Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Telekom Hacking Verdacht

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.02.2013, 15:55   #1
dkhh
 
Telekom Hacking Verdacht - Standard

Telekom Hacking Verdacht



Hallo liebe Foren-Gurus,

nach einem Brief der Telekom, der auf möglichen Missbrauch des Internetanschlusses hindeutete, habe ich ein paar Scans durchgeführt. Weder McAfee oder Anti-Malware haben etwas gefunden. Deshalb poste ich hier nun noch die OTL und GMER logs in der Hoffnung dass auch dort nichts zu finden ist.

OTL:

Code:
ATTFilter
OTL logfile created on: 02.02.2013 13:41:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\besitzer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 68,21% Memory free
7,73 Gb Paging File | 5,94 Gb Available in Paging File | 76,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,81 Gb Total Space | 92,83 Gb Free Space | 62,38% Space Free | Partition Type: NTFS
Drive D: | 148,88 Gb Total Space | 93,15 Gb Free Space | 62,56% Space Free | Partition Type: NTFS
 
Computer Name: BESITZER-TOSH | User Name: besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.02 13:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\besitzer\Desktop\OTL.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.09 07:01:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 07:01:28 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.09 07:01:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.10.19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.03.03 11:47:38 | 004,581,280 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
PRC - [2010.01.15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.12.09 15:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.09 15:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.06.24 09:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009.03.10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.26 09:49:32 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012.12.26 09:47:40 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010.03.15 08:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.11.10 03:58:48 | 000,126,520 | R--- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009.07.28 13:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013.02.02 11:44:59 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.10 09:11:14 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.26 09:52:34 | 000,182,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS)
SRV - [2012.05.09 07:01:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 07:01:28 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.09 07:01:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2010.10.19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.17 15:00:44 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010.02.23 16:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010.02.11 01:40:12 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010.02.05 16:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010.01.28 15:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010.01.15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.12.09 15:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.09 15:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.12.04 03:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.11.05 21:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.10.06 08:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.24 09:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.26 09:55:26 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012.12.26 09:52:44 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012.12.26 09:51:24 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012.12.26 09:50:48 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012.12.26 09:49:42 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012.12.26 09:49:00 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012.12.26 09:48:30 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.05.09 07:01:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 07:01:42 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.16 15:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.03 07:52:13 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2011.05.03 07:52:13 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.30 11:11:39 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010.03.15 09:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.03.15 09:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.15 08:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.10 17:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.05 10:11:30 | 000,720,952 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDMI64.sys -- (CnxtHdmiAudService)
DRV:64bit: - [2010.02.22 17:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.02.01 09:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.01.18 16:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010.01.15 11:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.26 16:01:40 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2009.10.02 12:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.30 18:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.07 07:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009.06.22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV:64bit: - [2008.05.16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{03C71E66-D590-4CFD-8287-5923DA306BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C7626642-6DAF-47AA-B175-E84770644852}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{2A1957E8-EAB5-46C0-AECC-C678E1364E43}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{2FA68388-26C4-452A-953B-F396973F341A}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_deDE510
IE - HKCU\..\SearchScopes\{E96E0A19-7915-40E6-ACAB-D89B4D810899}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B7E77F5DF-8022-40e3-9122-F03DEBEFC43B%7D:1.7.2
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.10.27 07:57:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.01.31 08:28:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.02.01 08:08:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.02 11:45:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.01.27 17:31:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.02 11:45:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.25 10:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\besitzer\AppData\Roaming\mozilla\Extensions
[2013.02.02 13:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\besitzer\AppData\Roaming\mozilla\Firefox\Profiles\x2sbinyh.default\extensions
[2013.01.27 17:30:51 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\besitzer\AppData\Roaming\mozilla\Firefox\Profiles\x2sbinyh.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2013.02.01 14:16:06 | 000,106,687 | ---- | M] () (No name found) -- C:\Users\besitzer\AppData\Roaming\mozilla\firefox\profiles\x2sbinyh.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}.xpi
[2013.02.02 13:31:25 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\besitzer\AppData\Roaming\mozilla\firefox\profiles\x2sbinyh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.02 13:32:11 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\besitzer\AppData\Roaming\mozilla\firefox\profiles\x2sbinyh.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.02.02 11:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.31 08:28:51 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013.02.02 11:44:59 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: SiteAdvisor = C:\Users\besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Google Mail = C:\Users\besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120628114820.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628114821.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - Startup: C:\Users\besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\besitzer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5141D4F5-7A87-4117-ABC5-DD21987448C0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6434B4B3-2CE0-4B68-B32C-4340C3E9867A}: DhcpNameServer = 192.168.200.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.02 13:39:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\besitzer\Desktop\OTL.exe
[2013.02.02 13:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.02.02 11:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.01 19:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.01 19:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.02 13:40:18 | 000,000,000 | ---- | M] () -- C:\Users\besitzer\defogger_reenable
[2013.02.02 13:39:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.02 13:35:37 | 000,365,568 | ---- | M] () -- C:\Users\besitzer\Desktop\gmer_2.0.18454.exe
[2013.02.02 13:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\besitzer\Desktop\OTL.exe
[2013.02.02 13:34:19 | 000,050,477 | ---- | M] () -- C:\Users\besitzer\Desktop\Defogger.exe
[2013.02.02 13:26:50 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2013.02.02 13:24:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.02 13:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.02 10:15:57 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.02 10:15:57 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.02 10:12:01 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe
[2013.02.02 10:08:58 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.02 10:07:48 | 3113,361,408 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.02 10:07:44 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2013.02.01 19:58:06 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.30 08:23:08 | 000,016,872 | ---- | M] () -- C:\Users\besitzer\Desktop\EnrolmentCertificate.pdf
[2013.01.27 17:37:26 | 000,001,065 | ---- | M] () -- C:\Users\besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.27 17:37:26 | 000,001,039 | ---- | M] () -- C:\Users\besitzer\Desktop\Dropbox.lnk
[2013.01.27 17:32:58 | 307,197,593 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.11 16:15:32 | 000,426,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.11 15:52:31 | 001,529,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.11 15:52:31 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.11 15:52:31 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.11 15:52:31 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.11 15:52:31 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.02 13:40:18 | 000,000,000 | ---- | C] () -- C:\Users\besitzer\defogger_reenable
[2013.02.02 13:39:04 | 000,365,568 | ---- | C] () -- C:\Users\besitzer\Desktop\gmer_2.0.18454.exe
[2013.02.02 13:39:04 | 000,050,477 | ---- | C] () -- C:\Users\besitzer\Desktop\Defogger.exe
[2013.01.30 08:23:08 | 000,016,872 | ---- | C] () -- C:\Users\besitzer\Desktop\EnrolmentCertificate.pdf
[2011.07.06 21:00:36 | 000,000,000 | ---- | C] () -- C:\Users\besitzer\AppData\Roaming\wklnhst.dat
[2011.03.20 10:44:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.05 13:20:23 | 000,038,414 | ---- | C] () -- C:\Users\besitzer\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2011.01.05 13:19:01 | 000,009,303 | ---- | C] () -- C:\Users\besitzer\AppData\Roaming\Tabulatorgetrennte Werte (Windows).EML
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.02 10:09:49 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Dropbox
[2011.02.13 12:54:35 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Leadertech
[2010.12.08 14:21:41 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\TeamViewer
[2010.06.15 17:20:49 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Toshiba
[2010.07.24 16:52:56 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 

< End of report >
         
Extras:

Code:
ATTFilter
OTL Extras logfile created on: 02.02.2013 13:41:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\besitzer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 68,21% Memory free
7,73 Gb Paging File | 5,94 Gb Available in Paging File | 76,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,81 Gb Total Space | 92,83 Gb Free Space | 62,38% Space Free | Partition Type: NTFS
Drive D: | 148,88 Gb Total Space | 93,15 Gb Free Space | 62,56% Space Free | Partition Type: NTFS
 
