiltLo - ok
15:04:53.0160 6940  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
15:04:53.0191 6940  BrFiltUp - ok
15:04:53.0191 6940  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
15:04:53.0207 6940  Browser - ok
15:04:53.0238 6940  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
15:04:53.0254 6940  Brserid - ok
15:04:53.0254 6940  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
15:04:53.0269 6940  BrSerWdm - ok
15:04:53.0269 6940  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
15:04:53.0285 6940  BrUsbMdm - ok
15:04:53.0301 6940  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
15:04:53.0301 6940  BrUsbSer - ok
15:04:53.0316 6940  [ 2347ABBD13BADA65826FDAB4CAAFE357 ] BtFilter        C:\windows\system32\DRIVERS\btfilter.sys
15:04:53.0332 6940  BtFilter - ok
15:04:53.0347 6940  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
15:04:53.0363 6940  BTHMODEM - ok
15:04:53.0363 6940  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
15:04:53.0394 6940  bthserv - ok
15:04:53.0425 6940  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
15:04:53.0457 6940  cdfs - ok
15:04:53.0457 6940  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
15:04:53.0488 6940  cdrom - ok
15:04:53.0488 6940  [ A965B206921C55F2D1481789D609B711 ] CeKbFilter      C:\windows\system32\DRIVERS\CeKbFilter.sys
15:04:53.0488 6940  CeKbFilter - ok
15:04:53.0519 6940  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
15:04:53.0550 6940  CertPropSvc - ok
15:04:53.0581 6940  [ 45B5A89DC41577282E5BF41B1165EA71 ] cfwids          C:\windows\system32\drivers\cfwids.sys
15:04:53.0581 6940  cfwids - ok
15:04:53.0613 6940  [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
15:04:53.0675 6940  cfWiMAXService - ok
15:04:53.0691 6940  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
15:04:53.0722 6940  circlass - ok
15:04:53.0753 6940  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
15:04:53.0769 6940  CLFS - ok
15:04:53.0784 6940  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:04:53.0800 6940  clr_optimization_v2.0.50727_32 - ok
15:04:53.0800 6940  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:04:53.0815 6940  clr_optimization_v2.0.50727_64 - ok
15:04:53.0878 6940  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:04:53.0893 6940  clr_optimization_v4.0.30319_32 - ok
15:04:53.0909 6940  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:04:53.0940 6940  clr_optimization_v4.0.30319_64 - ok
15:04:53.0940 6940  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\drivers\CmBatt.sys
15:04:53.0971 6940  CmBatt - ok
15:04:53.0971 6940  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
15:04:53.0987 6940  cmdide - ok
15:04:54.0018 6940  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
15:04:54.0034 6940  CNG - ok
15:04:54.0049 6940  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
15:04:54.0049 6940  Compbatt - ok
15:04:54.0065 6940  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
15:04:54.0081 6940  CompositeBus - ok
15:04:54.0081 6940  COMSysApp - ok
15:04:54.0081 6940  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
15:04:54.0096 6940  ConfigFree Service - ok
15:04:54.0096 6940  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
15:04:54.0112 6940  crcdisk - ok
15:04:54.0143 6940  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
15:04:54.0159 6940  CryptSvc - ok
15:04:54.0221 6940  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:04:54.0268 6940  cvhsvc - ok
15:04:54.0299 6940  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
15:04:54.0346 6940  DcomLaunch - ok
15:04:54.0361 6940  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
15:04:54.0408 6940  defragsvc - ok
15:04:54.0408 6940  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
15:04:54.0439 6940  DfsC - ok
15:04:54.0471 6940  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
15:04:54.0517 6940  Dhcp - ok
15:04:54.0533 6940  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
15:04:54.0580 6940  discache - ok
15:04:54.0595 6940  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
15:04:54.0611 6940  Disk - ok
15:04:54.0627 6940  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
15:04:54.0673 6940  Dnscache - ok
15:04:54.0673 6940  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
15:04:54.0720 6940  dot3svc - ok
15:04:54.0720 6940  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
15:04:54.0767 6940  DPS - ok
15:04:54.0767 6940  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
15:04:54.0783 6940  drmkaud - ok
15:04:54.0829 6940  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
15:04:54.0876 6940  DXGKrnl - ok
15:04:54.0907 6940  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
15:04:54.0985 6940  EapHost - ok
15:04:55.0079 6940  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
15:04:55.0188 6940  ebdrv - ok
15:04:55.0188 6940  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
15:04:55.0204 6940  EFS - ok
15:04:55.0235 6940  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
15:04:55.0266 6940  ehRecvr - ok
15:04:55.0282 6940  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
15:04:55.0297 6940  ehSched - ok
15:04:55.0329 6940  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
15:04:55.0344 6940  elxstor - ok
15:04:55.0344 6940  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
15:04:55.0360 6940  ErrDev - ok
15:04:55.0391 6940  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
15:04:55.0422 6940  EventSystem - ok
15:04:55.0438 6940  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
15:04:55.0469 6940  exfat - ok
15:04:55.0469 6940  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
15:04:55.0500 6940  fastfat - ok
15:04:55.0531 6940  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
15:04:55.0547 6940  Fax - ok
15:04:55.0563 6940  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
15:04:55.0578 6940  fdc - ok
15:04:55.0578 6940  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
15:04:55.0609 6940  fdPHost - ok
15:04:55.0625 6940  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
15:04:55.0656 6940  FDResPub - ok
15:04:55.0656 6940  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
15:04:55.0672 6940  FileInfo - ok
15:04:55.0672 6940  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
15:04:55.0719 6940  Filetrace - ok
15:04:55.0719 6940  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
15:04:55.0734 6940  flpydisk - ok
15:04:55.0750 6940  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
15:04:55.0765 6940  FltMgr - ok
15:04:55.0797 6940  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
15:04:55.0828 6940  FontCache - ok
15:04:55.0828 6940  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:04:55.0875 6940  FontCache3.0.0.0 - ok
15:04:55.0875 6940  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
15:04:55.0890 6940  FsDepends - ok
15:04:55.0890 6940  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
15:04:55.0906 6940  Fs_Rec - ok
15:04:55.0906 6940  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
15:04:55.0921 6940  fvevol - ok
15:04:55.0937 6940  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
15:04:55.0953 6940  gagp30kx - ok
15:04:55.0999 6940  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:04:56.0031 6940  GamesAppService - ok
15:04:56.0062 6940  [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt           C:\windows\system32\DRIVERS\ggflt.sys
15:04:56.0077 6940  ggflt - ok
15:04:56.0124 6940  [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc          C:\windows\system32\DRIVERS\ggsemc.sys
15:04:56.0140 6940  ggsemc - ok
15:04:56.0171 6940  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
15:04:56.0233 6940  gpsvc - ok
15:04:56.0296 6940  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
15:04:56.0327 6940  hcw85cir - ok
15:04:56.0389 6940  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:04:56.0421 6940  HdAudAddService - ok
15:04:56.0436 6940  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
15:04:56.0467 6940  HDAudBus - ok
15:04:56.0467 6940  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
15:04:56.0499 6940  HidBatt - ok
15:04:56.0499 6940  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
15:04:56.0530 6940  HidBth - ok
