Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.02.2013, 20:12   #1
Cenchan
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



Sehr geehrtes Trojaner-Board-Team,

ich habe mir gestern (03.01.2013 Abends) einen Bundespolizei-Virus eingefangen mit der Aufforderung 100Euro zu überweisen, um der Strafe zu entgehen. Der PC kann normal bis zum Desktop hochgefahren werden. Danach kommt stets eine Anfrage von der Benutzerkonstensteuerung,ob eine Änderung am PC vorgenommen werden soll (Programmname:Registrierungs-Editor; Verifizierter Herausgeber: Microsoft Windows ; Version 3) Nachdem ich auf "Nein" klicke, wiederholt sich die Anfrage nochmals, bis anschließend die GVU-Seite mit "Ihr Computer ist Gesperrt" angezeigt wird. Unten ist die Videoaufnahme auf "An" gestellt, wobei nur eine schwarze Fläche gezeigt wird.

Alle abgespeicherten Modus ( normal, Netzbetreiber, Eingabeaufforderung) funktionieren noch. Über den abgespeicherten Modus mit Netzbetreiber habe ich den Avast free durchgeführt, und es stellte sich heraus, dass bereits am 27.01 der PC mit 2 Viren infiziert war, wobei es erst gestern zu einer Sperre kam.

Ich habe mich nun auf der Trojaner-Board-Seite über GVU-Viren informiert und würde gerne nach der Anweisung von " An alle Hilfesuchenden" OTL und GMER durchführen, weiß aber nicht, wie man diese Programme runterladen soll, wenn doch die Nutzung des Desktops gesperrt ist?! Ich bin ein absoluter Laie in solchen Dingen, und wäre unglaublich für eine Hilfestellungen dankbar!! Kann man auch über den abgespeicherten Modus die oben genannten Programme durchführen und die Datein dort auf dem Desktop speichern? Also quasi von diesem Modus den Anweisungen folgen?!

Wie soll ich vorgehen? Bitte helft mir weiter, ich bräuchte dringend Hilfe von professionelln Experten!! Vielen Dank im Voraus!

Die Daten des Notebooks: Toshiba Satellite
Intel Core (inside tM) i7
Windows 7


Mit freundlichen Grüßen und vielen Dank im Vorraus

Alt 04.02.2013, 21:40   #2
markusg
/// Malware-holic
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



hi
was hat Avast wo gefunden?
wenn der abges. Modus mit Netzwerk funktioniert, kannst du doch warscheinlich ins inet.


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 05.02.2013, 00:11   #3
Cenchan
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



Code:
ATTFilter
OTL logfile created on: 04.02.2013 23:35:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,99% Memory free
7,92 Gb Paging File | 6,65 Gb Available in Paging File | 83,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578,55 Gb Total Space | 528,72 Gb Free Space | 91,39% Space Free | Partition Type: NTFS
 
Computer Name: ***-TOSH | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (Canon Driver Information Assist Service) -- C:\Program Files\Canon\DIAS\CnxDIAS.exe (CANON INC.)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (GFNEXSrv) -- C:\Windows\SysNative\GFNEXSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.exe ()
SRV - (GoogleIMEJaCacheService) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe (Google Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (VmbService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (Mobile Connector)
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG)
DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (vodafone_K3805-z_dc_enum) -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (toshidpt) -- C:\Windows\SysNative\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (cmnsusbser) -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys (Mobile Connector)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {740B0868-A6C0-4B10-B45B-F32D26C8490D}
IE:64bit: - HKLM\..\SearchScopes\{740B0868-A6C0-4B10-B45B-F32D26C8490D}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {740B0868-A6C0-4B10-B45B-F32D26C8490D}
IE - HKLM\..\SearchScopes\{740B0868-A6C0-4B10-B45B-F32D26C8490D}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tt=4112_7&babsrc=HP_clro&mntrId=5cbcea0c000000000000446d573b874d
IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\SearchScopes,bProtectorDefaultScope = {39BA0321-4AF3-4BF0-8466-AC6572797CAB}
IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\SearchScopes,DefaultScope = {39BA0321-4AF3-4BF0-8466-AC6572797CAB}
IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4112_7&babsrc=SP_clro&mntrId=5cbcea0c000000000000446d573b874d
IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\SearchScopes\{39BA0321-4AF3-4BF0-8466-AC6572797CAB}: "URL" = hxxp://search.yahoo.co.jp/search?ei=UTF-8&fr=ie8scint&p={searchTerms}
IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\SearchScopes\{740B0868-A6C0-4B10-B45B-F32D26C8490D}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_deDE487
IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\SearchScopes\{C2402E20-1F1A-4884-AB86-C300DB4CCC32}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=cf72f618-ea15-4452-aa7a-10804042e97d&apn_sauid=126290A3-1886-4F96-8659-25F208058CC6
IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2012.06.08 20:36:11 | 000,000,000 | ---D | M]
 