Computer Name: BESITZER-TOSH | User Name: besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B66FF5-F8C7-49FE-938D-3938D240A66E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1139526D-BE15-4EB7-BAAD-A199D3BE475D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1B689099-F731-4DFC-A1F4-7B04C492F0B9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{25265FD5-02AC-4C5C-A0F4-5EE6257A9413}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2A14346F-A71F-4BA3-83E8-B842843A5776}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2C003AAC-5F4E-42CF-94D9-3C67389E10B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2D7915B0-9E11-4398-8E71-6D3ECCA7DFEA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4396AF3D-6568-4437-B020-DC18BBDAF04C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{51578D13-6C6D-4F4D-BFEF-F36F86C17B2B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5BF7F92C-1D07-469E-B80B-B426E0A0D32C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{659052AB-2B63-4213-BE57-E78DF473DD9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6B952E9F-A08E-48A2-BB17-97C85CDAD4A5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{752A8A0C-7F70-40A0-BCE3-A2D5B192EBC7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{75545498-7FF3-4815-8480-B7BEC52DF778}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{82A7A345-0498-4723-8D60-97BD87807937}" = rport=139 | protocol=6 | dir=out | app=system | 
"{943FF40F-38F9-43B7-A69B-CB11B5996092}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{A4496BD0-E13A-4BCB-A590-3D3BA329834E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A549A5E8-2A5C-4643-B1F1-9CB64F27A49A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B9F21BD7-7258-49F6-AFF7-CBEABBD7732C}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port | 
"{C39B7B81-9FF0-4022-901E-2B6F66445B46}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CC4BE4EB-492D-4F49-A86B-FEC1612C355A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D7AA3499-FFD4-4C74-8368-5C143D4DA902}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DEACA38E-D5CA-4953-8963-73AE228D655C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EBEFBEA8-9565-41B4-947F-59FFD755630A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FFC0DC3D-8BF5-46B2-BF91-50CA24D44DCB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0071DD30-754F-455D-AA8A-465DF5348F73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{02F3771C-1F79-4403-A22A-587DC91C6009}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{0D85C6D7-F909-402B-BA06-E75A2EBA06D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{11126B1E-60E2-4B2B-896D-D78EEB2FC0A6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{18E9631C-21B7-45C3-B722-0D40E40FB442}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{370A7677-00C1-40FD-A60E-AC9A21E06C45}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{38A6EE5D-546B-4BCA-A48E-ECEF55620421}" = protocol=6 | dir=in | app=c:\users\besitzer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{39F7B2DA-FC79-4CBD-91C9-DB94CB367878}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{41225818-2426-4D56-A371-54ED4150013C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{429EAA67-9EE1-4D33-BDEF-F1061936B9F9}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"{44B589E6-1CC6-4451-864D-7D38ECF9222B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{44D65BE9-A6AE-42F4-943E-8A6BBC09A1D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{474C2C08-FA64-4D36-8330-BCA40EF1C478}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"{4DEC1B4D-748E-4698-9314-66484F57E624}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5C4E1A13-5F56-40F7-8DE4-10222F7431B6}" = protocol=6 | dir=out | app=system | 
"{6B891F8F-28E0-41C1-AAAE-B4190F220280}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6B989D78-8D20-4EF0-95C6-21567A4AEF42}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{6E300666-1F05-4DB7-9822-F0B2D6EB08F4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6FACEF83-BD92-4918-9C92-FE1F37DFC53A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72E838E0-CBCC-41E9-9E6E-5CC37FF4F36C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8085A734-F504-46D3-B446-83B1CD20EDDB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8A073678-6E27-48CF-B862-0540845F084A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{A2EBCD2A-98C7-45B6-94B5-7FBF8DAD273B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{A8E57CA3-B2CF-4B3D-AA89-16FC417768D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AA528934-8CEC-4645-ABCD-62E789688721}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{B565F73F-80CE-4F42-A5CB-5A62FFC73CC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BCA9662B-3391-4858-B22B-F4D2BF9F6BFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDF6EFA9-7CB8-4A73-B2F4-0E0DA5D7614D}" = protocol=17 | dir=in | app=c:\users\besitzer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BF5487F9-21CA-473B-AF37-9CF67EDD3A3C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{D07DCCCB-FD7C-4932-AA6B-7F238E398035}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D4323EBC-ED73-48DC-B635-4AFAD073FC03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E1CFECBD-E80C-447F-B8E4-9C743309C614}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC74FB7A-97E2-49A4-891B-F598797FC5DC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{F1889FD0-7D6C-4124-9CE5-3EF395246173}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F253BCC0-BB64-4E41-B2D2-3F14906AE676}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe | 
"{F46930E8-CC11-4769-A859-42B62D586617}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{F79EDDB4-E4B5-4378-B4DB-79189DE4EFD1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{F89CE32B-CFE4-458B-844E-6C5C10736DAC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FBB55AB1-6103-4166-B83B-CD33527EF81F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{734BB935-6F4E-27BB-16EB-BFF2843373AD}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5896016-3143-B94F-585D-DF75DAF1D879}" = ATI Catalyst Install Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_AUDIO_HDA_HDMI" = Conexant Audio Driver For AMD HDMI Codec
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002C0EFC-6D28-1740-C633-9762D8D823A1}" = Catalyst Control Center Core Implementation
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0C45734A-4776-0437-2A1F-0673B270C037}" = CCC Help Finnish
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{139303FD-A877-D219-DFDE-1FED7BC8E707}" = CCC Help Hungarian
"{146A78DF-CB21-913E-9E4B-F015B07D96DC}" = CCC Help Danish
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20F91DE6-B502-3896-A66C-5B6961875EA1}" = CCC Help Russian
"{21744B1A-8222-2565-0BF4-91933F37CD32}" = Catalyst Control Center Graphics Full Existing
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{25BE0917-2374-4921-7C83-4DEDFE47E6BE}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 29
"{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}" = Toshiba TEMPRO
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E13E16A-5E1F-FEB8-6329-EBEEDC34B016}" = CCC Help Chinese Standard
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3205D813-07EB-B6B5-AE8F-9472FA3AACEB}" = CCC Help Polish
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D4735F0-2BB9-0D3E-68EB-7444AE09A850}" = CCC Help Greek
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{41ECCDB3-5898-4EDF-2937-E5A328DF4BD3}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{522B2AFF-08BC-AAE9-C074-6072857415E7}" = CCC Help Swedish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5C4B623D-4F3A-4609-F666-DBD36BFDF8B1}" = CCC Help Korean
"{5d5cf71a-ad07-4329-af80-dce3581cbe98}" = Nero 9 Essentials
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65DD52E5-5BAB-26CB-66DB-0A2C27CE2242}" = CCC Help French
"{6B65AA2D-C096-34DE-22C9-F82BE3F7E492}" = CCC Help Dutch
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{719015FD-7256-F9CD-A6CF-014B3F9D75BE}" = Catalyst Control Center Graphics Full New
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{839D40C8-00B2-338C-63E6-46E9F03AE114}" = CCC Help Czech
"{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B2F2B38-E334-4DF1-3268-197213425B8D}" = CCC Help Chinese Traditional
"{8B3953E3-C79C-88AF-CBB7-7C9687557408}" = CCC Help German
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{971CCF2C-4767-7FDA-BD9F-5C1B84FD274F}" = CCC Help Norwegian
"{9763F0A1-05D2-3B8B-69E9-863CBC2BBDC9}" = CCC Help Spanish
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9B7923E7-A4B7-672E-17D0-1B9C12CADA88}" = Catalyst Control Center Graphics Light
"{9BB7E2D9-E744-D21F-94D0-ED9DC47B85C3}" = CCC Help Portuguese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook
"{A04FB5AC-FB39-B5CE-BBB4-3E2AA569B6EC}" = CCC Help Japanese
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6F90342-311E-FE77-2461-5B398D395C07}" = Catalyst Control Center Graphics Previews Common
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A794ED96-BF39-99BD-ADB4-EE899BAB1275}" = CCC Help Thai
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95654B2-4E5B-E98D-C3AA-34037DEBDE65}" = CCC Help Italian
"{AA891DD9-E2ED-D5FE-F303-CD8D1DD5DC4E}" = Catalyst Control Center Localization All
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B01E17BB-55FE-E2DA-7594-63201FC82A21}" = Catalyst Control Center Graphics Previews Vista
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DCE2759D-DB67-0558-6A51-C54775CEED71}" = Catalyst Control Center InstallProxy
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FABC27-A955-4EDC-7732-F5BADB80F546}" = ccc-core-static
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security
"TeamViewer 5" = TeamViewer 5
"TOSHIBA Game Console" = WildTangent ORB Game Console
"Update Service" = Update Service
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT083877" = Chuzzle Deluxe
"WT083890" = Zuma Deluxe
"WT083910" = Jewel Quest II
"WT083916" = Diner Dash 2 Restaurant Rescue
"WT083925" = Plants vs. Zombies
"WT083929" = Bejeweled 2 Deluxe
"WT083945" = FATE
"WT083958" = Penguins!
"WT083959" = Polar Bowler
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.02.2013 05:11:05 | Computer Name = besitzer-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c9db  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001d186
ID
 des fehlerhaften Prozesses: 0x1a68  Startzeit der fehlerhaften Anwendung: 0x01ce01253ad56afa
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 78eab266-6d18-11e2-99bd-00266c8f852e
 
Error - 02.02.2013 05:12:07 | Computer Name = besitzer-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c9db  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001d186
ID
 des fehlerhaften Prozesses: 0x1360  Startzeit der fehlerhaften Anwendung: 0x01ce01255f8d2759
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 9d72d340-6d18-11e2-99bd-00266c8f852e
 
Error - 02.02.2013 05:18:21 | Computer Name = besitzer-TOSH | Source = BackItUp5 | ID = 6277
Description = Job execution failed because the selected target for job does not 
exist.
 
Error - 02.02.2013 05:18:21 | Computer Name = besitzer-TOSH | Source = BackItUp5 | ID = 3374
Description = Backup process failed.
 
Error - 02.02.2013 05:40:22 | Computer Name = besitzer-TOSH | Source = BackItUp5 | ID = 6277
Description = Job execution failed because the selected target for job does not 
exist.
 
Error - 02.02.2013 05:40:22 | Computer Name = besitzer-TOSH | Source = BackItUp5 | ID = 3374
Description = Backup process failed.
 
Error - 02.02.2013 07:20:33 | Computer Name = besitzer-TOSH | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.02.2013 07:23:23 | Computer Name = besitzer-TOSH | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 02.02.2013 07:40:16 | Computer Name = besitzer-TOSH | Source = BackItUp5 | ID = 6277
Description = Job execution failed because the selected target for job does not 
exist.
 
Error - 02.02.2013 07:40:16 | Computer Name = besitzer-TOSH | Source = BackItUp5 | ID = 3374
Description = Backup process failed.
 