15:04:56.0530 6940  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
15:04:56.0545 6940  HidIr - ok
15:04:56.0545 6940  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
15:04:56.0577 6940  hidserv - ok
15:04:56.0592 6940  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
15:04:56.0592 6940  HidUsb - ok
15:04:56.0608 6940  [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK      C:\windows\system32\drivers\HipShieldK.sys
15:04:56.0623 6940  HipShieldK - ok
15:04:56.0639 6940  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
15:04:56.0686 6940  hkmsvc - ok
15:04:56.0717 6940  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:04:56.0733 6940  HomeGroupListener - ok
15:04:56.0748 6940  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:04:56.0764 6940  HomeGroupProvider - ok
15:04:56.0779 6940  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
15:04:56.0779 6940  HpSAMD - ok
15:04:56.0795 6940  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
15:04:56.0842 6940  HTTP - ok
15:04:56.0873 6940  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
15:04:56.0873 6940  hwpolicy - ok
15:04:56.0889 6940  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
15:04:56.0904 6940  i8042prt - ok
15:04:56.0920 6940  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
15:04:56.0935 6940  iaStor - ok
15:04:56.0951 6940  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
15:04:56.0967 6940  iaStorV - ok
15:04:56.0998 6940  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:04:57.0013 6940  idsvc - ok
15:04:57.0013 6940  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
15:04:57.0029 6940  iirsp - ok
15:04:57.0060 6940  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
15:04:57.0091 6940  IKEEXT - ok
15:04:57.0185 6940  [ A1FA448078C94E4D011EBD241821FF9E ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
15:04:57.0232 6940  IntcAzAudAddService - ok
15:04:57.0247 6940  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
15:04:57.0263 6940  intelide - ok
15:04:57.0263 6940  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
15:04:57.0279 6940  intelppm - ok
15:04:57.0294 6940  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
15:04:57.0325 6940  IPBusEnum - ok
15:04:57.0341 6940  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
15:04:57.0372 6940  IpFilterDriver - ok
15:04:57.0388 6940  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
15:04:57.0403 6940  iphlpsvc - ok
15:04:57.0403 6940  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
15:04:57.0419 6940  IPMIDRV - ok
15:04:57.0419 6940  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
15:04:57.0466 6940  IPNAT - ok
15:04:57.0481 6940  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
15:04:57.0497 6940  IRENUM - ok
15:04:57.0497 6940  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
15:04:57.0513 6940  isapnp - ok
15:04:57.0528 6940  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
15:04:57.0591 6940  iScsiPrt - ok
15:04:57.0622 6940  [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr       C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:04:57.0622 6940  IviRegMgr - ok
15:04:57.0653 6940  [ 935301DD8306CEEAEF0B84DD6ABFFDC6 ] JMCR            C:\windows\system32\DRIVERS\jmcr.sys
15:04:57.0653 6940  JMCR - ok
15:04:57.0669 6940  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
15:04:57.0669 6940  kbdclass - ok
15:04:57.0684 6940  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
15:04:57.0684 6940  kbdhid - ok
15:04:57.0700 6940  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
15:04:57.0715 6940  KeyIso - ok
15:04:57.0715 6940  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
15:04:57.0731 6940  KSecDD - ok
15:04:57.0731 6940  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
15:04:57.0747 6940  KSecPkg - ok
15:04:57.0747 6940  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
15:04:57.0778 6940  ksthunk - ok
15:04:57.0793 6940  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
15:04:57.0840 6940  KtmRm - ok
15:04:57.0840 6940  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
15:04:57.0887 6940  LanmanServer - ok
15:04:57.0887 6940  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:04:57.0918 6940  LanmanWorkstation - ok
15:04:57.0918 6940  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
15:04:57.0949 6940  lltdio - ok
15:04:57.0981 6940  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
15:04:58.0012 6940  lltdsvc - ok
15:04:58.0027 6940  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
15:04:58.0059 6940  lmhosts - ok
15:04:58.0074 6940  [ 50C7CE53EF461870410355F1F2E7D515 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:04:58.0090 6940  LMS - ok
15:04:58.0090 6940  [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter       C:\windows\system32\DRIVERS\LPCFilter.sys
15:04:58.0105 6940  LPCFilter - ok
15:04:58.0121 6940  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
15:04:58.0121 6940  LSI_FC - ok
15:04:58.0137 6940  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
15:04:58.0137 6940  LSI_SAS - ok
15:04:58.0152 6940  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
15:04:58.0152 6940  LSI_SAS2 - ok
15:04:58.0183 6940  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
15:04:58.0199 6940  LSI_SCSI - ok
15:04:58.0199 6940  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
15:04:58.0230 6940  luafv - ok
15:04:58.0261 6940  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:04:58.0277 6940  McAfee SiteAdvisor Service - ok
15:04:58.0277 6940  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:04:58.0293 6940  McMPFSvc - ok
15:04:58.0293 6940  [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:04:58.0308 6940  mcmscsvc - ok
15:04:58.0308 6940  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:04:58.0324 6940  McNaiAnn - ok
15:04:58.0324 6940  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:04:58.0339 6940  McNASvc - ok
15:04:58.0371 6940  [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
15:04:58.0386 6940  McODS - ok
15:04:58.0386 6940  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:04:58.0402 6940  McProxy - ok
15:04:58.0402 6940  [ 07ADF390306FC00297EE9B2247C0678E ] McPvDrv         C:\windows\system32\drivers\McPvDrv.sys
15:04:58.0417 6940  McPvDrv - ok
15:04:58.0449 6940  [ 4DEC9B5BEDAA97B1FF6A3923E1C4F58A ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:04:58.0511 6940  McShield - ok
15:04:58.0511 6940  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
15:04:58.0527 6940  Mcx2Svc - ok
15:04:58.0527 6940  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
15:04:58.0542 6940  megasas - ok
15:04:58.0573 6940  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
15:04:58.0589 6940  MegaSR - ok
15:04:58.0605 6940  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
15:04:58.0620 6940  MEIx64 - ok
15:04:58.0636 6940  [ B574522827D94126C03975FD53F0B26B ] mfeapfk         C:\windows\system32\drivers\mfeapfk.sys
15:04:58.0651 6940  mfeapfk - ok
15:04:58.0667 6940  [ B393753ECE9A9E2307CB1984ACF3DA9D ] mfeavfk         C:\windows\system32\drivers\mfeavfk.sys
15:04:58.0714 6940  mfeavfk - ok
15:04:58.0729 6940  mfeavfk01 - ok
15:04:58.0729 6940  [ 97C398750C8E80A48EB63999546F796E ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:04:58.0745 6940  mfefire - ok
15:04:58.0761 6940  [ C52A1ABF03DD219375EA0F6A8BE941C3 ] mfefirek        C:\windows\system32\drivers\mfefirek.sys
15:04:58.0776 6940  mfefirek - ok
15:04:58.0807 6940  [ 7092A6C6158FC4F5AA39EBEB9D5AF03D ] mfehidk         C:\windows\system32\drivers\mfehidk.sys
15:04:58.0823 6940  mfehidk - ok
15:04:58.0839 6940  [ D2A941C82A0A9227CD6F47AD40A40F69 ] mferkdet        C:\windows\system32\drivers\mferkdet.sys
15:04:58.0854 6940  mferkdet - ok
15:04:58.0870 6940  [ 04D48692EFF181DA46DD8EA8BE9FFB2B ] mfevtp          C:\windows\system32\mfevtps.exe
15:04:58.0917 6940  mfevtp - ok
15:04:58.0948 6940  [ 1631E2DA6C4B47D97ECA94842836592E ] mfewfpk         C:\windows\system32\drivers\mfewfpk.sys
15:04:58.0963 6940  mfewfpk - ok
15:04:58.0963 6940  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
15:04:58.0995 6940  MMCSS - ok
15:04:59.0010 6940  [ 8CC001C65C31633171991FA72A551D43 ] MOBKbackup      C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