[2012.10.09 13:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.claro-search.com/?affID=114508&tt=4112_7&babsrc=HP_clro&mntrId=5cbcea0c000000000000446d573b874d
CHR - homepage: hxxp://www.claro-search.com/?affID=114508&tt=4112_7&babsrc=HP_clro&mntrId=5cbcea0c000000000000446d573b874d
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaoiagmlcohkmjodefppbmpjdiocmh\7.15.4.24150_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo\1.20.40_0\crossrider
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo\1.20.40_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocofgjipfjnombjenfaghmlelanfgfpa\1.0.0.20_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll (215 Apps)
O2 - BHO: (Yahoo!ƒc[ƒ‹ƒo[ƒtƒBƒbƒVƒ“ƒOŒx) - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll (Yahoo Japan Corporation. )
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yahoo!ƒc[ƒ‹ƒo[ƒwƒ‹ƒp[) - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Yahoo!ツールバー) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-308888092-3790624405-3788023300-1000\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Google Japanese Input Prelauncher] C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe (Google Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [ypcsm] C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe (Yahoo! Japan Corporation.)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-308888092-3790624405-3788023300-1000..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-308888092-3790624405-3788023300-1000..\Run: [RESTART_STICKY_NOTES] C:\windows\system32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-308888092-3790624405-3788023300-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-308888092-3790624405-3788023300-1000..\Run: [ypcsm] C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe (Yahoo! Japan Corporation.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76C5286D-28E9-4494-9F44-18C5FFB3DAD1}: DhcpNameServer = 163.139.230.165 163.139.230.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB58151C-7B4A-4A9F-AFB2-0EFDDDE51A5D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261123~1.78\{61d8b~1\brwmngr.dll) - c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1c2be16c-9faa-11e1-a768-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1c2be16c-9faa-11e1-a768-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{1c2be16c-9faa-11e1-a768-806e6f6e6963}\Shell\configure\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{1c2be16c-9faa-11e1-a768-806e6f6e6963}\Shell\install\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{1d007277-47cd-11e2-af30-e840f2f25060}\Shell - "" = AutoRun
O33 - MountPoints2\{1d007277-47cd-11e2-af30-e840f2f25060}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{9bbb5eef-b219-11e1-a4cc-e840f2f25060}\Shell - "" = AutoRun
O33 - MountPoints2\{9bbb5eef-b219-11e1-a4cc-e840f2f25060}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9bbb5ef1-b219-11e1-a4cc-e840f2f25060}\Shell - "" = AutoRun
O33 - MountPoints2\{9bbb5ef1-b219-11e1-a4cc-e840f2f25060}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{edb32916-b232-11e1-ba44-e840f2f25060}\Shell - "" = AutoRun
O33 - MountPoints2\{edb32916-b232-11e1-ba44-e840f2f25060}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f45014f9-b1a3-11e1-a655-e840f2f25060}\Shell - "" = AutoRun
O33 - MountPoints2\{f45014f9-b1a3-11e1-a655-e840f2f25060}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f45014fb-b1a3-11e1-a655-e840f2f25060}\Shell - "" = AutoRun
O33 - MountPoints2\{f45014fb-b1a3-11e1-a655-e840f2f25060}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.04 23:08:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.02.03 19:43:27 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Users\Celine\wgsdgsdgdsgsd.exe
[2013.01.31 11:11:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Päsentation
[2013.01.29 22:03:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.27 21:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.01.27 21:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.01.27 21:29:12 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.01.24 23:03:13 | 000,000,000 | ---D | C] -- C:\Users\***\.rainlendar2
[2013.01.24 23:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2
[2013.01.24 23:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rainlendar2
[2013.01.24 22:54:50 | 000,379,072 | ---- | C] (Softonic) -- C:\Users\***\Desktop\SoftonicDownloader_fuer_rainlendar.exe
[2013.01.18 22:27:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Job
[2013.01.13 11:38:28 | 059,584,351 | ---- | C] (Acresso Software Inc.                                        ) -- C:\Users\***\Desktop\POWERPREPIIV2_0.exe
[2013.01.11 16:36:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Blackbery
[2013.01.07 11:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.07 11:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.07 11:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.01.07 11:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.07 11:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.04 23:31:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.02.04 23:31:08 | 3189,612,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.04 23:08:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.02.04 23:01:39 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.02.04 19:49:05 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.04 19:47:59 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.02.04 19:39:47 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 19:39:47 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 19:31:46 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.04 19:31:24 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.02.04 16:19:09 | 001,529,424 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013.02.04 16:19:09 | 000,658,392 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.02.04 16:19:09 | 000,619,628 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.02.04 16:19:09 | 000,131,474 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.02.04 16:19:09 | 000,107,690 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.02.03 19:43:36 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.02.03 19:43:36 | 000,000,067 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.02.03 19:43:31 | 000,001,058 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.02.03 18:52:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.02.02 17:47:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.01.31 20:12:40 | 001,500,254 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.01.31 19:56:03 | 001,051,787 | ---- | M] () -- C:\Users\***\Desktop\Richtige Präsentation für SPS - Kopie.pdf
[2013.01.31 15:09:43 | 001,066,735 | ---- | M] () -- C:\Users\***\Desktop\Präsentation  Export-Unternehmenserfolg.pdf
[2013.01.29 19:56:32 | 001,202,865 | ---- | M] () -- C:\Users\***\Desktop\pdf neu.pdf
[2013.01.29 19:52:28 | 001,188,853 | ---- | M] () -- C:\Users\***\Desktop\Präsentation 2010 PDF111.pdf
[2013.01.27 22:22:15 | 000,419,968 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.01.26 16:22:54 | 000,108,537 | ---- | M] () -- C:\Users\***\Desktop\Bernard & Jensen 1999.pdf
[2013.01.24 23:02:43 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Rainlendar2.lnk
[2013.01.24 23:01:49 | 014,666,324 | ---- | M] () -- C:\Users\***\Desktop\Rainlendar-Lite-2-11-32bit.exe
[2013.01.24 22:54:57 | 000,379,072 | ---- | M] (Softonic) -- C:\Users\***\Desktop\SoftonicDownloader_fuer_rainlendar.exe
[2013.01.24 14:48:19 | 000,444,215 | ---- | M] () -- C:\Users\***\Desktop\10.1.1.153.5363.pdf
[2013.01.23 20:01:23 | 000,324,401 | ---- | M] () -- C:\Users\***\Desktop\Einfluss von Export auf die Investitionen eines Unternehmens.pdf
[2013.01.23 19:59:48 | 000,490,055 | ---- | M] () -- C:\Users\***\Desktop\Selbstselektion und Lerneffekte bei Exporteuren.pdf
[2013.01.23 19:58:40 | 000,558,314 | ---- | M] () -- C:\Users\***\Desktop\Selbstselektion produktiver Firmen in Exportmärkte.pdf
[2013.01.23 19:56:24 | 000,791,708 | ---- | M] () -- C:\Users\***\Desktop\Die Wahl zwischen Export und Direktinvestition.pdf
[2013.01.23 19:54:56 | 000,275,098 | ---- | M] () -- C:\Users\***\Desktop\Export und Produktivität in einer empirischen Studie.pdf
[2013.01.23 19:53:36 | 000,340,319 | ---- | M] () -- C:\Users\***\Desktop\Ein Gravitätsmodell mit heterogenen Firmen.pdf
[2013.01.23 19:52:30 | 000,141,448 | ---- | M] () -- C:\Users\***\Desktop\Der Einfluss von Handelsliberalisierung auf die Technologiewahl   Vinzent.pdf
[2013.01.14 20:49:59 | 001,336,320 | ---- | M] () -- C:\Users\***\Desktop\VW-Consulting_Chart-Bibliothek_März_2004.lnk
[2013.01.13 11:38:53 | 059,584,351 | ---- | M] (Acresso Software Inc.                                        ) -- C:\Users\***\Desktop\POWERPREPIIV2_0.exe
[2013.01.07 16:30:30 | 000,186,589 | ---- | M] () -- C:\Users\***\Desktop\SPS- ***_***.pdf
[2013.01.07 15:18:08 | 000,402,218 | ---- | M] () -- C:\Users\***\Desktop\SPS- Oleg.pdf