[ Media Center Events ]
Error - 04.08.2010 03:07:29 | Computer Name = besitzer-TOSH | Source = MCUpdate | ID = 0
Description = 09:07:28 - Fehler beim Herstellen der Internetverbindung.  09:07:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.08.2010 03:15:47 | Computer Name = besitzer-TOSH | Source = MCUpdate | ID = 0
Description = 09:15:47 - Fehler beim Herstellen der Internetverbindung.  09:15:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.08.2010 03:01:33 | Computer Name = besitzer-TOSH | Source = MCUpdate | ID = 0
Description = 09:01:33 - Fehler beim Herstellen der Internetverbindung.  09:01:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.08.2010 02:08:19 | Computer Name = besitzer-TOSH | Source = MCUpdate | ID = 0
Description = 08:08:19 - Fehler beim Herstellen der Internetverbindung.  08:08:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.08.2010 03:07:13 | Computer Name = besitzer-TOSH | Source = MCUpdate | ID = 0
Description = 09:07:13 - Fehler beim Herstellen der Internetverbindung.  09:07:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.08.2010 05:59:14 | Computer Name = besitzer-TOSH | Source = MCUpdate | ID = 0
Description = 11:59:14 - Fehler beim Herstellen der Internetverbindung.  11:59:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.08.2010 06:33:38 | Computer Name = besitzer-TOSH | Source = MCUpdate | ID = 0
Description = 12:33:38 - Fehler beim Herstellen der Internetverbindung.  12:33:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.08.2010 05:29:44 | Computer Name = besitzer-TOSH | Source = MCUpdate | ID = 0
Description = 11:29:44 - Fehler beim Herstellen der Internetverbindung.  11:29:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.08.2010 04:45:39 | Computer Name = besitzer-TOSH | Source = MCUpdate | ID = 0
Description = 10:45:39 - Fehler beim Herstellen der Internetverbindung.  10:45:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.08.2010 04:45:47 | Computer Name = besitzer-TOSH | Source = MCUpdate | ID = 0
Description = 10:45:44 - Fehler beim Herstellen der Internetverbindung.  10:45:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 21.02.2011 13:41:44 | Computer Name = besitzer-TOSH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 958
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 21.02.2011 13:42:14 | Computer Name = besitzer-TOSH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.02.2011 14:27:29 | Computer Name = besitzer-TOSH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.03.2012 11:32:14 | Computer Name = besitzer-TOSH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.03.2012 11:33:18 | Computer Name = besitzer-TOSH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.03.2012 11:34:05 | Computer Name = besitzer-TOSH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 24.04.2012 03:48:44 | Computer Name = besitzer-TOSH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 24.04.2012 03:49:32 | Computer Name = besitzer-TOSH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.02.2013 14:56:58 | Computer Name = besitzer-TOSH | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 01.02.2013 14:57:59 | Computer Name = besitzer-TOSH | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 01.02.2013 14:59:00 | Computer Name = besitzer-TOSH | Source = Service Control Manager | ID = 7034
Description = Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 3 Mal
 passiert.
 
Error - 01.02.2013 15:06:50 | Computer Name = besitzer-TOSH | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 01.02.2013 15:07:51 | Computer Name = besitzer-TOSH | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 01.02.2013 15:08:51 | Computer Name = besitzer-TOSH | Source = Service Control Manager | ID = 7034
Description = Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 3 Mal
 passiert.
 
Error - 02.02.2013 05:10:05 | Computer Name = besitzer-TOSH | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 02.02.2013 05:11:06 | Computer Name = besitzer-TOSH | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 02.02.2013 05:12:07 | Computer Name = besitzer-TOSH | Source = Service Control Manager | ID = 7034
Description = Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 3 Mal
 passiert.
 
Error - 02.02.2013 08:24:36 | Computer Name = besitzer-TOSH | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
gmer:

Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-02 15:52:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\besitzer\AppData\Local\Temp\awrdipoc.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1936] C:\Windows\system32\kernel32.dll!LoadLibraryW  0000000076ab6f80 5 bytes JMP 000000016fa3b440
.text  C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1936] C:\Windows\system32\kernel32.dll!LoadLibraryA  0000000076ab7070 5 bytes JMP 000000016fa3b320

---- EOF - GMER 2.0 ----
         
Ich wäre sehr froh, wenn ihr anhand dieser Informationen Näheres herausfinden könnt.

Vielen Dank im Vorraus!

Alt 02.02.2013, 16:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Telekom Hacking Verdacht - Standard

Telekom Hacking Verdacht



Hallo und

Hat die Telekom im Brief erwähnt welcher Rechner das war? Manchmal steht da unten ein kleiner Auszug über Betriebssystem und IE-Version des Rechners, der über deinem Internetanschluss Unfug gemacht hat.
Hast du überhaupt mehrere Rechner in deinem Haus oder nur einen? WLAN vorhanden, wenn ja wie verschlüsselt, hast du auch anderen den WLAN-Schlüssel zB für Notebooks fütr einen Gastzugang mal zur Verfügung gestellt?
__________________

__________________

Alt 03.02.2013, 18:03   #3
dkhh
 
Telekom Hacking Verdacht - Standard

Telekom Hacking Verdacht



Vielen Dank für die Rückmeldung, Cosinus.

Nein, Telekom hat im Brief keinen Rechner erwähnt. Ich selber betreibe einen Rechner über WLAN. Wenn mein Sohn in den Semesterferien zuhause ist, nutzt er auch diesen Zugang. Der Verschlüsselungstyp lautet WEP.
dkhh
__________________

Alt 03.02.2013, 21:51   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Telekom Hacking Verdacht - Standard

Telekom Hacking Verdacht



Zitat:
Verschlüsselungstyp lautet WEP.
Auweia...das muss dringend geändert werden! Von WEP wird schon lange abgeraten!
Verwende WPA, besser WPA2 mit einem langen Schlüssel!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.02.2013, 23:26   #5
dkhh
 
Telekom Hacking Verdacht - Standard

Telekom Hacking Verdacht



Hallo Cosinus,

ok, das wird schonmal gemacht. Ist denn aus den von mir geposteten logs etwas erkennbar bzw. soll ich noch andere scans durchführen um mögliche Infektionen auszuschliessen? Oder was würdest du als weitere Vorgehensweise empfehlen?

Danke und beste Grüße,
dkhh


Alt 05.02.2013, 08:02   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Telekom Hacking Verdacht - Standard

Telekom Hacking Verdacht



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Telekom Hacking Verdacht

Alt 18.02.2013, 21:53   #7
dkhh
 
Telekom Hacking Verdacht - Standard

Telekom Hacking Verdacht



Hallo Cosinus,

ich komme leider nun erst dazu, zu antworten.

Die Verschlüsselung habe ich auf WPA2 umgestellt. Und dann mit Mbar einen Scan durchgeführt. Es wurde nichts gefunden. Hier dennoch das gespeicherte logfile.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.18.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
besitzer :: BESITZER-TOSH [administrator]

18.02.2013 22:47:22
mbar-log-2013-02-18 (22-47-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30084
Time elapsed: 24 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Für weitere Hilfe zur Vorgehensweise wäre ich sehr dankbar.

Beste Grüße,
dkhh

Alt 20.02.2013, 11:59   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Telekom Hacking Verdacht - Standard

Telekom Hacking Verdacht



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.02.2013, 18:59   #9
dkhh
 
Telekom Hacking Verdacht - Standard

Telekom Hacking Verdacht



Hallo Cosinus,

hier die zwei logs der angeforderten scans.

aswmbr:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-28 18:54:57
-----------------------------
18:54:57.023    OS Version: Windows x64 6.1.7601 Service Pack 1
18:54:57.023    Number of processors: 4 586 0x2502
18:54:57.038    ComputerName: BESITZER-TOSH  UserName: besitzer
18:54:58.099    Initialize success
19:00:01.466    AVAST engine defs: 13022800
19:02:33.644    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:02:33.644    Disk 0 Vendor: TOSHIBA_ GJ00 Size: 305245MB BusType: 3
19:02:33.675    Disk 0 MBR read successfully
19:02:33.675    Disk 0 MBR scan
19:02:33.691    Disk 0 Windows 7 default MBR code
19:02:33.691    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS          400 MB offset 2048
19:02:33.722    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152386 MB offset 821248
19:02:33.738    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       152457 MB offset 312907776
19:02:33.784    Disk 0 scanning C:\Windows\system32\drivers
19:03:01.459    Service scanning
19:03:57.822    Modules scanning
19:03:57.837    Disk 0 trace - called modules:
19:03:57.900    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
19:03:57.915    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006965060]
19:03:57.931    3 CLASSPNP.SYS[fffff88000fbd43f] -> nt!IofCallDriver -> [0xfffffa800496c5d0]
19:03:57.931    5 ACPI.sys[fffff88000ede7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800496f050]
19:03:58.929    AVAST engine scan C:\Windows
19:04:01.363    AVAST engine scan C:\Windows\system32
19:04:21.596    File: C:\Windows\system32\autochk.exe  **SUSPICIOUS**
19:11:12.267    AVAST engine scan C:\Windows\system32\drivers
19:11:37.601    AVAST engine scan C:\Users\besitzer
19:16:24.689    AVAST engine scan C:\ProgramData
19:31:18.134    Scan finished successfully
19:32:42.141    Disk 0 MBR has been saved successfully to "C:\Users\besitzer\Desktop\MBR.dat"
19:32:42.156    The log file has been saved successfully to "C:\Users\besitzer\Desktop\aswMBR.txt"
         
tdsskiller:

Code:
ATTFilter
19:33:20.0779 8572  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:33:22.0822 8572  ============================================================
19:33:22.0822 8572  Current date / time: 2013/02/28 19:33:22.0822
19:33:22.0822 8572  SystemInfo:
19:33:22.0822 8572  
19:33:22.0822 8572  OS Version: 6.1.7601 ServicePack: 1.0
19:33:22.0822 8572  Product type: Workstation
19:33:22.0822 8572  ComputerName: BESITZER-TOSH
19:33:22.0822 8572  UserName: besitzer
19:33:22.0822 8572  Windows directory: C:\Windows
19:33:22.0822 8572  System windows directory: C:\Windows
19:33:22.0822 8572  Running under WOW64
19:33:22.0822 8572  Processor architecture: Intel x64
19:33:22.0822 8572  Number of processors: 4
19:33:22.0822 8572  Page size: 0x1000
19:33:22.0822 8572  Boot type: Normal boot
19:33:22.0822 8572  ============================================================
19:33:23.0914 8572  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:33:23.0930 8572  ============================================================
19:33:23.0930 8572  \Device\Harddisk0\DR0:
19:33:23.0930 8572  MBR partitions:
19:33:23.0930 8572  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x129A1000
19:33:23.0930 8572  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12A69800, BlocksNum 0x129C4AB0
19:33:23.0930 8572  ============================================================
19:33:23.0945 8572  C: <-> \Device\Harddisk0\DR0\Partition1
19:33:23.0977 8572  D: <-> \Device\Harddisk0\DR0\Partition2
19:33:23.0977 8572  ============================================================
19:33:23.0977 8572  Initialize success
19:33:23.0977 8572  ============================================================
19:34:03.0429 2344  ============================================================
19:34:03.0429 2344  Scan started
19:34:03.0429 2344  Mode: Manual; SigCheck; TDLFS; 
19:34:03.0429 2344  ============================================================
19:34:04.0053 2344  ================ Scan system memory ========================
19:34:04.0053 2344  System memory - ok
19:34:04.0053 2344  ================ Scan services =============================
19:34:04.0240 2344  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:34:04.0615 2344  1394ohci - ok
19:34:04.0677 2344  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:34:04.0724 2344  ACPI - ok
19:34:04.0755 2344  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:34:04.0849 2344  AcpiPmi - ok
19:34:04.0958 2344  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:34:05.0114 2344  AdobeARMservice - ok
19:34:05.0239 2344  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:34:05.0301 2344  AdobeFlashPlayerUpdateSvc - ok
19:34:05.0348 2344  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:34:05.0410 2344  adp94xx - ok
19:34:05.0426 2344  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:34:05.0473 2344  adpahci - ok
19:34:05.0488 2344  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:34:05.0535 2344  adpu320 - ok
19:34:05.0566 2344  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:34:05.0738 2344  AeLookupSvc - ok
19:34:05.0769 2344  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:34:05.0863 2344  AFD - ok
19:34:05.0909 2344  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
19:34:06.0034 2344  AgereSoftModem - ok
19:34:06.0081 2344  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:34:06.0112 2344  agp440 - ok
19:34:06.0143 2344  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:34:06.0206 2344  ALG - ok
19:34:06.0253 2344  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:34:06.0268 2344  aliide - ok
19:34:06.0315 2344  [ 57B773D82E8CC3C6D7E02CC8A6632043 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:34:06.0440 2344  AMD External Events Utility - ok
19:34:06.0487 2344  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:34:06.0518 2344  amdide - ok
19:34:06.0549 2344  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:34:06.0627 2344  AmdK8 - ok
19:34:06.0814 2344  [ AEFAF27F1B7E52C705DF4FB6C96732F6 ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
19:34:07.0064 2344  amdkmdag - ok
19:34:07.0095 2344  [ 8149DB73BE27950EC72767A1193153A6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:34:07.0157 2344  amdkmdap - ok
19:34:07.0173 2344  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:34:07.0235 2344  AmdPPM - ok
19:34:07.0298 2344  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:34:07.0329 2344  amdsata - ok
19:34:07.0360 2344  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:34:07.0407 2344  amdsbs - ok
19:34:07.0423 2344  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:34:07.0438 2344  amdxata - ok
19:34:07.0516 2344  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:34:07.0563 2344  AntiVirSchedulerService - ok
19:34:07.0641 2344  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:34:07.0672 2344  AntiVirService - ok
19:34:07.0735 2344  [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:34:07.0859 2344  AntiVirWebService - ok
19:34:07.0906 2344  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:34:08.0109 2344  AppID - ok
19:34:08.0156 2344  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:34:08.0249 2344  AppIDSvc - ok
19:34:08.0327 2344  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:34:08.0421 2344  Appinfo - ok
19:34:08.0468 2344  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:34:08.0499 2344  arc - ok
19:34:08.0515 2344  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:34:08.0546 2344  arcsas - ok
19:34:08.0561 2344  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:34:08.0655 2344  AsyncMac - ok
19:34:08.0717 2344  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:34:08.0749 2344  atapi - ok
19:34:08.0951 2344  [ AEFAF27F1B7E52C705DF4FB6C96732F6 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:34:09.0154 2344  atikmdag - ok
19:34:09.0217 2344  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:34:09.0326 2344  AudioEndpointBuilder - ok
19:34:09.0341 2344  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:34:09.0404 2344  AudioSrv - ok
19:34:09.0466 2344  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:34:09.0575 2344  avgntflt - ok
19:34:09.0622 2344  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:34:09.0653 2344  avipbb - ok
19:34:09.0685 2344  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:34:09.0778 2344  avkmgr - ok
19:34:09.0825 2344  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:34:09.0981 2344  AxInstSV - ok
19:34:10.0028 2344  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:34:10.0106 2344  b06bdrv - ok
19:34:10.0137 2344  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:34:10.0215 2344  b57nd60a - ok
19:34:10.0355 2344  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
19:34:10.0480 2344  BBSvc - ok
19:34:10.0543 2344  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
19:34:10.0714 2344  BBUpdate - ok
19:34:10.0745 2344  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:34:10.0839 2344  BDESVC - ok
19:34:10.0886 2344  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:34:10.0979 2344  Beep - ok
19:34:11.0057 2344  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:34:11.0198 2344  BFE - ok
19:34:11.0245 2344  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:34:11.0369 2344  BITS - ok
19:34:11.0401 2344  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:34:11.0447 2344  blbdrive - ok
19:34:11.0510 2344  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:34:11.0588 2344  bowser - ok
19:34:11.0619 2344  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:34:11.0713 2344  BrFiltLo - ok
19:34:11.0744 2344  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:34:11.0775 2344  BrFiltUp - ok
19:34:11.0822 2344  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:34:11.0884 2344  Browser - ok
19:34:11.0915 2344  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:34:11.0978 2344  Brserid - ok
19:34:11.0993 2344  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:34:12.0056 2344  BrSerWdm - ok
19:34:12.0087 2344  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:34:12.0181 2344  BrUsbMdm - ok
19:34:12.0212 2344  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:34:12.0243 2344  BrUsbSer - ok
19:34:12.0274 2344  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:34:12.0305 2344  BTHMODEM - ok
19:34:12.0352 2344  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:34:12.0446 2344  bthserv - ok
19:34:12.0461 2344  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:34:12.0539 2344  cdfs - ok
19:34:12.0586 2344  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
19:34:12.0633 2344  cdrom - ok
19:34:12.0680 2344  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:34:12.0773 2344  CertPropSvc - ok
19:34:12.0820 2344  [ A73276435F75025DA6E67B2470E1FE16 ] cfwids          C:\Windows\system32\drivers\cfwids.sys
19:34:12.0851 2344  cfwids - ok
19:34:12.0945 2344  [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
19:34:13.0054 2344  cfWiMAXService - ok
19:34:13.0085 2344  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:34:13.0132 2344  circlass - ok
19:34:13.0195 2344  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:34:13.0226 2344  CLFS - ok
19:34:13.0288 2344  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:34:13.0319 2344  clr_optimization_v2.0.50727_32 - ok
19:34:13.0382 2344  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:34:13.0413 2344  clr_optimization_v2.0.50727_64 - ok
19:34:13.0507 2344  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:34:13.0663 2344  clr_optimization_v4.0.30319_32 - ok
19:34:13.0741 2344  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:34:13.0865 2344  clr_optimization_v4.0.30319_64 - ok
19:34:13.0897 2344  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:34:13.0928 2344  CmBatt - ok
19:34:13.0943 2344  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:34:13.0975 2344  cmdide - ok
19:34:14.0021 2344  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
19:34:14.0115 2344  CNG - ok
19:34:14.0162 2344  [ 7247A4D0875F5F28919E0787E11B7B57 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
19:34:14.0209 2344  CnxtHdAudService - ok
19:34:14.0271 2344  [ 89C99AB4AE9535F727791592D84D4821 ] CnxtHdmiAudService C:\Windows\system32\drivers\CHDMI64.sys
19:34:14.0396 2344  CnxtHdmiAudService - ok
19:34:14.0427 2344  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:34:14.0443 2344  Compbatt - ok
19:34:14.0489 2344  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:34:14.0552 2344  CompositeBus - ok
19:34:14.0567 2344  COMSysApp - ok
19:34:14.0614 2344  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:34:14.0692 2344  ConfigFree Service - ok
19:34:14.0723 2344  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:34:14.0739 2344  crcdisk - ok
19:34:14.0786 2344  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:34:14.0879 2344  CryptSvc - ok
19:34:14.0942 2344  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:34:15.0067 2344  DcomLaunch - ok
19:34:15.0113 2344  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:34:15.0238 2344  defragsvc - ok
19:34:15.0269 2344  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:34:15.0363 2344  DfsC - ok
19:34:15.0425 2344  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:34:15.0581 2344  Dhcp - ok
19:34:15.0628 2344  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:34:15.0737 2344  discache - ok
19:34:15.0784 2344  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:34:15.0815 2344  Disk - ok
19:34:15.0831 2344  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:34:15.0925 2344  Dnscache - ok
19:34:15.0971 2344  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:34:16.0065 2344  dot3svc - ok
19:34:16.0096 2344  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:34:16.0190 2344  DPS - ok
19:34:16.0221 2344  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:34:16.0283 2344  drmkaud - ok
19:34:16.0330 2344  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:34:16.0377 2344  DXGKrnl - ok
19:34:16.0408 2344  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:34:16.0471 2344  EapHost - ok
19:34:16.0580 2344  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:34:16.0705 2344  ebdrv - ok
19:34:16.0736 2344  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:34:16.0829 2344  EFS - ok
19:34:16.0892 2344  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:34:17.0095 2344  ehRecvr - ok
19:34:17.0141 2344  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:34:17.0219 2344  ehSched - ok
19:34:17.0266 2344  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:34:17.0297 2344  elxstor - ok
19:34:17.0329 2344  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:34:17.0375 2344  ErrDev - ok
19:34:17.0438 2344  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:34:17.0500 2344  EventSystem - ok
19:34:17.0547 2344  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:34:17.0656 2344  exfat - ok
19:34:17.0672 2344  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:34:17.0750 2344  fastfat - ok