15:04:59.0026 6940  MOBKbackup - ok
15:04:59.0026 6940  [ 3800C23D0D90C59AAFCDEFDC82B5C4AF ] MOBKFilter      C:\windows\system32\DRIVERS\MOBK.sys
15:04:59.0041 6940  MOBKFilter - ok
15:04:59.0041 6940  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
15:04:59.0073 6940  Modem - ok
15:04:59.0073 6940  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
15:04:59.0088 6940  monitor - ok
15:04:59.0104 6940  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
15:04:59.0104 6940  mouclass - ok
15:04:59.0119 6940  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
15:04:59.0119 6940  mouhid - ok
15:04:59.0135 6940  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
15:04:59.0182 6940  mountmgr - ok
15:04:59.0244 6940  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
15:04:59.0275 6940  mpio - ok
15:04:59.0291 6940  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
15:04:59.0369 6940  mpsdrv - ok
15:04:59.0416 6940  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
15:04:59.0463 6940  MpsSvc - ok
15:04:59.0478 6940  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
15:04:59.0525 6940  MRxDAV - ok
15:04:59.0541 6940  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
15:04:59.0556 6940  mrxsmb - ok
15:04:59.0572 6940  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
15:04:59.0587 6940  mrxsmb10 - ok
15:04:59.0587 6940  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
15:04:59.0603 6940  mrxsmb20 - ok
15:04:59.0603 6940  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
15:04:59.0619 6940  msahci - ok
15:04:59.0619 6940  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
15:04:59.0634 6940  msdsm - ok
15:04:59.0634 6940  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
15:04:59.0650 6940  MSDTC - ok
15:04:59.0665 6940  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
15:04:59.0697 6940  Msfs - ok
15:04:59.0712 6940  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
15:04:59.0743 6940  mshidkmdf - ok
15:04:59.0759 6940  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
15:04:59.0759 6940  msisadrv - ok
15:04:59.0775 6940  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
15:04:59.0806 6940  MSiSCSI - ok
15:04:59.0806 6940  msiserver - ok
15:04:59.0821 6940  [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:04:59.0837 6940  MSK80Service - ok
15:04:59.0853 6940  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
15:04:59.0884 6940  MSKSSRV - ok
15:04:59.0884 6940  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
15:04:59.0931 6940  MSPCLOCK - ok
15:04:59.0931 6940  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
15:04:59.0962 6940  MSPQM - ok
15:04:59.0977 6940  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
15:04:59.0993 6940  MsRPC - ok
15:05:00.0009 6940  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
15:05:00.0009 6940  mssmbios - ok
15:05:00.0024 6940  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
15:05:00.0055 6940  MSTEE - ok
15:05:00.0055 6940  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
15:05:00.0071 6940  MTConfig - ok
15:05:00.0087 6940  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
15:05:00.0087 6940  Mup - ok
15:05:00.0118 6940  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
15:05:00.0149 6940  napagent - ok
15:05:00.0180 6940  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
15:05:00.0196 6940  NativeWifiP - ok
15:05:00.0227 6940  [ 2989174DF02E0AEF54BAE90674FB445F ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
15:05:00.0289 6940  NAUpdate - ok
15:05:00.0305 6940  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
15:05:00.0336 6940  NDIS - ok
15:05:00.0352 6940  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
15:05:00.0383 6940  NdisCap - ok
15:05:00.0383 6940  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
15:05:00.0414 6940  NdisTapi - ok
15:05:00.0430 6940  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
15:05:00.0461 6940  Ndisuio - ok
15:05:00.0477 6940  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
15:05:00.0523 6940  NdisWan - ok
15:05:00.0523 6940  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
15:05:00.0570 6940  NDProxy - ok
15:05:00.0586 6940  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
15:05:00.0617 6940  NetBIOS - ok
15:05:00.0617 6940  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
15:05:00.0648 6940  NetBT - ok
15:05:00.0648 6940  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
15:05:00.0664 6940  Netlogon - ok
15:05:00.0679 6940  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
15:05:00.0711 6940  Netman - ok
15:05:00.0726 6940  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
15:05:00.0757 6940  netprofm - ok
15:05:00.0773 6940  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:05:00.0789 6940  NetTcpPortSharing - ok
15:05:00.0820 6940  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
15:05:00.0835 6940  nfrd960 - ok
15:05:00.0835 6940  [ 3CC771FDB4FAAFD49B5925545FC158D6 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
15:05:00.0898 6940  NitroReaderDriverReadSpool2 - ok
15:05:00.0913 6940  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
15:05:00.0929 6940  NlaSvc - ok
15:05:00.0945 6940  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
15:05:00.0976 6940  Npfs - ok
15:05:00.0976 6940  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
15:05:01.0007 6940  nsi - ok
15:05:01.0023 6940  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
15:05:01.0054 6940  nsiproxy - ok
15:05:01.0101 6940  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
15:05:01.0147 6940  Ntfs - ok
15:05:01.0163 6940  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
15:05:01.0194 6940  Null - ok
15:05:01.0210 6940  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\windows\system32\DRIVERS\nusb3hub.sys
15:05:01.0225 6940  nusb3hub - ok
15:05:01.0241 6940  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\windows\system32\DRIVERS\nusb3xhc.sys
15:05:01.0241 6940  nusb3xhc - ok
15:05:01.0257 6940  [ F12E3EA0386EBC284C893611107C6A96 ] NVHDA           C:\windows\system32\drivers\nvhda64v.sys
15:05:01.0272 6940  NVHDA - ok
15:05:01.0475 6940  [ 24E1BF08E1FDDBE2398EE38F59274E75 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
15:05:01.0631 6940  nvlddmkm - ok
15:05:01.0647 6940  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
15:05:01.0662 6940  nvraid - ok
15:05:01.0678 6940  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
15:05:01.0678 6940  nvstor - ok
15:05:01.0693 6940  [ 6099EBAE6545719A601410CB25234746 ] NvStUSB         C:\windows\system32\DRIVERS\nvstusb.sys
15:05:01.0709 6940  NvStUSB - ok
15:05:01.0725 6940  [ B2B419D2C55ED6ED560E662BBE7D29F3 ] NVSvc           C:\windows\system32\nvvsvc.exe
15:05:01.0756 6940  NVSvc - ok
15:05:01.0771 6940  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
15:05:01.0787 6940  nv_agp - ok
15:05:01.0803 6940  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
15:05:01.0818 6940  ohci1394 - ok
15:05:01.0834 6940  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:05:01.0849 6940  ose - ok
15:05:01.0959 6940  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:05:02.0146 6940  osppsvc - ok
15:05:02.0161 6940  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
15:05:02.0177 6940  p2pimsvc - ok
15:05:02.0208 6940  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
15:05:02.0224 6940  p2psvc - ok
15:05:02.0239 6940  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
15:05:02.0255 6940  Parport - ok
15:05:02.0255 6940  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
15:05:02.0271 6940  partmgr - ok
15:05:02.0271 6940  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
15:05:02.0286 6940  PcaSvc - ok
15:05:02.0302 6940  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
15:05:02.0317 6940  pci - ok
15:05:02.0317 6940  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\DRIVERS\pciide.sys
15:05:02.0333 6940  pciide - ok
15:05:02.0333 6940  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
15:05:02.0349 6940  pcmcia - ok
15:05:02.0349 6940  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
15:05:02.0364 6940  pcw - ok
15:05:02.0380 6940  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
15:05:02.0427 6940  PEAUTH - ok