[2013.01.07 11:22:18 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.06 19:43:38 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.03 19:43:36 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.02.03 19:43:36 | 000,000,067 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.02.03 19:43:31 | 000,001,058 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.02.03 19:43:29 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.31 19:56:00 | 001,051,787 | ---- | C] () -- C:\Users\***\Desktop\Richtige Präsentation für SPS - Kopie.pdf
[2013.01.31 15:09:40 | 001,066,735 | ---- | C] () -- C:\Users\***\Desktop\Präsentation  Export-Unternehmenserfolg.pdf
[2013.01.29 19:56:28 | 001,202,865 | ---- | C] () -- C:\Users\***\Desktop\pdf neu.pdf
[2013.01.29 19:52:23 | 001,188,853 | ---- | C] () -- C:\Users\***\Desktop\Präsentation 2010 PDF111.pdf
[2013.01.26 16:22:54 | 000,108,537 | ---- | C] () -- C:\Users\***\Desktop\Bernard & Jensen 1999.pdf
[2013.01.24 23:02:43 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Rainlendar2.lnk
[2013.01.24 23:01:37 | 014,666,324 | ---- | C] () -- C:\Users\Celine\Desktop\Rainlendar-Lite-2-11-32bit.exe
[2013.01.24 14:48:19 | 000,444,215 | ---- | C] () -- C:\Users\Celine\Desktop\10.1.1.153.5363.pdf
[2013.01.23 20:01:23 | 000,324,401 | ---- | C] () -- C:\Users\Celine\Desktop\Einfluss von Export auf die Investitionen eines Unternehmens.pdf
[2013.01.23 19:59:48 | 000,490,055 | ---- | C] () -- C:\Users\***\Desktop\Selbstselektion und Lerneffekte bei Exporteuren.pdf
[2013.01.23 19:58:40 | 000,558,314 | ---- | C] () -- C:\Users\***\Desktop\Selbstselektion produktiver Firmen in Exportmärkte.pdf
[2013.01.23 19:56:24 | 000,791,708 | ---- | C] () -- C:\Users\***\Desktop\Die Wahl zwischen Export und Direktinvestition.pdf
[2013.01.23 19:54:56 | 000,275,098 | ---- | C] () -- C:\Users\***\Desktop\Export und Produktivität in einer empirischen Studie.pdf
[2013.01.23 19:53:36 | 000,340,319 | ---- | C] () -- C:\Users\***\Desktop\Ein Gravitätsmodell mit heterogenen Firmen.pdf
[2013.01.23 19:52:29 | 000,141,448 | ---- | C] () -- C:\Users\***\Desktop\Der Einfluss von Handelsliberalisierung auf die Technologiewahl   Vinzent.pdf
[2013.01.14 20:49:56 | 001,336,320 | ---- | C] () -- C:\Users\***\Desktop\VW-Consulting_Chart-Bibliothek_März_2004.lnk
[2013.01.07 16:30:29 | 000,186,589 | ---- | C] () -- C:\Users\***\Desktop\SPS- Nishimoto_Celine.pdf
[2013.01.07 15:18:07 | 000,402,218 | ---- | C] () -- C:\Users\***\Desktop\SPS- Oleg.pdf
[2013.01.07 11:22:18 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.06 19:43:38 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.12.13 10:15:31 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2012.12.02 22:49:44 | 000,000,000 | ---- | C] () -- C:\ProgramData\4h6d0L8T5.dat
[2012.12.02 22:49:30 | 000,000,001 | ---- | C] () -- C:\ProgramData\8bO3W7RR.exe_.b
[2012.12.02 22:49:30 | 000,000,001 | ---- | C] () -- C:\ProgramData\8bO3W7RR.exe.b
[2012.11.18 11:25:55 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\pool.bin
[2012.06.08 20:41:17 | 001,529,424 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.05.16 23:59:04 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2012.05.16 23:47:02 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.05.16 23:44:44 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012.05.16 23:44:44 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012.05.16 23:44:44 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.02.03 06:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2012.01.20 12:49:58 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2012.01.20 12:49:48 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011.04.18 14:39:56 | 000,226,364 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.09 13:26:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2012.11.18 12:20:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blackberry Desktop
[2012.10.30 23:12:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CravingExplorer
[2012.07.19 10:28:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2012.11.18 12:20:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion
[2013.01.28 00:18:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.06.06 20:03:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba
[2012.06.16 17:34:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TOSHIBA Online Product Information
[2012.06.08 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012.06.08 20:57:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2012.06.09 14:33:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone Mobile Broadband
[2012.06.06 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch
[2012.12.28 20:56:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.12.18 09:28:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XSManager
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.08.11 15:08:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.07.11 20:38:56 | 000,000,000 | ---D | M] -- C:\88808a8fa0851d0aa7
[2012.02.18 05:31:51 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.08.15 13:49:38 | 000,000,000 | ---D | M] -- C:\c3f75d9bd8c7caf3d14fa560
[2013.01.30 09:26:24 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.05.16 23:41:32 | 000,000,000 | ---D | M] -- C:\Intel
[2013.01.27 21:29:12 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2013.01.07 11:21:49 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.27 21:30:23 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.02.04 13:08:57 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013.02.04 19:36:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.06 20:05:40 | 000,000,000 | ---D | M] -- C:\Toshiba
[2012.06.06 19:57:58 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.04 14:24:54 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012.02.17 06:19:35 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2012.02.17 06:25:05 | 000,001,120 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.02.17 06:25:06 | 000,001,124 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.05.16 23:42:33 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012.05.16 23:42:34 | 000,000,828 | ---- | C] () -- C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.11.30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\windows\SysNative\drivers\iaStor.sys
[2011.11.30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_9c981fcb416c038e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.06.06 19:59:35 | 000,000,000 | ---- | M] () -- C:\Users\***\agent.log
[2013.02.04 23:43:53 | 018,612,224 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2013.02.04 23:43:53 | 000,262,144 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG1
[2012.06.06 19:57:58 | 000,000,000 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG2
[2012.06.06 20:04:10 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.06.06 20:04:10 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.06.06 20:04:10 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.11.13 01:29:24 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{798be97c-2ca5-11e2-b566-e840f2f25060}.TM.blf
[2012.11.13 01:29:24 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{798be97c-2ca5-11e2-b566-e840f2f25060}.TMContainer00000000000000000001.regtrans-ms
[2012.11.13 01:29:24 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{798be97c-2ca5-11e2-b566-e840f2f25060}.TMContainer00000000000000000002.regtrans-ms
[2012.06.06 19:57:59 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini
[2013.02.03 19:43:27 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Users\Celine\wgsdgsdgdsgsd.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Files - Unicode (All) ==========
[2012.11.06 23:19:43 | 000,017,643 | ---- | M] ()(C:\Users\***\Desktop\?????.xlsx) -- C:\Users\***\Desktop\独和、和独.xlsx
[2012.10.30 20:41:21 | 000,000,165 | -H-- | M] ()(C:\Users\***\Desktop\~$?????.xlsx) -- C:\Users\***\Desktop\~$独和、和独.xlsx
[2012.10.30 20:41:21 | 000,000,165 | -H-- | C] ()(C:\Users\***\Desktop\~$?????.xlsx) -- C:\Users\***\Desktop\~$独和、和独.xlsx
[2012.10.15 16:46:29 | 000,017,643 | ---- | C] ()(C:\Users\***\Desktop\?????.xlsx) -- C:\Users\***\Desktop\独和、和独.xlsx
[2012.10.02 00:54:18 | 000,000,162 | -H-- | M] ()(C:\Users\***\Desktop\~$? BMW new.docx) -- C:\Users\***\Desktop\~$書 BMW new.docx
[2012.10.02 00:54:18 | 000,000,162 | -H-- | C] ()(C:\Users\***\Desktop\~$? BMW new.docx) -- C:\Users\***\Desktop\~$書 BMW new.docx
[2012.10.01 13:37:14 | 000,000,162 | -H-- | M] ()(C:\Users\***\Desktop\~$? allgemein.docx) -- C:\Users\***\Desktop\~$書 allgemein.docx
[2012.10.01 13:37:14 | 000,000,162 | -H-- | C] ()(C:\Users\***\Desktop\~$? allgemein.docx) -- C:\Users\***\Desktop\~$書 allgemein.docx
[2012.10.01 13:33:40 | 000,000,162 | -H-- | M] ()(C:\Users\***\Desktop\~$? Mercedes.docx) -- C:\Users\***\Desktop\~$書 Mercedes.docx
[2012.10.01 13:33:40 | 000,000,162 | -H-- | C] ()(C:\Users\***\Desktop\~$? Mercedes.docx) -- C:\Users\***\Desktop\~$書 Mercedes.docx