19:34:17.0812 2344  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:34:17.0921 2344  Fax - ok
19:34:17.0953 2344  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:34:17.0999 2344  fdc - ok
19:34:18.0046 2344  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:34:18.0124 2344  fdPHost - ok
19:34:18.0140 2344  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:34:18.0233 2344  FDResPub - ok
19:34:18.0249 2344  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:34:18.0280 2344  FileInfo - ok
19:34:18.0311 2344  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:34:18.0405 2344  Filetrace - ok
19:34:18.0436 2344  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:34:18.0483 2344  flpydisk - ok
19:34:18.0530 2344  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:34:18.0561 2344  FltMgr - ok
19:34:18.0623 2344  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:34:18.0701 2344  FontCache - ok
19:34:18.0764 2344  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:34:18.0904 2344  FontCache3.0.0.0 - ok
19:34:18.0935 2344  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:34:18.0967 2344  FsDepends - ok
19:34:18.0982 2344  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:34:19.0013 2344  Fs_Rec - ok
19:34:19.0060 2344  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:34:19.0107 2344  fvevol - ok
19:34:19.0138 2344  [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk           C:\Windows\system32\DRIVERS\FwLnk.sys
19:34:19.0201 2344  FwLnk - ok
19:34:19.0232 2344  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:34:19.0263 2344  gagp30kx - ok
19:34:19.0325 2344  [ 1A0B9D84BEB3306F728BC3009D432F5C ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
19:34:19.0497 2344  GameConsoleService - ok
19:34:19.0544 2344  [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
19:34:19.0544 2344  ggflt - ok
19:34:19.0575 2344  [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
19:34:19.0606 2344  ggsemc - ok
19:34:19.0653 2344  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:34:19.0762 2344  gpsvc - ok
19:34:19.0871 2344  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:34:19.0903 2344  gupdate - ok
19:34:19.0918 2344  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:34:19.0949 2344  gupdatem - ok
19:34:19.0996 2344  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:34:20.0105 2344  gusvc - ok
19:34:20.0137 2344  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:34:20.0215 2344  hcw85cir - ok
19:34:20.0261 2344  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:34:20.0339 2344  HdAudAddService - ok
19:34:20.0386 2344  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:34:20.0449 2344  HDAudBus - ok
19:34:20.0511 2344  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
19:34:20.0605 2344  HECIx64 - ok
19:34:20.0636 2344  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:34:20.0667 2344  HidBatt - ok
19:34:20.0683 2344  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:34:20.0729 2344  HidBth - ok
19:34:20.0761 2344  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:34:20.0823 2344  HidIr - ok
19:34:20.0854 2344  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:34:20.0948 2344  hidserv - ok
19:34:21.0010 2344  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:34:21.0104 2344  HidUsb - ok
19:34:21.0166 2344  [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
19:34:21.0197 2344  HipShieldK - ok
19:34:21.0229 2344  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:34:21.0322 2344  hkmsvc - ok
19:34:21.0369 2344  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:34:21.0431 2344  HomeGroupListener - ok
19:34:21.0494 2344  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:34:21.0541 2344  HomeGroupProvider - ok
19:34:21.0619 2344  [ 53DCA61931847E35C950504BFB7559C6 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
19:34:21.0743 2344  HP LaserJet Service ( UnsignedFile.Multi.Generic ) - warning
19:34:21.0743 2344  HP LaserJet Service - detected UnsignedFile.Multi.Generic (1)
19:34:21.0775 2344  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:34:21.0806 2344  HpSAMD - ok
19:34:21.0853 2344  [ D70DAE4D3ACBF4ACB99E50BA960CB9F7 ] HPSIService     C:\Windows\system32\HPSIsvc.exe
19:34:21.0884 2344  HPSIService - ok
19:34:21.0931 2344  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:34:22.0009 2344  HTTP - ok
19:34:22.0024 2344  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:34:22.0040 2344  hwpolicy - ok
19:34:22.0055 2344  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:34:22.0087 2344  i8042prt - ok
19:34:22.0118 2344  [ 85977CD13FC16069CE0AF7943A811775 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:34:22.0133 2344  iaStor - ok
19:34:22.0180 2344  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:34:22.0196 2344  iaStorV - ok
19:34:22.0258 2344  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:34:22.0367 2344  idsvc - ok
19:34:22.0399 2344  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:34:22.0414 2344  iirsp - ok
19:34:22.0461 2344  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:34:22.0555 2344  IKEEXT - ok
19:34:22.0601 2344  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:34:22.0633 2344  intelide - ok
19:34:22.0664 2344  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:34:22.0711 2344  intelppm - ok
19:34:22.0726 2344  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:34:22.0820 2344  IPBusEnum - ok
19:34:22.0851 2344  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:34:22.0945 2344  IpFilterDriver - ok
19:34:22.0976 2344  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:34:23.0054 2344  iphlpsvc - ok
19:34:23.0101 2344  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:34:23.0132 2344  IPMIDRV - ok
19:34:23.0163 2344  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:34:23.0272 2344  IPNAT - ok
19:34:23.0319 2344  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:34:23.0397 2344  IRENUM - ok
19:34:23.0444 2344  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:34:23.0459 2344  isapnp - ok
19:34:23.0491 2344  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:34:23.0537 2344  iScsiPrt - ok
19:34:23.0569 2344  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:34:23.0600 2344  kbdclass - ok
19:34:23.0631 2344  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:34:23.0693 2344  kbdhid - ok
19:34:23.0725 2344  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:34:23.0756 2344  KeyIso - ok
19:34:23.0787 2344  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:34:23.0818 2344  KSecDD - ok
19:34:23.0849 2344  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:34:23.0881 2344  KSecPkg - ok
19:34:23.0912 2344  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:34:23.0990 2344  ksthunk - ok
19:34:24.0021 2344  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:34:24.0099 2344  KtmRm - ok
19:34:24.0130 2344  [ 55480B9C63F3F91A8EBBADCBF28FE581 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
19:34:24.0224 2344  L1C - ok
19:34:24.0271 2344  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:34:24.0395 2344  LanmanServer - ok
19:34:24.0442 2344  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:34:24.0536 2344  LanmanWorkstation - ok
19:34:24.0583 2344  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:34:24.0692 2344  lltdio - ok
19:34:24.0739 2344  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:34:24.0832 2344  lltdsvc - ok
19:34:24.0848 2344  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:34:24.0895 2344  lmhosts - ok
19:34:24.0973 2344  [ 259E9D38F7CABB068530101F87B6C202 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:34:25.0113 2344  LMS - ok
19:34:25.0144 2344  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:34:25.0175 2344  LSI_FC - ok
19:34:25.0191 2344  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:34:25.0222 2344  LSI_SAS - ok
19:34:25.0222 2344  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:34:25.0253 2344  LSI_SAS2 - ok
19:34:25.0269 2344  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:34:25.0300 2344  LSI_SCSI - ok
19:34:25.0331 2344  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:34:25.0425 2344  luafv - ok
19:34:25.0519 2344  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:34:25.0550 2344  McAfee SiteAdvisor Service - ok
19:34:25.0581 2344  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:34:25.0612 2344  McMPFSvc - ok
19:34:25.0643 2344  [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:34:25.0659 2344  mcmscsvc - ok
19:34:25.0675 2344  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:34:25.0690 2344  McNaiAnn - ok
19:34:25.0706 2344  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:34:25.0721 2344  McNASvc - ok
19:34:25.0815 2344  [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
19:34:25.0955 2344  McODS - ok
19:34:25.0987 2344  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:34:26.0002 2344  McOobeSv - ok
19:34:26.0018 2344  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:34:26.0033 2344  McProxy - ok
19:34:26.0080 2344  [ 23EA22ACADD66D7F1E18A4AA72BE6158 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:34:26.0189 2344  McShield - ok
19:34:26.0221 2344  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:34:26.0267 2344  Mcx2Svc - ok
19:34:26.0299 2344  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:34:26.0330 2344  megasas - ok
19:34:26.0377 2344  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:34:26.0408 2344  MegaSR - ok
19:34:26.0470 2344  [ 19323081FA4018C9C1AEBF08114BEA11 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
19:34:26.0501 2344  mfeapfk - ok
19:34:26.0517 2344  [ EF1D39A70CAD1B7BEDC220480F26815C ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
19:34:26.0564 2344  mfeavfk - ok
19:34:26.0579 2344  mfeavfk01 - ok
19:34:26.0611 2344  [ 3CBBB569730EFD069B4BD253DDD4AD58 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:34:26.0704 2344  mfefire - ok
19:34:26.0751 2344  [ 67972BFC8F23054BD23E1DE1450E40BD ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
19:34:26.0798 2344  mfefirek - ok
19:34:26.0860 2344  [ 5C0EE849C03C37071FABDAA6B58D3D94 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
19:34:26.0907 2344  mfehidk - ok
19:34:26.0954 2344  [ 450B77CAC7384A9C1BAF476AC302CD4C ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
19:34:26.0985 2344  mferkdet - ok
19:34:27.0032 2344  [ 74CE2EBE64AB78904E33DD4C5F21611F ] mfevtp          C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
19:34:27.0125 2344  mfevtp - ok
19:34:27.0157 2344  [ F55F9742BFA88D02F96516B80AB400EC ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
19:34:27.0172 2344  mfewfpk - ok
19:34:27.0266 2344  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:34:27.0406 2344  Microsoft Office Groove Audit Service - ok
19:34:27.0453 2344  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:34:27.0562 2344  MMCSS - ok
19:34:27.0578 2344  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:34:27.0656 2344  Modem - ok
19:34:27.0703 2344  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:34:27.0749 2344  monitor - ok
19:34:27.0765 2344  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
19:34:27.0796 2344  mouclass - ok
19:34:27.0827 2344  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:34:27.0874 2344  mouhid - ok
19:34:27.0937 2344  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:34:27.0968 2344  mountmgr - ok
19:34:28.0061 2344  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:34:28.0202 2344  MozillaMaintenance - ok
19:34:28.0217 2344  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:34:28.0249 2344  mpio - ok
19:34:28.0280 2344  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:34:28.0373 2344  mpsdrv - ok
19:34:28.0420 2344  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:34:28.0529 2344  MpsSvc - ok
19:34:28.0561 2344  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:34:28.0623 2344  MRxDAV - ok
19:34:28.0670 2344  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:34:28.0748 2344  mrxsmb - ok
19:34:28.0779 2344  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:34:28.0841 2344  mrxsmb10 - ok
19:34:28.0873 2344  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:34:28.0919 2344  mrxsmb20 - ok
19:34:28.0935 2344  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:34:29.0044 2344  msahci - ok
19:34:29.0060 2344  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:34:29.0075 2344  msdsm - ok
19:34:29.0091 2344  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:34:29.0138 2344  MSDTC - ok
19:34:29.0185 2344  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:34:29.0263 2344  Msfs - ok
19:34:29.0278 2344  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:34:29.0372 2344  mshidkmdf - ok
19:34:29.0403 2344  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:34:29.0419 2344  msisadrv - ok
19:34:29.0450 2344  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:34:29.0559 2344  MSiSCSI - ok
19:34:29.0575 2344  msiserver - ok