15:05:02.0458 6940  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
15:05:02.0489 6940  PerfHost - ok
15:05:02.0520 6940  [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
15:05:02.0536 6940  PGEffect - ok
15:05:02.0567 6940  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
15:05:02.0629 6940  pla - ok
15:05:02.0661 6940  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
15:05:02.0739 6940  PlugPlay - ok
15:05:02.0754 6940  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
15:05:02.0785 6940  PNRPAutoReg - ok
15:05:02.0801 6940  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
15:05:02.0817 6940  PNRPsvc - ok
15:05:02.0832 6940  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
15:05:02.0863 6940  PolicyAgent - ok
15:05:02.0879 6940  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
15:05:02.0910 6940  Power - ok
15:05:02.0926 6940  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
15:05:02.0957 6940  PptpMiniport - ok
15:05:02.0957 6940  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
15:05:02.0988 6940  Processor - ok
15:05:03.0004 6940  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
15:05:03.0019 6940  ProfSvc - ok
15:05:03.0019 6940  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
15:05:03.0035 6940  ProtectedStorage - ok
15:05:03.0051 6940  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
15:05:03.0113 6940  Psched - ok
15:05:03.0144 6940  [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:05:03.0144 6940  PSI_SVC_2 - ok
15:05:03.0207 6940  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
15:05:03.0269 6940  ql2300 - ok
15:05:03.0285 6940  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
15:05:03.0300 6940  ql40xx - ok
15:05:03.0316 6940  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
15:05:03.0331 6940  QWAVE - ok
15:05:03.0347 6940  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
15:05:03.0378 6940  QWAVEdrv - ok
15:05:03.0378 6940  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
15:05:03.0409 6940  RasAcd - ok
15:05:03.0425 6940  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
15:05:03.0456 6940  RasAgileVpn - ok
15:05:03.0456 6940  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
15:05:03.0487 6940  RasAuto - ok
15:05:03.0503 6940  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
15:05:03.0534 6940  Rasl2tp - ok
15:05:03.0550 6940  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
15:05:03.0597 6940  RasMan - ok
15:05:03.0612 6940  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
15:05:03.0643 6940  RasPppoe - ok
15:05:03.0659 6940  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
15:05:03.0690 6940  RasSstp - ok
15:05:03.0706 6940  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
15:05:03.0737 6940  rdbss - ok
15:05:03.0768 6940  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
15:05:03.0784 6940  rdpbus - ok
15:05:03.0784 6940  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
15:05:03.0815 6940  RDPCDD - ok
15:05:03.0815 6940  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
15:05:03.0862 6940  RDPENCDD - ok
15:05:03.0862 6940  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
15:05:03.0893 6940  RDPREFMP - ok
15:05:03.0940 6940  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
15:05:03.0987 6940  RDPWD - ok
15:05:04.0002 6940  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
15:05:04.0018 6940  rdyboost - ok
15:05:04.0033 6940  [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi            C:\windows\system32\drivers\regi.sys
15:05:04.0033 6940  regi - ok
15:05:04.0065 6940  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
15:05:04.0158 6940  RemoteAccess - ok
15:05:04.0158 6940  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
15:05:04.0252 6940  RemoteRegistry - ok
15:05:04.0267 6940  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
15:05:04.0299 6940  RpcEptMapper - ok
15:05:04.0330 6940  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
15:05:04.0345 6940  RpcLocator - ok
15:05:04.0361 6940  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
15:05:04.0392 6940  RpcSs - ok
15:05:04.0423 6940  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
15:05:04.0455 6940  rspndr - ok
15:05:04.0470 6940  [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
15:05:04.0486 6940  RTL8167 - ok
15:05:04.0501 6940  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
15:05:04.0501 6940  SamSs - ok
15:05:04.0517 6940  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
15:05:04.0517 6940  sbp2port - ok
15:05:04.0533 6940  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
15:05:04.0564 6940  SCardSvr - ok
15:05:04.0595 6940  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
15:05:04.0673 6940  scfilter - ok
15:05:04.0720 6940  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
15:05:04.0751 6940  Schedule - ok
15:05:04.0767 6940  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
15:05:04.0782 6940  SCPolicySvc - ok
15:05:04.0798 6940  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\windows\system32\DRIVERS\sdbus.sys
15:05:04.0829 6940  sdbus - ok
15:05:04.0860 6940  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
15:05:04.0891 6940  SDRSVC - ok
15:05:04.0923 6940  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
15:05:04.0938 6940  secdrv - ok
15:05:04.0954 6940  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
15:05:04.0985 6940  seclogon - ok
15:05:04.0985 6940  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
15:05:05.0047 6940  SENS - ok
15:05:05.0047 6940  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
15:05:05.0063 6940  SensrSvc - ok
15:05:05.0063 6940  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
15:05:05.0094 6940  Serenum - ok
15:05:05.0125 6940  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
15:05:05.0141 6940  Serial - ok
15:05:05.0141 6940  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
15:05:05.0157 6940  sermouse - ok
15:05:05.0219 6940  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
15:05:05.0297 6940  SessionEnv - ok
15:05:05.0313 6940  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
15:05:05.0344 6940  sffdisk - ok
15:05:05.0344 6940  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
15:05:05.0359 6940  sffp_mmc - ok
15:05:05.0375 6940  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
15:05:05.0391 6940  sffp_sd - ok
15:05:05.0391 6940  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
15:05:05.0406 6940  sfloppy - ok
15:05:05.0437 6940  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
15:05:05.0469 6940  Sftfs - ok
15:05:05.0500 6940  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:05:05.0515 6940  sftlist - ok
15:05:05.0515 6940  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
15:05:05.0531 6940  Sftplay - ok
15:05:05.0531 6940  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
15:05:05.0578 6940  Sftredir - ok
15:05:05.0578 6940  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
15:05:05.0593 6940  Sftvol - ok
15:05:05.0609 6940  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:05:05.0656 6940  sftvsa - ok
15:05:05.0671 6940  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
15:05:05.0718 6940  SharedAccess - ok
15:05:05.0718 6940  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:05:05.0765 6940  ShellHWDetection - ok
15:05:05.0781 6940  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
15:05:05.0781 6940  SiSRaid2 - ok
15:05:05.0796 6940  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
15:05:05.0796 6940  SiSRaid4 - ok
15:05:05.0812 6940  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:05:05.0827 6940  SkypeUpdate - ok
15:05:05.0827 6940  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
15:05:05.0859 6940  Smb - ok
15:05:05.0874 6940  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
15:05:05.0890 6940  SNMPTRAP - ok
15:05:05.0905 6940  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
15:05:05.0921 6940  Sony PC Companion - ok
15:05:05.0921 6940  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
15:05:05.0937 6940  spldr - ok
15:05:05.0952 6940  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
15:05:05.0968 6940  Spooler - ok
15:05:06.0077 6940  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