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 04.02.2013 23:35:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,99% Memory free
7,92 Gb Paging File | 6,65 Gb Available in Paging File | 83,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578,55 Gb Total Space | 528,72 Gb Free Space | 91,39% Space Free | Partition Type: NTFS
 
Computer Name: ***-TOSH | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{132D8FDD-E17D-45E4-9200-4ECBD52DC1CE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{175000D7-190E-4176-809A-BB803FAA22D7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1A393EF0-B3A6-46C9-90FC-6BF38D4DBE2C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E163DF8-717D-4EC9-8152-6F9CC0DED55E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{517275DD-E562-46F1-A24F-6C2B6AC975A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{55D1CEB4-A9D9-4DF7-92A5-9237CE1EC778}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5EDAD419-F1F8-4615-869F-0212D8A5FC5E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{64EC7970-4890-4251-95CA-ED5A24410469}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{66F7C350-9836-4AD6-B883-517062BBDA81}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{722F9DF7-4DBF-42F9-B3A6-BCDDE179FA19}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7475FA73-6FDE-406F-9F8F-8611482499B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{75BB0895-F295-4ED1-A6D3-DEED71CCD63F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8174EF59-DEEA-4AC6-9AAB-16655ADAA262}" = rport=138 | protocol=17 | dir=out | app=system | 
"{85337ED2-708C-4D3F-8CE5-0D1BD8450D9A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A091FBDE-04D7-4EBB-BEB4-1C8B8C9C5B2B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A1F89917-4660-416F-8A8B-5DF133D4D6B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A808C4D6-2BFB-4035-ACC7-EEFD66FF947A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B57409ED-3F18-4FAA-BB30-CFC800FCA069}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA1E2D73-26B3-43EF-A803-5E0312A37872}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BC79441C-4D78-4AE6-958A-81B3967DFE24}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C02245FA-8F0C-4D70-B44B-50F889FDC504}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C4544947-9D57-4680-B1D1-1E48B66A11DF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E3707B2E-A40A-4E62-B1A5-F305381F38AF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{F869D9BC-F9B8-492E-B01D-94AB491D5755}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B0336F-D17E-4639-9875-D7EB0BE5A903}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{029E5A9E-226F-4B26-AD55-A480DF6F8D03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F2C8AFE-F75B-405A-9EC0-ADE4D7C3BE85}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{22CABF82-FFB2-4835-B862-C525096E683B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A9FBF24-15C3-4F4B-92B4-50806F7BF99B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2D7DCF65-0A72-4130-A79A-275B724F32D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40400D6A-7BD8-451A-96A2-91081A8D9AC4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4B6B2EA2-CD00-4EDD-9F4B-EBC6A098B7D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50CFDBD7-2C58-48A3-A3FA-176912485FB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{51CC8CD5-07CD-48BD-B6BE-47421A78FF45}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{59305EEE-65CC-4CFB-81B9-C2F9AE7B8BA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{61391C50-1D82-4A19-A43F-A74D2B2AF14A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{707DFD48-782D-4E95-8B76-A33C29001685}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{833902E9-BD60-4F22-9CBF-1BF134F219F9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{84DA7347-42D8-4AF7-875D-4F09947F0019}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{861E2617-BA82-453D-9661-BE4891138BAA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8F87B29C-C265-4785-8419-4043F671D0D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9618DE06-F9CB-4210-B7C3-C0BF0A7CC9F5}" = dir=in | app=c:\program files\canon\dias\cnxdias.exe | 
"{9AF982AC-D603-462E-8DDB-BAB9B251C862}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9D2BD177-73C4-43E8-A3E4-D063FCA9892F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A51C4716-4888-490D-B8F2-5F36149B8D6E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AEDC1CE2-FA94-4963-B025-2CBD236932A6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{BA002473-4B35-4519-99B0-14773CBE6DC8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{C29069C2-A781-4DC8-91F3-61C1F58801E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C4CE5609-746D-4B3A-8765-C8F5F0B37ACA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA7F682E-F4FA-4720-9567-0EBD6A8679AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CFF96F9F-4D81-4CD4-B342-9DEC32B106FA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D087CF59-D086-4CDB-91C1-A5EF911DD9AF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D6D69E29-A54D-4640-9E4E-7BB87B940E1C}" = protocol=6 | dir=out | app=system | 
"{E010FAB8-1CA3-48EA-8B69-BE1A84DD2C4F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F45136F1-8426-4E3C-A7CB-5206981A225F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F55FB281-E7C4-48B0-9EF9-94558C2A81FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F5A2FE6E-2F5D-4E6C-A844-F0768B6341EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F68EF781-4DAB-4F5C-BEA7-B1D09129779D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1880437E-3C19-4EA4-9200-0B3A47865E91}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{2C486987-D447-4E36-8D61-86E48E24199C}" = TOSHIBA eco Utility
"{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}" = Premium Sound HD
"{3BF2C0A8-2C44-4A36-AA96-3BD6FB7BB01F}" = Windows Live Remote Client Resources
"{4BC12C41-9B5B-AEF9-0A63-EE2AA19FBFB8}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54C5B89F-0A8C-4C07-A51D-7380974DA459}" = Windows Live Remote Service Resources
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D05D75EB-D15B-40EC-9356-B06C83E0D2A8}" = Google 日本語入力