19:34:29.0606 2344  [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:34:29.0637 2344  MSK80Service - ok
19:34:29.0668 2344  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:34:29.0746 2344  MSKSSRV - ok
19:34:29.0777 2344  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:34:29.0871 2344  MSPCLOCK - ok
19:34:29.0887 2344  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:34:29.0965 2344  MSPQM - ok
19:34:30.0011 2344  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:34:30.0058 2344  MsRPC - ok
19:34:30.0074 2344  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:34:30.0089 2344  mssmbios - ok
19:34:30.0121 2344  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:34:30.0214 2344  MSTEE - ok
19:34:30.0230 2344  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:34:30.0277 2344  MTConfig - ok
19:34:30.0308 2344  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:34:30.0339 2344  Mup - ok
19:34:30.0355 2344  [ D2E148790A9111FEB60257FB43A5C2ED ] mvusbews        C:\Windows\system32\Drivers\mvusbews.sys
19:34:30.0433 2344  mvusbews - ok
19:34:30.0479 2344  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:34:30.0635 2344  napagent - ok
19:34:30.0698 2344  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:34:30.0776 2344  NativeWifiP - ok
19:34:30.0854 2344  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:34:30.0901 2344  NDIS - ok
19:34:30.0932 2344  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:34:31.0010 2344  NdisCap - ok
19:34:31.0057 2344  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:34:31.0150 2344  NdisTapi - ok
19:34:31.0181 2344  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:34:31.0275 2344  Ndisuio - ok
19:34:31.0306 2344  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:34:31.0400 2344  NdisWan - ok
19:34:31.0431 2344  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:34:31.0540 2344  NDProxy - ok
19:34:31.0603 2344  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:34:31.0727 2344  Nero BackItUp Scheduler 4.0 - ok
19:34:31.0774 2344  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:34:31.0883 2344  NetBIOS - ok
19:34:31.0915 2344  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:34:31.0993 2344  NetBT - ok
19:34:32.0008 2344  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:34:32.0039 2344  Netlogon - ok
19:34:32.0086 2344  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:34:32.0195 2344  Netman - ok
19:34:32.0227 2344  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:34:32.0320 2344  netprofm - ok
19:34:32.0367 2344  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:34:32.0414 2344  NetTcpPortSharing - ok
19:34:32.0429 2344  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:34:32.0461 2344  nfrd960 - ok
19:34:32.0523 2344  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:34:32.0570 2344  NlaSvc - ok
19:34:32.0617 2344  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:34:32.0679 2344  Npfs - ok
19:34:32.0710 2344  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:34:32.0804 2344  nsi - ok
19:34:32.0835 2344  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:34:32.0929 2344  nsiproxy - ok
19:34:32.0991 2344  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:34:33.0069 2344  Ntfs - ok
19:34:33.0100 2344  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:34:33.0194 2344  Null - ok
19:34:33.0225 2344  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:34:33.0272 2344  nvraid - ok
19:34:33.0287 2344  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:34:33.0319 2344  nvstor - ok
19:34:33.0350 2344  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:34:33.0381 2344  nv_agp - ok
19:34:33.0475 2344  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:34:33.0646 2344  odserv - ok
19:34:33.0677 2344  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:34:33.0740 2344  ohci1394 - ok
19:34:33.0787 2344  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:34:33.0896 2344  ose - ok
19:34:33.0943 2344  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:34:34.0005 2344  p2pimsvc - ok
19:34:34.0036 2344  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:34:34.0068 2344  p2psvc - ok
19:34:34.0099 2344  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:34:34.0114 2344  Parport - ok
19:34:34.0146 2344  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:34:34.0161 2344  partmgr - ok
19:34:34.0192 2344  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:34:34.0239 2344  PcaSvc - ok
19:34:34.0270 2344  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:34:34.0286 2344  pci - ok
19:34:34.0317 2344  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:34:34.0333 2344  pciide - ok
19:34:34.0364 2344  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:34:34.0380 2344  pcmcia - ok
19:34:34.0395 2344  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:34:34.0411 2344  pcw - ok
19:34:34.0442 2344  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:34:34.0520 2344  PEAUTH - ok
19:34:34.0582 2344  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:34:34.0645 2344  PerfHost - ok
19:34:34.0707 2344  [ 663962900E7FEA522126BA287715BB4A ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
19:34:34.0738 2344  PGEffect - ok
19:34:34.0801 2344  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:34:34.0879 2344  pla - ok
19:34:34.0941 2344  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:34:35.0004 2344  PlugPlay - ok
19:34:35.0035 2344  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:34:35.0082 2344  PNRPAutoReg - ok
19:34:35.0128 2344  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:34:35.0160 2344  PNRPsvc - ok
19:34:35.0191 2344  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:34:35.0269 2344  PolicyAgent - ok
19:34:35.0316 2344  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:34:35.0394 2344  Power - ok
19:34:35.0456 2344  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:34:35.0550 2344  PptpMiniport - ok
19:34:35.0581 2344  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:34:35.0612 2344  Processor - ok
19:34:35.0659 2344  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:34:35.0737 2344  ProfSvc - ok
19:34:35.0752 2344  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:34:35.0784 2344  ProtectedStorage - ok
19:34:35.0799 2344  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:34:35.0877 2344  Psched - ok
19:34:35.0924 2344  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:34:35.0971 2344  ql2300 - ok
19:34:36.0002 2344  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:34:36.0033 2344  ql40xx - ok
19:34:36.0064 2344  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:34:36.0111 2344  QWAVE - ok
19:34:36.0127 2344  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:34:36.0158 2344  QWAVEdrv - ok
19:34:36.0174 2344  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:34:36.0236 2344  RasAcd - ok
19:34:36.0267 2344  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:34:36.0330 2344  RasAgileVpn - ok
19:34:36.0345 2344  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:34:36.0423 2344  RasAuto - ok
19:34:36.0470 2344  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:34:36.0564 2344  Rasl2tp - ok
19:34:36.0610 2344  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:34:36.0673 2344  RasMan - ok
19:34:36.0704 2344  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:34:36.0798 2344  RasPppoe - ok
19:34:36.0798 2344  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:34:36.0860 2344  RasSstp - ok
19:34:36.0891 2344  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:34:36.0969 2344  rdbss - ok
19:34:36.0985 2344  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:34:37.0047 2344  rdpbus - ok
19:34:37.0078 2344  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:34:37.0156 2344  RDPCDD - ok
19:34:37.0203 2344  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:34:37.0297 2344  RDPENCDD - ok
19:34:37.0312 2344  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:34:37.0359 2344  RDPREFMP - ok
19:34:37.0390 2344  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:34:37.0468 2344  RDPWD - ok
19:34:37.0515 2344  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:34:37.0546 2344  rdyboost - ok
19:34:37.0578 2344  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:34:37.0687 2344  RemoteAccess - ok
19:34:37.0718 2344  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:34:37.0796 2344  RemoteRegistry - ok
19:34:37.0812 2344  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:34:37.0905 2344  RpcEptMapper - ok
19:34:37.0936 2344  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:34:37.0983 2344  RpcLocator - ok
19:34:38.0030 2344  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:34:38.0092 2344  RpcSs - ok
19:34:38.0139 2344  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:34:38.0233 2344  rspndr - ok
19:34:38.0280 2344  [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
19:34:38.0311 2344  RSUSBSTOR - ok
19:34:38.0373 2344  [ A8ED9726734D403217A4861A6788B144 ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
19:34:38.0436 2344  rtl8192se - ok
19:34:38.0498 2344  [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
19:34:38.0592 2344  s0016bus - ok
19:34:38.0592 2344  [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
19:34:38.0607 2344  s0016mdfl - ok
19:34:38.0638 2344  [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
19:34:38.0654 2344  s0016mdm - ok
19:34:38.0670 2344  [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
19:34:38.0685 2344  s0016mgmt - ok
19:34:38.0732 2344  [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
19:34:38.0748 2344  s0016nd5 - ok
19:34:38.0779 2344  [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
19:34:38.0872 2344  s0016obex - ok
19:34:38.0872 2344  [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
19:34:38.0888 2344  s0016unic - ok
19:34:38.0904 2344  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:34:38.0919 2344  SamSs - ok
19:34:38.0950 2344  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:34:38.0966 2344  sbp2port - ok
19:34:38.0997 2344  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:34:39.0044 2344  SCardSvr - ok
19:34:39.0075 2344  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:34:39.0169 2344  scfilter - ok
19:34:39.0216 2344  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:34:39.0387 2344  Schedule - ok
19:34:39.0418 2344  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:34:39.0465 2344  SCPolicySvc - ok
19:34:39.0496 2344  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:34:39.0590 2344  SDRSVC - ok
19:34:39.0606 2344  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:34:39.0699 2344  secdrv - ok
19:34:39.0730 2344  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:34:39.0840 2344  seclogon - ok
19:34:39.0886 2344  [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri         C:\Windows\system32\DRIVERS\seehcri.sys
19:34:39.0949 2344  seehcri - ok
19:34:39.0980 2344  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:34:40.0089 2344  SENS - ok
19:34:40.0120 2344  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:34:40.0167 2344  SensrSvc - ok
19:34:40.0198 2344  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:34:40.0230 2344  Serenum - ok
19:34:40.0261 2344  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:34:40.0308 2344  Serial - ok
19:34:40.0339 2344  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:34:40.0370 2344  sermouse - ok
19:34:40.0401 2344  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:34:40.0495 2344  SessionEnv - ok
19:34:40.0526 2344  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:34:40.0588 2344  sffdisk - ok
19:34:40.0588 2344  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:34:40.0620 2344  sffp_mmc - ok
19:34:40.0620 2344  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:34:40.0666 2344  sffp_sd - ok
19:34:40.0698 2344  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:34:40.0760 2344  sfloppy - ok
19:34:40.0791 2344  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:34:40.0900 2344  SharedAccess - ok
19:34:40.0932 2344  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:34:41.0010 2344  ShellHWDetection - ok
19:34:41.0041 2344  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:34:41.0072 2344  SiSRaid2 - ok
19:34:41.0088 2344  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:34:41.0119 2344  SiSRaid4 - ok
19:34:41.0197 2344  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:34:48.0295 2344  SkypeUpdate - ok
19:34:48.0373 2344  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:34:48.0482 2344  Smb - ok
19:34:48.0529 2344  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:34:48.0576 2344  SNMPTRAP - ok
19:34:48.0622 2344  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:34:48.0654 2344  spldr - ok
19:34:48.0685 2344  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:34:48.0778 2344  Spooler - ok
19:34:48.0872 2344  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:34:49.0075 2344  sppsvc - ok