15:05:06.0171 6940  sppsvc - ok
15:05:06.0186 6940  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
15:05:06.0217 6940  sppuinotify - ok
15:05:06.0233 6940  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
15:05:06.0249 6940  srv - ok
15:05:06.0264 6940  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
15:05:06.0280 6940  srv2 - ok
15:05:06.0295 6940  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
15:05:06.0295 6940  srvnet - ok
15:05:06.0327 6940  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\windows\system32\DRIVERS\ssadbus.sys
15:05:06.0342 6940  ssadbus - ok
15:05:06.0358 6940  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\windows\system32\DRIVERS\ssadmdfl.sys
15:05:06.0405 6940  ssadmdfl - ok
15:05:06.0420 6940  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\windows\system32\DRIVERS\ssadmdm.sys
15:05:06.0483 6940  ssadmdm - ok
15:05:06.0498 6940  [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd        C:\windows\system32\DRIVERS\ssadserd.sys
15:05:06.0514 6940  ssadserd - ok
15:05:06.0529 6940  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
15:05:06.0576 6940  SSDPSRV - ok
15:05:06.0576 6940  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
15:05:06.0607 6940  SstpSvc - ok
15:05:06.0639 6940  [ C7C4B2E29B2E9F757929868278BE3235 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:05:06.0654 6940  Stereo Service - ok
15:05:06.0670 6940  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
15:05:06.0670 6940  stexstor - ok
15:05:06.0701 6940  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
15:05:06.0717 6940  stisvc - ok
15:05:06.0717 6940  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
15:05:06.0732 6940  swenum - ok
15:05:06.0748 6940  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
15:05:06.0779 6940  swprv - ok
15:05:06.0857 6940  [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
15:05:06.0935 6940  SynTP - ok
15:05:06.0982 6940  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
15:05:07.0013 6940  SysMain - ok
15:05:07.0029 6940  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
15:05:07.0044 6940  TabletInputService - ok
15:05:07.0060 6940  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
15:05:07.0091 6940  TapiSrv - ok
15:05:07.0107 6940  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
15:05:07.0138 6940  TBS - ok
15:05:07.0216 6940  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
15:05:07.0294 6940  Tcpip - ok
15:05:07.0387 6940  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
15:05:07.0434 6940  TCPIP6 - ok
15:05:07.0434 6940  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
15:05:07.0450 6940  tcpipreg - ok
15:05:07.0465 6940  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
15:05:07.0465 6940  tdcmdpst - ok
15:05:07.0481 6940  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
15:05:07.0512 6940  TDPIPE - ok
15:05:07.0512 6940  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
15:05:07.0528 6940  TDTCP - ok
15:05:07.0528 6940  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
15:05:07.0559 6940  tdx - ok
15:05:07.0590 6940  [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
15:05:07.0668 6940  TemproMonitoringService - ok
15:05:07.0699 6940  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
15:05:07.0699 6940  TermDD - ok
15:05:07.0731 6940  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
15:05:07.0762 6940  TermService - ok
15:05:07.0793 6940  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
15:05:07.0809 6940  Themes - ok
15:05:07.0809 6940  [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv          C:\windows\system32\DRIVERS\thpdrv.sys
15:05:07.0824 6940  Thpdrv - ok
15:05:07.0824 6940  [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm          C:\windows\system32\DRIVERS\Thpevm.SYS
15:05:07.0840 6940  Thpevm - ok
15:05:07.0855 6940  [ 9B032A63A0553A2D872815C64A0288BE ] Thpsrv          C:\windows\system32\ThpSrv.exe
15:05:07.0871 6940  Thpsrv ( UnsignedFile.Multi.Generic ) - warning
15:05:07.0871 6940  Thpsrv - detected UnsignedFile.Multi.Generic (1)
15:05:07.0871 6940  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
15:05:07.0902 6940  THREADORDER - ok
15:05:07.0918 6940  [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
15:05:07.0933 6940  TMachInfo - ok
15:05:07.0949 6940  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv         C:\windows\system32\TODDSrv.exe
15:05:07.0949 6940  TODDSrv - ok
15:05:07.0965 6940  [ 63B379F8885CB1C557771BB8B16162E3 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
15:05:07.0980 6940  TosCoSrv ( UnsignedFile.Multi.Generic ) - warning
15:05:07.0980 6940  TosCoSrv - detected UnsignedFile.Multi.Generic (1)
15:05:08.0011 6940  [ 8F099BE5DB17D025E19652851399B9F1 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
15:05:08.0058 6940  TOSHIBA Bluetooth Service - ok
15:05:08.0089 6940  [ 2ECC833EA37CECE0052D4D9ADC184177 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
15:05:08.0136 6940  TOSHIBA eco Utility Service - ok
15:05:08.0183 6940  [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
15:05:08.0199 6940  TOSHIBA HDD SSD Alert Service - ok
15:05:08.0199 6940  Tosrfcom - ok
15:05:08.0199 6940  [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec         C:\windows\system32\DRIVERS\tosrfec.sys
15:05:08.0214 6940  tosrfec - ok
15:05:08.0214 6940  [ 7A0048693F98460FF537BE31C741B927 ] Tosrfusb        C:\windows\system32\DRIVERS\tosrfusb.sys
15:05:08.0230 6940  Tosrfusb - ok
15:05:08.0245 6940  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64       C:\windows\system32\DRIVERS\tos_sps64.sys
15:05:08.0261 6940  tos_sps64 - ok
15:05:08.0292 6940  [ 9F8410CCC72B3470C96DA415BE0CF423 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
15:05:08.0308 6940  TPCHSrv - ok
15:05:08.0308 6940  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
15:05:08.0370 6940  TrkWks - ok
15:05:08.0386 6940  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:05:08.0417 6940  TrustedInstaller - ok
15:05:08.0433 6940  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
15:05:08.0448 6940  tssecsrv - ok
15:05:08.0495 6940  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
15:05:08.0557 6940  TsUsbFlt - ok
15:05:08.0573 6940  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
15:05:08.0573 6940  TsUsbGD - ok
15:05:08.0651 6940  [ EE1BD87C9F470945D41F54585DBC989A ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
15:05:08.0698 6940  TuneUp.UtilitiesSvc - ok
15:05:08.0698 6940  [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
15:05:08.0713 6940  TuneUpUtilitiesDrv - ok
15:05:08.0713 6940  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
15:05:08.0745 6940  tunnel - ok
15:05:08.0760 6940  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
15:05:08.0776 6940  TVALZ - ok
15:05:08.0776 6940  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
15:05:08.0791 6940  TVALZFL - ok
15:05:08.0807 6940  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
15:05:08.0823 6940  uagp35 - ok
15:05:08.0823 6940  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
15:05:08.0869 6940  udfs - ok
15:05:08.0869 6940  [ D2B2AB4235B360A9CCAE8E891350A474 ] UDSS            c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
15:05:08.0885 6940  UDSS - ok
15:05:08.0885 6940  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
15:05:08.0901 6940  UI0Detect - ok
15:05:08.0901 6940  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
15:05:08.0916 6940  uliagpkx - ok
15:05:08.0932 6940  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
15:05:08.0932 6940  umbus - ok
15:05:08.0947 6940  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
15:05:08.0947 6940  UmPass - ok
15:05:09.0010 6940  [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:05:09.0041 6940  UNS - ok
15:05:09.0103 6940  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
15:05:09.0181 6940  upnphost - ok
15:05:09.0197 6940  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
15:05:09.0259 6940  usbccgp - ok
15:05:09.0291 6940  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
15:05:09.0369 6940  usbcir - ok
15:05:09.0369 6940  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys
15:05:09.0384 6940  usbehci - ok