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F856881A-D370-B1A7-2AFF-128F4AA93558}" = AMD Catalyst Install Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019EF473-6D0A-415C-9A2E-1AF5F66AC60F}" = Windows Live Messenger
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AB6726B-2C04-75E6-D30A-AA8C0E26E46A}" = CCC Help Japanese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E0CA282-7F32-4B0D-B427-78B9A3CBC42F}" = Messenger Companion
"{10AB1F40-BDEC-4A8D-B427-30F9429378B0}" = Windows Live Movie Maker
"{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{15D95497-8F76-41E5-8894-EDDB59E39BD9}" = Windows Live メール
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B341C66-33EB-BAF0-6138-38AD1A502527}" = Catalyst Control Center
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D74451F-B220-E2E4-7FCD-520AA66F1A85}" = CCC Help Russian
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FAB6902-546D-9060-D0C8-4B502160AA06}" = CCC Help English
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{216DF734-6004-42C7-AFC9-A81DFD344BA8}" = Nero BurnRights 11
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C14B193-A623-7DAA-9660-BB1EBF870D6B}" = Catalyst Control Center InstallProxy
"{2CC1453B-3385-F6FF-735F-F3BA36758715}" = CCC Help Swedish
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{3253D3E5-C08E-E22B-BA99-DE88F520CBB3}" = CCC Help Korean
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D516940-6675-41C1-E3DA-E3D358A7C207}" = CCC Help Italian
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2122D0-66F7-4A53-96FC-079C900B1CAF}" = Nero BurnRights 11 Help (CHM)
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52B05867-9440-98ED-617B-6C05ACD1E457}" = Catalyst Control Center Graphics Previews Common
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{571F7B9B-96B8-E1B8-E198-0458BF5F80C4}" = CCC Help Hungarian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{675D8E1E-2388-4718-902C-E5FC4888AC0E}" = Windows Live Essentials
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{6C3F8916-D6A5-4A31-9DA8-80C973CE437F}" = Windows Live Writer
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7134EF35-DA07-41F8-A71F-66709E194BB5}" = Windows Live Mesh
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7540EB6A-FE9B-4EE2-37D9-A88DC87AA9E6}" = CCC Help Turkish
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B69C60A-A148-4572-978C-729029390651}" = Catalyst Control Center - Branding
"{7D263751-40FB-D719-9F42-B62B67553D6F}" = CCC Help Chinese Traditional
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{82EE309C-B63C-1AAA-79AB-8A5E5986B687}" = CCC Help Norwegian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88A686A9-D687-4295-B633-50D8A4B88371}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A66A2C8-0032-4949-8D99-C293A3EACF79}" = Windows Live Photo Common
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D59BE38-3A4F-4525-AD0D-8980E9E31EFA}" = Windows Live フォト ギャラリー
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931991F4-99D4-95A6-1235-EAA599884AC6}" = CCC Help Danish
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{990B884F-569C-5078-DD76-8BE91A569291}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E77F8EF-588E-D11B-697F-5514B97779DF}" = CCC Help Greek
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB34574F-AC24-AAB7-066E-680256DD91E9}" = Catalyst Control Center Localization All
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B740C369-EA8D-2FDB-4265-CB70DD08095D}" = CCC Help Spanish
"{B9818C90-560C-8DC7-E254-38323B9A41EA}" = CCC Help Polish
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BAF0CA91-4642-46C8-9BCD-C93B61508701}" = リモート接続用の Windows Live Mesh ActiveX コントロール (日本語)
"{BD37CF23-3458-BFD1-7583-F8FFC37561F2}" = CCC Help Czech
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF34B28A-4D50-439A-6B6B-13EA41235E43}" = CCC Help German
"{C2471823-76DB-B529-F037-8D02CAC5DE5E}" = CCC Help Dutch
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAE76FE1-BD65-3251-1B6F-6B519A661A1F}" = CCC Help Finnish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7809829-3AC8-FBFA-2001-0D9BEBE51386}" = CCC Help Portuguese
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE408577-9C0E-4E5F-BCB2-DB5B3A220958}" = Windows Live UX Platform Language Pack
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F79997CC-F030-93C6-7882-92DC241D7C07}" = CCC Help Thai
"{F8635CF8-B797-4EFD-80BC-DE2D26C65D4F}" = Nero 11 Essentials
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE3E16F2-D838-7B5F-A31E-2D55757D18E7}" = CCC Help French
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF575D7D-2A0D-4041-B931-57CF8CCD80D5}" = Network ScanGear Ver.2.30
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"claro" = Claro LTD toolbar  
"CravingExplorer_is1" = Craving Explorer Version 1.5.0
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{FF575D7D-2A0D-4041-B931-57CF8CCD80D5}" = Network ScanGear Ver.2.30
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Rainlendar2" = Rainlendar2 (remove only)
"Savings Sidekick" = Savings Sidekick
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-00d73ebb-c8c8-4254-83e0-0de071796b2e" = Virtual Villagers 4 - The Tree of Life
"WTA-0c70e73c-5b2a-46ca-83d1-9d0fcbebe2b4" = Jewel Quest Solitaire 2
"WTA-11ad25d2-ff7c-4517-ac1d-cd27760d9962" = Polar Bowler
"WTA-25c3c5d2-bd34-4047-9732-8ba44b8964f3" = Agatha Christie - Death on the Nile
"WTA-2cc1d9e8-e2a6-4e99-89c1-f5cf93919f65" = Bejeweled 3
"WTA-77d40a0d-33fa-4060-84e7-af2635f53912" = Plants vs. Zombies - Game of the Year
"WTA-9b96727d-8453-48cd-b1a0-58969aa39072" = Insaniquarium Deluxe
"WTA-b29535d2-08f8-4978-ab14-3b9695f2fe64" = Mystery P.I. - The London Caper
"WTA-c20ea4b3-de9e-4277-a9b3-3eda2b97ca95" = Cake Mania
"WTA-dd6f9e60-af90-414e-a54e-694bc352175d" = Chuzzle Deluxe
"WTA-f0c0d12f-1850-41d9-b691-3370111a87fa" = Aloha TriPeaks
"XSManager" = XSManager
"Yahoo!Jƒc[ƒ‹ƒo[" = Yahoo!ƒc[ƒ‹ƒo[
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-308888092-3790624405-3788023300-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Foxit PDF Creator Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.12.2012 07:09:47 | Computer Name = ***-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddCoreCsiFiles : GetNextFileMapContent() failed.  System
 Error: Falscher Parameter.  .
 