19:34:49.0106 2344  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:34:49.0200 2344  sppuinotify - ok
19:34:49.0231 2344  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:34:49.0309 2344  srv - ok
19:34:49.0356 2344  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:34:49.0418 2344  srv2 - ok
19:34:49.0434 2344  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:34:49.0480 2344  srvnet - ok
19:34:49.0527 2344  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:34:49.0621 2344  SSDPSRV - ok
19:34:49.0652 2344  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:34:49.0699 2344  SstpSvc - ok
19:34:49.0730 2344  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:34:49.0746 2344  stexstor - ok
19:34:49.0808 2344  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:34:49.0855 2344  stisvc - ok
19:34:49.0902 2344  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:34:49.0917 2344  swenum - ok
19:34:49.0964 2344  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:34:50.0058 2344  swprv - ok
19:34:50.0104 2344  [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:34:50.0167 2344  SynTP - ok
19:34:50.0260 2344  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:34:50.0370 2344  SysMain - ok
19:34:50.0401 2344  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:34:50.0448 2344  TabletInputService - ok
19:34:50.0479 2344  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:34:50.0557 2344  TapiSrv - ok
19:34:50.0572 2344  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:34:50.0666 2344  TBS - ok
19:34:50.0760 2344  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:34:50.0838 2344  Tcpip - ok
19:34:50.0916 2344  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:34:50.0978 2344  TCPIP6 - ok
19:34:51.0009 2344  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:34:51.0056 2344  tcpipreg - ok
19:34:51.0103 2344  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
19:34:51.0134 2344  tdcmdpst - ok
19:34:51.0165 2344  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:34:51.0228 2344  TDPIPE - ok
19:34:51.0259 2344  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:34:51.0337 2344  TDTCP - ok
19:34:51.0384 2344  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:34:51.0493 2344  tdx - ok
19:34:51.0618 2344  [ 2A64C802F4C8AA00AC8472C771688E00 ] TeamViewer5     C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
19:34:51.0742 2344  TeamViewer5 - ok
19:34:51.0789 2344  [ 1B43FDBFE5A98F6B3D90595C6B2E5277 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
19:34:51.0930 2344  TemproMonitoringService - ok
19:34:51.0945 2344  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:34:51.0961 2344  TermDD - ok
19:34:52.0023 2344  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:34:52.0117 2344  TermService - ok
19:34:52.0164 2344  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:34:52.0226 2344  Themes - ok
19:34:52.0257 2344  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:34:52.0335 2344  THREADORDER - ok
19:34:52.0413 2344  [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:34:52.0522 2344  TMachInfo - ok
19:34:52.0554 2344  [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
19:34:52.0569 2344  TODDSrv - ok
19:34:52.0663 2344  [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:34:52.0772 2344  TosCoSrv - ok
19:34:52.0834 2344  [ 3E6756677E16532D235C6CB20614F369 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:34:52.0959 2344  TOSHIBA eco Utility Service - ok
19:34:53.0006 2344  [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:34:53.0115 2344  TOSHIBA HDD SSD Alert Service - ok
19:34:53.0162 2344  [ 97687D094AA597DA366E1194B218CC6C ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
19:34:53.0271 2344  TPCHSrv - ok
19:34:53.0318 2344  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:34:53.0412 2344  TrkWks - ok
19:34:53.0458 2344  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:34:53.0568 2344  TrustedInstaller - ok
19:34:53.0599 2344  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:34:53.0661 2344  tssecsrv - ok
19:34:53.0724 2344  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:34:53.0802 2344  TsUsbFlt - ok
19:34:53.0848 2344  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:34:53.0942 2344  tunnel - ok
19:34:53.0989 2344  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:34:54.0004 2344  TVALZ - ok
19:34:54.0036 2344  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\Windows\system32\DRIVERS\TVALZFL.sys
19:34:54.0067 2344  TVALZFL - ok
19:34:54.0098 2344  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:34:54.0129 2344  uagp35 - ok
19:34:54.0176 2344  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:34:54.0332 2344  udfs - ok
19:34:54.0379 2344  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:34:54.0394 2344  UI0Detect - ok
19:34:54.0426 2344  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:34:54.0441 2344  uliagpkx - ok
19:34:54.0488 2344  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
19:34:54.0535 2344  umbus - ok
19:34:54.0566 2344  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:34:54.0597 2344  UmPass - ok
19:34:54.0706 2344  [ 48E114762941941D5821EAAE29D75E9E ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:34:54.0909 2344  UNS - ok
19:34:54.0940 2344  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:34:55.0050 2344  upnphost - ok
19:34:55.0081 2344  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:34:55.0128 2344  usbccgp - ok
19:34:55.0143 2344  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:34:55.0174 2344  usbcir - ok
19:34:55.0206 2344  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:34:55.0252 2344  usbehci - ok
19:34:55.0299 2344  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:34:55.0346 2344  usbhub - ok
19:34:55.0393 2344  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:34:55.0440 2344  usbohci - ok
19:34:55.0486 2344  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:34:55.0549 2344  usbprint - ok
19:34:55.0564 2344  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:34:55.0642 2344  USBSTOR - ok
19:34:55.0674 2344  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:34:55.0720 2344  usbuhci - ok
19:34:55.0783 2344  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:34:55.0814 2344  usbvideo - ok
19:34:55.0830 2344  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:34:55.0908 2344  UxSms - ok
19:34:55.0923 2344  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:34:55.0939 2344  VaultSvc - ok
19:34:55.0970 2344  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:34:55.0986 2344  vdrvroot - ok
19:34:56.0017 2344  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:34:56.0095 2344  vds - ok
19:34:56.0126 2344  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:34:56.0157 2344  vga - ok
19:34:56.0173 2344  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:34:56.0251 2344  VgaSave - ok
19:34:56.0298 2344  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:34:56.0329 2344  vhdmp - ok
19:34:56.0344 2344  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:34:56.0360 2344  viaide - ok
19:34:56.0376 2344  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:34:56.0407 2344  volmgr - ok
19:34:56.0422 2344  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:34:56.0454 2344  volmgrx - ok
19:34:56.0500 2344  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:34:56.0516 2344  volsnap - ok
19:34:56.0547 2344  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:34:56.0578 2344  vsmraid - ok
19:34:56.0641 2344  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:34:56.0750 2344  VSS - ok
19:34:56.0766 2344  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:34:56.0812 2344  vwifibus - ok
19:34:56.0844 2344  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:34:56.0875 2344  vwififlt - ok
19:34:56.0922 2344  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:34:57.0000 2344  W32Time - ok
19:34:57.0031 2344  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:34:57.0078 2344  WacomPen - ok
19:34:57.0140 2344  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:34:57.0234 2344  WANARP - ok
19:34:57.0265 2344  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:34:57.0312 2344  Wanarpv6 - ok
19:34:57.0405 2344  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:34:57.0577 2344  WatAdminSvc - ok
19:34:57.0639 2344  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:34:57.0733 2344  wbengine - ok
19:34:57.0764 2344  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:34:57.0811 2344  WbioSrvc - ok
19:34:57.0858 2344  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:34:57.0904 2344  wcncsvc - ok
19:34:57.0951 2344  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:34:57.0982 2344  WcsPlugInService - ok
19:34:58.0014 2344  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:34:58.0045 2344  Wd - ok
19:34:58.0092 2344  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:34:58.0154 2344  Wdf01000 - ok
19:34:58.0201 2344  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:34:58.0294 2344  WdiServiceHost - ok
19:34:58.0310 2344  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:34:58.0357 2344  WdiSystemHost - ok
19:34:58.0388 2344  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:34:58.0435 2344  WebClient - ok
19:34:58.0466 2344  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:34:58.0560 2344  Wecsvc - ok
19:34:58.0606 2344  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:34:58.0716 2344  wercplsupport - ok
19:34:58.0762 2344  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:34:58.0887 2344  WerSvc - ok
19:34:58.0934 2344  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:34:58.0996 2344  WfpLwf - ok
19:34:59.0012 2344  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:34:59.0028 2344  WIMMount - ok
19:34:59.0059 2344  WinDefend - ok
19:34:59.0074 2344  WinHttpAutoProxySvc - ok
19:34:59.0121 2344  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:34:59.0230 2344  Winmgmt - ok
19:34:59.0308 2344  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:34:59.0418 2344  WinRM - ok
19:34:59.0480 2344  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:34:59.0574 2344  Wlansvc - ok
19:34:59.0714 2344  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:34:59.0854 2344  wlidsvc - ok
19:34:59.0886 2344  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:34:59.0917 2344  WmiAcpi - ok
19:34:59.0964 2344  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:35:00.0042 2344  wmiApSrv - ok
19:35:00.0073 2344  WMPNetworkSvc - ok
19:35:00.0120 2344  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:35:00.0151 2344  WPCSvc - ok
19:35:00.0198 2344  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:35:00.0244 2344  WPDBusEnum - ok
19:35:00.0276 2344  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:35:00.0354 2344  ws2ifsl - ok
19:35:00.0385 2344  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:35:00.0447 2344  wscsvc - ok
19:35:00.0447 2344  WSearch - ok
19:35:00.0525 2344  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:35:00.0619 2344  wuauserv - ok
19:35:00.0666 2344  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:35:00.0744 2344  WudfPf - ok
19:35:00.0775 2344  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:35:00.0837 2344  WUDFRd - ok
19:35:00.0868 2344  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:35:00.0915 2344  wudfsvc - ok
19:35:00.0946 2344  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:35:01.0009 2344  WwanSvc - ok
19:35:01.0040 2344  ================ Scan global ===============================
19:35:01.0071 2344  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:35:01.0102 2344  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:35:01.0118 2344  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:35:01.0149 2344  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:35:01.0165 2344  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:35:01.0180 2344  [Global] - ok
19:35:01.0180 2344  ================ Scan MBR ==================================
19:35:01.0196 2344  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:35:02.0288 2344  \Device\Harddisk0\DR0 - ok
19:35:02.0288 2344  ================ Scan VBR ==================================
19:35:02.0319 2344  [ 0290FD5864A9BDD168FA47E96E317965 ] \Device\Harddisk0\DR0\Partition1
19:35:02.0335 2344  \Device\Harddisk0\DR0\Partition1 - ok
19:35:02.0350 2344  [ 40571A443FD626AACF2544D2A084C2A9 ] \Device\Harddisk0\DR0\Partition2
19:35:02.0350 2344  \Device\Harddisk0\DR0\Partition2 - ok
19:35:02.0350 2344  ============================================================
19:35:02.0350 2344  Scan finished
19:35:02.0350 2344  ============================================================
19:35:02.0382 6452  Detected object count: 1
19:35:02.0382 6452  Actual detected object count: 1
19:44:20.0847 6452  HP LaserJet Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:44:20.0847 6452  HP LaserJet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:45:14.0344 9364  Deinitialize success
         