15:05:09.0447 6940  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
15:05:09.0493 6940  usbhub - ok
15:05:09.0493 6940  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
15:05:09.0525 6940  usbohci - ok
15:05:09.0556 6940  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
15:05:09.0603 6940  usbprint - ok
15:05:09.0603 6940  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
15:05:09.0634 6940  usbscan - ok
15:05:09.0634 6940  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
15:05:09.0649 6940  USBSTOR - ok
15:05:09.0665 6940  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
15:05:09.0681 6940  usbuhci - ok
15:05:09.0696 6940  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
15:05:09.0743 6940  usbvideo - ok
15:05:09.0743 6940  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
15:05:09.0774 6940  UxSms - ok
15:05:09.0790 6940  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
15:05:09.0790 6940  VaultSvc - ok
15:05:09.0805 6940  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
15:05:09.0821 6940  vdrvroot - ok
15:05:09.0837 6940  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
15:05:09.0868 6940  vds - ok
15:05:09.0883 6940  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
15:05:09.0883 6940  vga - ok
15:05:09.0899 6940  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
15:05:09.0930 6940  VgaSave - ok
15:05:09.0930 6940  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
15:05:09.0946 6940  vhdmp - ok
15:05:09.0961 6940  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
15:05:09.0961 6940  viaide - ok
15:05:09.0977 6940  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
15:05:09.0977 6940  volmgr - ok
15:05:09.0993 6940  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
15:05:10.0008 6940  volmgrx - ok
15:05:10.0024 6940  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
15:05:10.0039 6940  volsnap - ok
15:05:10.0039 6940  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
15:05:10.0055 6940  vsmraid - ok
15:05:10.0102 6940  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
15:05:10.0149 6940  VSS - ok
15:05:10.0164 6940  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
15:05:10.0180 6940  vwifibus - ok
15:05:10.0180 6940  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
15:05:10.0211 6940  vwififlt - ok
15:05:10.0227 6940  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
15:05:10.0258 6940  W32Time - ok
15:05:10.0273 6940  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
15:05:10.0289 6940  WacomPen - ok
15:05:10.0289 6940  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
15:05:10.0320 6940  WANARP - ok
15:05:10.0336 6940  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
15:05:10.0367 6940  Wanarpv6 - ok
15:05:10.0398 6940  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
15:05:10.0523 6940  WatAdminSvc - ok
15:05:10.0554 6940  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
15:05:10.0601 6940  wbengine - ok
15:05:10.0601 6940  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
15:05:10.0617 6940  WbioSrvc - ok
15:05:10.0632 6940  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
15:05:10.0648 6940  wcncsvc - ok
15:05:10.0648 6940  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:05:10.0663 6940  WcsPlugInService - ok
15:05:10.0679 6940  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
15:05:10.0679 6940  Wd - ok
15:05:10.0710 6940  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
15:05:10.0726 6940  Wdf01000 - ok
15:05:10.0726 6940  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
15:05:10.0773 6940  WdiServiceHost - ok
15:05:10.0773 6940  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
15:05:10.0788 6940  WdiSystemHost - ok
15:05:10.0804 6940  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
15:05:10.0835 6940  WebClient - ok
15:05:10.0835 6940  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
15:05:10.0882 6940  Wecsvc - ok
15:05:10.0882 6940  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
15:05:10.0913 6940  wercplsupport - ok
15:05:10.0913 6940  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
15:05:10.0944 6940  WerSvc - ok
15:05:10.0975 6940  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
15:05:11.0007 6940  WfpLwf - ok
15:05:11.0007 6940  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
15:05:11.0022 6940  WIMMount - ok
15:05:11.0022 6940  WinDefend - ok
15:05:11.0022 6940  WinHttpAutoProxySvc - ok
15:05:11.0053 6940  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
15:05:11.0085 6940  Winmgmt - ok
15:05:11.0131 6940  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
15:05:11.0209 6940  WinRM - ok
15:05:11.0287 6940  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
15:05:11.0319 6940  WinUsb - ok
15:05:11.0365 6940  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
15:05:11.0443 6940  Wlansvc - ok
15:05:11.0475 6940  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:05:11.0506 6940  wlcrasvc - ok
15:05:11.0553 6940  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:05:11.0599 6940  wlidsvc - ok
15:05:11.0662 6940  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
15:05:11.0693 6940  WmiAcpi - ok
15:05:11.0709 6940  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
15:05:11.0740 6940  wmiApSrv - ok
15:05:11.0740 6940  WMPNetworkSvc - ok
15:05:11.0740 6940  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
15:05:11.0755 6940  WPCSvc - ok
15:05:11.0755 6940  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
15:05:11.0771 6940  WPDBusEnum - ok
15:05:11.0787 6940  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
15:05:11.0818 6940  ws2ifsl - ok
15:05:11.0833 6940  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
15:05:11.0849 6940  wscsvc - ok
15:05:11.0849 6940  WSearch - ok
15:05:11.0927 6940  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
15:05:11.0974 6940  wuauserv - ok
15:05:11.0989 6940  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
15:05:12.0021 6940  WudfPf - ok
15:05:12.0021 6940  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
15:05:12.0052 6940  WUDFRd - ok
15:05:12.0052 6940  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
15:05:12.0067 6940  wudfsvc - ok
15:05:12.0067 6940  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
15:05:12.0099 6940  WwanSvc - ok
15:05:12.0099 6940  ================ Scan global ===============================
15:05:12.0099 6940  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:05:12.0114 6940  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
15:05:12.0114 6940  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
15:05:12.0130 6940  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:05:12.0130 6940  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
15:05:12.0130 6940  [Global] - ok
15:05:12.0130 6940  ================ Scan MBR ==================================
15:05:12.0145 6940  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
15:05:12.0613 6940  \Device\Harddisk0\DR0 - ok
15:05:12.0925 6940  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
15:05:13.0097 6940  \Device\Harddisk1\DR1 - ok
15:05:13.0097 6940  ================ Scan VBR ==================================
15:05:13.0113 6940  [ 91E077294250344968D0A8557CBD3CEB ] \Device\Harddisk0\DR0\Partition1
15:05:13.0113 6940  \Device\Harddisk0\DR0\Partition1 - ok
15:05:13.0128 6940  [ 27A9F6A2B01B0A6656963CC232C5DBF1 ] \Device\Harddisk1\DR1\Partition1
15:05:13.0128 6940  \Device\Harddisk1\DR1\Partition1 - ok
15:05:13.0128 6940  ============================================================
15:05:13.0128 6940  Scan finished
15:05:13.0128 6940  ============================================================
15:05:13.0144 7672  Detected object count: 2
15:05:13.0144 7672  Actual detected object count: 2
15:05:34.0126 7672  Thpsrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:34.0126 7672  Thpsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:05:34.0126 7672  TosCoSrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:34.0126 7672  TosCoSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 18.12.2012, 22:55   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.12.2012, 19:21   #9
cha145106
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