Error - 15.12.2012 07:09:47 | Computer Name = ***-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddCoreCsiFiles : GetNextFileMapContent() failed.  System
 Error: Falscher Parameter.  .
 
Error - 15.12.2012 08:02:09 | Computer Name = ***-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.12.2012 08:02:45 | Computer Name = ***-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a1c7  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
 Zeitstempel: 0x4e587ee8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000000c9ab
ID
 des fehlerhaften Prozesses: 0x5b8  Startzeit der fehlerhaften Anwendung: 0x01cddabbc7f20d4c
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe  Pfad des
 fehlerhaften Moduls: C:\windows\system32\OLEAUT32.dll  Berichtskennung: 558044b3-46af-11e2-9131-e840f2f25060
 
Error - 15.12.2012 11:16:57 | Computer Name = ***-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddCoreCsiFiles : GetNextFileMapContent() failed.  System
 Error: Falscher Parameter.  .
 
Error - 15.12.2012 11:16:58 | Computer Name = ***-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddCoreCsiFiles : GetNextFileMapContent() failed.  System
 Error: Falscher Parameter.  .
 
Error - 15.12.2012 11:25:58 | Computer Name = ***-TOSH | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.12.2012 11:27:00 | Computer Name = ***-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a1c7  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
 Zeitstempel: 0x4e587ee8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000000c9ab
ID
 des fehlerhaften Prozesses: 0xc44  Startzeit der fehlerhaften Anwendung: 0x01cddad867cec289
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe  Pfad des
 fehlerhaften Moduls: C:\windows\system32\OLEAUT32.dll  Berichtskennung: de505409-46cb-11e2-a728-e840f2f25060
 
Error - 15.12.2012 11:52:05 | Computer Name = ***-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddCoreCsiFiles : GetNextFileMapContent() failed.  System
 Error: Falscher Parameter.  .
 