Danke und beste Grüße,
dkhh

Alt 01.03.2013, 12:24   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Telekom Hacking Verdacht - Standard

Telekom Hacking Verdacht



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.03.2013, 12:07   #11
dkhh
 
Telekom Hacking Verdacht - Standard

Telekom Hacking Verdacht



Hallo Cosinus,

hier das Resultat von combofix.

Code:
ATTFilter
ComboFix 13-03-10.02 - besitzer 10.03.2013  12:51:40.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2576 [GMT 1:00]
ausgeführt von:: c:\users\besitzer\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee  Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\Autorun.inf
D:\Setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-10 bis 2013-03-10  ))))))))))))))))))))))))))))))
.
.
2013-02-13 13:08 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 13:08 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 13:08 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 13:03 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 13:03 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 13:03 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 13:03 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 13:03 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 13:03 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 13:03 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 13:03 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 13:03 . 2012-12-26 05:47	1111040	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 13:03 . 2012-12-26 04:49	760320	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-09 11:12 . 2010-12-08 12:57	44544	----a-w-	c:\windows\SysWow64\agremove.exe
2013-03-09 11:09 . 2010-12-11 14:34	17920	----a-w-	c:\windows\system32\rpcnetp.exe
2013-02-28 09:11 . 2012-04-03 07:43	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 09:11 . 2011-05-17 05:47	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 12:59 . 2010-01-05 16:04	70112	----a-w-	c:\windows\system32\drivers\cfwids.sys
2013-02-19 12:56 . 2010-01-05 16:04	340216	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 12:55 . 2010-04-01 11:02	10728	----a-w-	c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 12:55 . 2010-01-05 16:04	106552	----a-w-	c:\windows\system32\drivers\mferkdet.sys
2013-02-19 12:54 . 2010-01-05 16:04	771536	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2013-02-19 12:53 . 2010-01-05 16:04	515968	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2013-02-19 12:53 . 2010-01-05 16:04	309840	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 12:52 . 2010-01-05 16:04	179280	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2013-02-13 15:54 . 2010-08-24 05:48	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-13 13:03	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-22 08:08	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 08:08	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:08	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:08	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-14 15:49 . 2013-02-02 15:04	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 09:28	1307928	----a-w-	c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-21 01:18	1515688	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-21 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\besitzer\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\besitzer\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\besitzer\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-18 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\besitzer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539272]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-05-03 13352]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2009-10-26 20480]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-30 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-09 465360]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-10 126520]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2013-02-19 182752]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [2010-03-05 720952]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-08-30 34032]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-06 12:46	1630672	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 09:11]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-18 08:27]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-18 08:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\besitzer\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\besitzer\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\besitzer\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\besitzer\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-02-12 136136]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\x2sbinyh.default\
FF - ExtSQL: 2013-02-02 13:31; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\x2sbinyh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-02 13:32; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\users\besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\x2sbinyh.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-10  13:03:11
ComboFix-quarantined-files.txt  2013-03-10 12:03
.
Vor Suchlauf: 11 Verzeichnis(se), 105.595.543.552 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 105.267.138.560 Bytes frei
.
- - End Of File - - 69B33F7605F232FF9EEEF345A6F635BB
         
Danke und beste Grüße!

Alt 10.03.2013, 15:22   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Telekom Hacking Verdacht - Standard

Telekom Hacking Verdacht



Zitat:
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
Warum hast du McAfee und AntiVir gleichzeitig im Betrieb, sowas ist höchst kntraproduktiv!
Belass es bei genau einem Virenscanner!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Telekom Hacking Verdacht
adobe reader xi, alert, antivir, autorun, avira, avira searchfree toolbar, besitzer, bho, bingbar, brief, diner dash, error, failed, firefox, flash player, format, helper, home, homepage, index, install.exe, logfile, mozilla, office 2007, phishing, realtek, registry, richtlinie, rundll, senden, siteadvisor, software, svchost.exe, windows, wlan



Ähnliche Themen: Telekom Hacking Verdacht


  1. Win 7 - Verdacht auf Zeus / ZBot laut Telekom Abuse Team
    Log-Analyse und Auswertung - 17.05.2015 (31)
  2. Telekom Spam Mail (zip Datei) geöffnet - Verdacht auf Trojaner
    Log-Analyse und Auswertung - 26.01.2015 (21)
  3. Anhang einer gefälschten Telekom-Email geöffnet. Verdacht auf Schadsoftware
    Log-Analyse und Auswertung - 01.12.2014 (7)
  4. Schreiben von Telekom, dass Port 25 wegen Verdacht auf SPAM Mails eingeschränkt wurde
    Log-Analyse und Auswertung - 13.01.2014 (9)
  5. Wichtige Sicherheitswarnung von der Telekom - Hacking - Skinhole
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (11)
  6. Brief von der Telekom: Warnung vor Hacking von unserem Account (Schadsoftware?)
    Plagegeister aller Art und deren Bekämpfung - 08.10.2013 (29)
  7. Windows 7: Viren im System gefunden > Hinweis durch Brief der Dt. Telekom auf "Hacking"
    Log-Analyse und Auswertung - 14.09.2013 (9)
  8. Verdacht auf Hacking laut Brief von der Telekom
    Log-Analyse und Auswertung - 06.09.2013 (11)
  9. "Abuse-Meldung" von Telekom erhalten - Verdacht auf Schadsoftware..
    Log-Analyse und Auswertung - 03.09.2013 (13)
  10. TR/Crypt.XPACK.Gen3 und Telekom-abuse Nachricht auf "Hacking"
    Log-Analyse und Auswertung - 01.08.2013 (23)
  11. Brief von Telekom Abuse Team wegen Verdachts auf Hacking
    Log-Analyse und Auswertung - 14.07.2013 (24)
  12. Telekom Brief; Verdacht auf Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (43)
  13. Telekom-Brief bzgl. "Hacking", "Sicherheitswarnung zu Ihrem Internetzugang"
    Log-Analyse und Auswertung - 01.07.2013 (13)
  14. Spam Verdacht Telekom Abuse
    Log-Analyse und Auswertung - 25.06.2013 (6)
  15. Trojaner/ Telekom schreibt Brief mit verdacht auf Hacking
    Log-Analyse und Auswertung - 16.06.2013 (19)
  16. Verdacht auf ZeuS/ZBot aufgrund von Telekom-Mail
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (14)
  17. Sicherheitswarnung der Telekom wegen Hacking
    Log-Analyse und Auswertung - 05.02.2013 (53)

Zum Thema Telekom Hacking Verdacht - Hallo liebe Foren-Gurus, nach einem Brief der Telekom, der auf möglichen Missbrauch des Internetanschlusses hindeutete, habe ich ein paar Scans durchgeführt. Weder McAfee oder Anti-Malware haben etwas gefunden. Deshalb poste - Telekom Hacking Verdacht...
Archiv
Du betrachtest: Telekom Hacking Verdacht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.