Hallo Cosinus,
habe combofix gemacht und hat dann auch etwas gelöscht, aber weil Internet Explorer nicht lief habe ich Windows neu gestartet und nun finde ich den Log nirgends. Habe auch Combofix nicht auf dem Desktop weil obwohl ich Mc Afee deaktiviert hatte er anscheinend doch noch aktiv war. Habe jetzt Mc Afee komplett entfernt und dann Combofix ausgeführt, aber Aiuf Desktop ist nix.
Soll ich Combofix nochmals machen?
Gruss

Alt 20.12.2012, 20:32   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.12.2012, 23:33   #11
cha145106
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



Hallo cosinus,
nachdem ich versucht habe CF zu deinstallieren bin ich auf das Log von gestern gestossen. Seid dem funktioniert das gesperrte Konto wieder.
Viele Grüsse
[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-20.02 - Christian 20.12.2012  18:54:11.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1031.18.8169.6186 [GMT 1:00]
ausgeführt von:: c:\users\Christian\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\3D.lnk
c:\users\CHRIST~1\AppData\Local\Temp\{B4537320-BE1D-4A89-A160-0E0F53C419AB}\fpb.tmp
c:\users\Christian\AppData\Local\Temp\{B4537320-BE1D-4A89-A160-0E0F53C419AB}\fpb.tmp
c:\users\Public\sdelevURL.tmp
c:\users\www\icsiddnsmqngbidwfep.exe
c:\users\www\uxvwaspycbpugaknw.exe
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-20 bis 2012-12-20  ))))))))))))))))))))))))))))))
.
.
2012-12-20 17:58 . 2012-12-20 17:58	--------	d-----w-	c:\users\www\AppData\Local\temp
2012-12-20 17:58 . 2012-12-20 17:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-15 17:53 . 2012-11-14 07:11	182816	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-12-15 16:09 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-15 16:08 . 2012-10-04 17:38	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-06 10:28 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-06 10:28 . 2012-12-06 10:36	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-06 10:18 . 2012-12-06 10:18	--------	d-----w-	c:\users\Henry\AppData\Roaming\Malwarebytes
2012-12-06 10:01 . 2012-12-06 10:01	--------	d-----w-	c:\users\Henry\AppData\Roaming\CheckPoint
2012-12-05 13:27 . 2012-12-05 13:27	--------	d-----w-	c:\users\www\AppData\Roaming\CheckPoint
2012-12-05 13:10 . 2012-12-05 13:10	--------	d-----w-	c:\users\sylvia\AppData\Roaming\CheckPoint
2012-12-05 13:07 . 2012-12-05 13:07	126	----a-w-	C:\user.js
2012-12-05 13:07 . 2012-12-05 13:07	--------	d-----w-	c:\program files (x86)\Check Point Software Technologies LTD
2012-12-05 13:07 . 2012-12-05 13:07	--------	d-----w-	c:\programdata\CheckPoint
2012-11-29 18:31 . 2012-11-29 18:31	--------	d-----w-	c:\program files (x86)\Klett
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 12:05 . 2012-10-16 12:05	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-16 12:05 . 2012-05-16 14:06	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 08:38 . 2012-11-28 14:45	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 14:45	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 14:45	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-12 08:57 . 2012-10-12 08:56	8548432	----a-w-	c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-10-09 18:17 . 2012-11-16 16:27	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-16 16:27	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 16:27	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 16:27	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-04 16:40 . 2012-12-15 16:09	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-16 16:27	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-16 16:27	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-16 16:27	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-16 16:27	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-16 16:27	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-16 16:27	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-16 16:27	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-16 16:27	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-16 16:27	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 16:27	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-16 16:27	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-16 16:26	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-16 16:26	95744	----a-w-	c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-09-12 445624]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-02 975288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-02 3524536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
.
c:\users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\www\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk -  [N/A]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-5-25 1470848]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-07-14 14448]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-04-26 482384]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-10-23 103472]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-06-25 216080]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-06 378472]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-04-05 2143552]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UDSS;UDSS;c:\program files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [2011-03-11 30064]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2011-09-08 20592]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-03 175192]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [2011-03-28 122472]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-03-29 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 12:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-28 11831400]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-04-18 2209896]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-05-25 150992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN115838898822794-1452&toolbarId=base&affiliateId=1452&Lan=en&utid=fc5dbb9a000000000000b870f4d17a92
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-ZoneAlarm Installer - c:\program files (x86)\CheckPoint\Install\Launcher.exe
Toolbar-Locked - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-20  19:02:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-20 18:02
.
Vor Suchlauf: 7 Verzeichnis(se), 379'619'774'464 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 381'744'697'344 Bytes frei
.
- - End Of File - - 7118457FEDCF4ADBB95FF8E0F10384A3
         