Error - 15.12.2012 11:52:05 | Computer Name = ***-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddCoreCsiFiles : GetNextFileMapContent() failed.  System
 Error: Falscher Parameter.  .
 
[ Media Center Events ]
Error - 28.08.2012 01:03:42 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 07:03:42 - Fehler beim Herstellen der Internetverbindung.  07:03:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.08.2012 01:03:47 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 07:03:47 - Fehler beim Herstellen der Internetverbindung.  07:03:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.09.2012 01:40:08 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 07:40:08 - Fehler beim Herstellen der Internetverbindung.  07:40:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.09.2012 01:40:18 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 07:40:13 - Fehler beim Herstellen der Internetverbindung.  07:40:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.09.2012 03:00:56 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 09:00:56 - Fehler beim Herstellen der Internetverbindung.  09:00:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.09.2012 03:01:07 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 09:01:01 - Fehler beim Herstellen der Internetverbindung.  09:01:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 01.10.2012 10:43:12 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 16:43:12 - Fehler beim Herstellen der Internetverbindung.  16:43:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 01.10.2012 10:43:22 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 16:43:17 - Fehler beim Herstellen der Internetverbindung.  16:43:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02.10.2012 07:28:32 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 13:28:32 - Fehler beim Herstellen der Internetverbindung.  13:28:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02.10.2012 07:28:44 | Computer Name = ***-TOSH | Source = MCUpdate | ID = 0
Description = 13:28:38 - Fehler beim Herstellen der Internetverbindung.  13:28:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 04.02.2013 18:38:32 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.02.2013 18:39:46 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.02.2013 18:39:46 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.02.2013 18:39:46 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.02.2013 18:40:38 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.02.2013 18:40:38 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.02.2013 18:40:38 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.02.2013 18:44:48 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.02.2013 18:44:48 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.02.2013 18:44:48 | Computer Name = ***-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
Hallo Markus,

vielen vielen Dank für deine schnelle Antwort, dachte es kommt jetzt eine quälende Watezeit auf mich zu! Habe oben die OTL.txt und Extra.txt laufen lassen. Wie du geschrieben hast, funktioniert Internnet auf dem Abgespeicherten Modus mit Netzwerk. Komischerweise gingen ein paar Word-Dokumente kaputt, was vorhin vor dem quick-scan noch nicht der Fall war. Es kann daran liegen, dass ich den Scan-Vorgang unterbrochen habe, da ich dachte, dass die Häkchen falsch gesetzt waren. Sonst scheint es in Ordnung zu sein. Bei Avast steht unter Status : Bedrohung JS:Blacole-DO[Expl], ,sagt dir das was? Vielen Dank für die Unterstützung nochmal, es beruhigt zu wissen, dass es weitergeht!
__________________

Alt 05.02.2013, 16:57   #4
markusg
/// Malware-holic
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
[2013.02.03 19:43:36 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.02.03 19:43:36 | 000,000,067 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.02.03 19:43:31 | 000,001,058 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.02.03 19:43:29 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.02.2013, 18:57   #5
Cenchan
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



Hallo Markus,

ich hab deine Anweisungen ausgeführt und wollte den Text aus OTL von dem gesperrten PC aus hier reinkopieren. Anscheinend wurde die Internetverbindung gekappt, Lautstärke und Wartungscenter etc-- können nicht mehr ausgeführt werden. Was soll ich jetzt tun? Kann ich die Datei über einen USB-stick auf einen gesunden PC rüberladen (also von diesem pc) und von dort kopieren? oder kann der Virus übertragen werden??


Alt 05.02.2013, 18:59   #6
markusg
/// Malware-holic
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



evtl. noch mal n neustart machen, falls das nicht geht, abgesicherter modus mit Netzwerk testen, geht bei neustart meist über f8.
__________________
--> GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)

Alt 05.02.2013, 19:06   #7
Cenchan
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



Über das LAN-Kabel ging es doch noch, kann man die anderen nicht funktionierenden Sachen erst ignorieren?( merkwürdigerweise hat sich die Tastatur auch bei manchen Zeichen verschoben...)


Code:
ATTFilter
All processes killed
========== OTL ==========
File C:\ProgramData\dsgsdgdsgdsgw.reg not found.
File C:\ProgramData\dsgsdgdsgdsgw.bat not found.
C:\Users\Celine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
File C:\ProgramData\dsgsdgdsgdsgw.pad not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Celine
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1048388695 bytes
->Java cache emptied: 2386974 bytes
->Google Chrome cache emptied: 29631955 bytes
->Flash cache emptied: 61716 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 362183512 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 115281032 bytes
RecycleBin emptied: 10589222 bytes
 
Total Files Cleaned = 1.496,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02052013_182633
         

Alt 05.02.2013, 19:33   #8
markusg
/// Malware-holic
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



was heißt bei manchen Zeichen, bin kein Hellseher und benötige schon infos.
wir bekommen den Rest dann schon noch hin.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.02.2013, 20:00   #9
Cenchan
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



hier ist der log, musste bei 3files skippen.Das Problem mit der Tastatur scheint sich geklärt haben, kann sie wie zuvor normal benutzen. Sry für die Verwirrung, vllt irgendwo dumm hingekommen danke nochmal für die Hilfe!