--- --- ---

Alt 22.12.2012, 20:17   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.12.2012, 21:50   #13
cha145106
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



Hallo cosinus,
hier der ADW cleaner
Code:
ATTFilter
# AdwCleaner v2.103 - Datei am 27/12/2012 um 21:53:00 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Christian - CHRISTIAN-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\sylvia\Downloads\adwcleaner (1).exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : \user.js
Datei Gefunden : C:\Users\Public\Desktop\eBay.lnk
Ordner Gefunden : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gefunden : C:\Users\Christian\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Christian\AppData\LocalLow\DVDVideoSoftTB
Ordner Gefunden : C:\Users\Christian\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Christian\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\Henry\AppData\LocalLow\DVDVideoSoftTB
Ordner Gefunden : C:\Users\sylvia\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\sylvia\AppData\LocalLow\DVDVideoSoftTB
Ordner Gefunden : C:\Users\sylvia\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\www\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\www\AppData\LocalLow\DVDVideoSoftTB
Ordner Gefunden : C:\Users\www\AppData\LocalLow\PriceGong

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{616B1F39-EBE7-4DF7-A2E6-1D1DD8D97726}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9B6519E-5EC1-4261-BCAD-7BE83CEE8F4D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [8380 octets] - [27/12/2012 21:53:00]

########## EOF - \AdwCleaner[R1].txt - [8440 octets] ##########
         

Geändert von cha145106 (27.12.2012 um 21:59 Uhr)

Alt 27.12.2012, 21:59   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



Und wieso jetzt nochmal COMBOFIX?!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.01.2013, 16:22   #15
cha145106
 
Trojaner Schweiz Polizei Cyber Crime Investigation - Standard

Trojaner Schweiz Polizei Cyber Crime Investigation



Hallo cosinus, tja, manchmal sieht man halt vor lauter Wald die Bäume nicht, trotzdem
ich habe aber dann ja gleich editiert und die ADW log eingefügt, da warst du wohl einfach zu schell.
Gruss

Antwort

Themen zu Trojaner Schweiz Polizei Cyber Crime Investigation
andere, anderen, anti, bildschirm, blauer, blauer bildschirm, blockiert, crime, cyber, cyber crime, erschein, erscheint, gefunde, hallo zusammen, hoffe, investigation, konto, laptop, nichts, polizei, schweiz, troja, trojaner, zugreife, zusammen




Ähnliche Themen: Trojaner Schweiz Polizei Cyber Crime Investigation


  1. Cyber Crime Investigation Virus Schweiz - kann mir jemand helfen bitte?
    Log-Analyse und Auswertung - 04.10.2013 (13)
  2. Polizei: Cyber Crime Investigation Department - voll blockiert
    Log-Analyse und Auswertung - 08.08.2013 (9)
  3. Polizei: Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (19)
  4. Polizei: Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 21.01.2013 (21)
  5. polizei cyber crime investigation department trojaner
    Log-Analyse und Auswertung - 23.12.2012 (14)
  6. Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern
    Log-Analyse und Auswertung - 03.12.2012 (15)
  7. Cyber Crime Investigation Department Schweiz
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (13)
  8. "Polizei: Cyber Crime Investigation Department" Schadsoftware
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (13)
  9. "Polizei: Cyber Crime Investigation Department" Trojaner: habe bereits OTL.Txt und Extras.Txt. erstellt
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (16)
  10. POLIZEI Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (8)
  11. Polizei cyber crime investigation department
    Log-Analyse und Auswertung - 24.10.2012 (2)
  12. Polizei Cyber Crime Investigation Departement Virus auf meinem Vista Laptop
    Plagegeister aller Art und deren Bekämpfung - 21.10.2012 (11)
  13. cyber crime investigation department polizei
    Log-Analyse und Auswertung - 17.10.2012 (13)
  14. Polizei Virus - Cyber Crime Investigation Department
    Log-Analyse und Auswertung - 09.10.2012 (28)
  15. cyber crime investigation department polizei
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (7)
  16. cyber crime investigation department polizei österreich
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (1)
  17. Cyber Crime Investigation Polizei Malware ....
    Alles rund um Windows - 09.09.2012 (2)

Zum Thema Trojaner Schweiz Polizei Cyber Crime Investigation - Hallo zusammen, Ich habe auf einem Konto auf diesem Laptop den Polizei-Trojaner. Anti Malewarebyte habe ich schon gemacht, bei Quick-scan wird nichts gefunden, bei vollständigem Scan wird nach ca 10 - Trojaner Schweiz Polizei Cyber Crime Investigation...
Archiv
Du betrachtest: Trojaner Schweiz Polizei Cyber Crime Investigation auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.