Code:
ATTFilter
19:52:55.0583 2796  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:52:55.0755 2796  ============================================================
19:52:55.0755 2796  Current date / time: 2013/02/05 19:52:55.0755
19:52:55.0755 2796  SystemInfo:
19:52:55.0755 2796  
19:52:55.0755 2796  OS Version: 6.1.7601 ServicePack: 1.0
19:52:55.0755 2796  Product type: Workstation
19:52:55.0755 2796  ComputerName: CELINE-TOSH
19:52:55.0755 2796  UserName: Celine
19:52:55.0755 2796  Windows directory: C:\windows
19:52:55.0755 2796  System windows directory: C:\windows
19:52:55.0755 2796  Running under WOW64
19:52:55.0755 2796  Processor architecture: Intel x64
19:52:55.0755 2796  Number of processors: 8
19:52:55.0755 2796  Page size: 0x1000
19:52:55.0755 2796  Boot type: Safe boot with network
19:52:55.0755 2796  ============================================================
19:52:56.0192 2796  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:52:56.0192 2796  ============================================================
19:52:56.0192 2796  \Device\Harddisk0\DR0:
19:52:56.0192 2796  MBR partitions:
19:52:56.0192 2796  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48517800
19:52:56.0192 2796  ============================================================
19:52:56.0239 2796  C: <-> \Device\Harddisk0\DR0\Partition1
19:52:56.0239 2796  ============================================================
19:52:56.0239 2796  Initialize success
19:52:56.0239 2796  ============================================================
19:54:26.0687 1020  ============================================================
19:54:26.0687 1020  Scan started
19:54:26.0687 1020  Mode: Manual; SigCheck; TDLFS; 
19:54:26.0687 1020  ============================================================
19:54:26.0859 1020  ================ Scan system memory ========================
19:54:26.0859 1020  System memory - ok
19:54:26.0875 1020  ================ Scan services =============================
19:54:27.0046 1020  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
19:54:27.0140 1020  1394ohci - ok
19:54:27.0155 1020  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
19:54:27.0171 1020  ACPI - ok
19:54:27.0218 1020  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
19:54:27.0249 1020  AcpiPmi - ok
19:54:27.0343 1020  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:54:27.0343 1020  AdobeARMservice - ok
19:54:27.0452 1020  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:54:27.0467 1020  AdobeFlashPlayerUpdateSvc - ok
19:54:27.0499 1020  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
19:54:27.0514 1020  adp94xx - ok
19:54:27.0577 1020  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
19:54:27.0592 1020  adpahci - ok
19:54:27.0608 1020  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
19:54:27.0608 1020  adpu320 - ok
19:54:27.0655 1020  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
19:54:27.0764 1020  AeLookupSvc - ok
19:54:27.0811 1020  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
19:54:27.0857 1020  AFD - ok
19:54:27.0889 1020  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
19:54:27.0904 1020  agp440 - ok
19:54:27.0920 1020  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
19:54:27.0982 1020  ALG - ok
19:54:28.0013 1020  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
19:54:28.0029 1020  aliide - ok
19:54:28.0060 1020  [ 2437C0697BA89FC5FCF2ADE491BDC2B3 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
19:54:28.0107 1020  AMD External Events Utility - ok
19:54:28.0138 1020  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
19:54:28.0138 1020  amdide - ok
19:54:28.0169 1020  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
19:54:28.0201 1020  AmdK8 - ok
19:54:28.0403 1020  [ 184F11D8B76FACFE16390C4C47D32B5D ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
19:54:28.0653 1020  amdkmdag - ok
19:54:28.0684 1020  [ 54BC6F0E471033D8B22FB5E5BEA343EE ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
19:54:28.0715 1020  amdkmdap - ok
19:54:28.0715 1020  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
19:54:28.0747 1020  AmdPPM - ok
19:54:28.0793 1020  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
19:54:28.0793 1020  amdsata - ok
19:54:28.0809 1020  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
19:54:28.0825 1020  amdsbs - ok
19:54:28.0840 1020  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
19:54:28.0840 1020  amdxata - ok
19:54:28.0887 1020  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
19:54:29.0059 1020  AppID - ok
19:54:29.0074 1020  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
19:54:29.0121 1020  AppIDSvc - ok
19:54:29.0152 1020  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
19:54:29.0183 1020  Appinfo - ok
19:54:29.0230 1020  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:54:29.0246 1020  Apple Mobile Device - ok
19:54:29.0277 1020  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
19:54:29.0293 1020  arc - ok
19:54:29.0293 1020  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
19:54:29.0308 1020  arcsas - ok
19:54:29.0324 1020  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
19:54:29.0324 1020  aswFsBlk - ok
19:54:29.0371 1020  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
19:54:29.0371 1020  aswMonFlt - ok
19:54:29.0386 1020  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys
19:54:29.0386 1020  aswRdr - ok
19:54:29.0417 1020  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
19:54:29.0433 1020  aswSnx - ok
19:54:29.0464 1020  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\windows\system32\drivers\aswSP.sys
19:54:29.0480 1020  aswSP - ok
19:54:29.0527 1020  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
19:54:29.0527 1020  aswTdi - ok
19:54:29.0558 1020  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
19:54:29.0605 1020  AsyncMac - ok
19:54:29.0620 1020  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
19:54:29.0636 1020  atapi - ok
19:54:29.0698 1020  [ B594EA0B79A9028DAA640A0F0DC41FE6 ] athr            C:\windows\system32\DRIVERS\athrx.sys
19:54:29.0776 1020  athr - ok
19:54:29.0807 1020  [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
19:54:29.0807 1020  AtiHDAudioService - ok
19:54:29.0854 1020  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:54:29.0932 1020  AudioEndpointBuilder - ok
19:54:29.0948 1020  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
19:54:29.0979 1020  AudioSrv - ok
19:54:30.0057 1020  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:54:30.0057 1020  avast! Antivirus - ok
19:54:30.0088 1020  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
19:54:30.0151 1020  AxInstSV - ok
19:54:30.0197 1020  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
19:54:30.0229 1020  b06bdrv - ok
19:54:30.0260 1020  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
19:54:30.0291 1020  b57nd60a - ok
19:54:30.0338 1020  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
19:54:30.0369 1020  BDESVC - ok
19:54:30.0416 1020  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
19:54:30.0463 1020  Beep - ok
19:54:30.0494 1020  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
19:54:30.0541 1020  BFE - ok
19:54:30.0572 1020  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
19:54:30.0681 1020  BITS - ok
19:54:30.0712 1020  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
19:54:30.0743 1020  blbdrive - ok
19:54:30.0775 1020  [ 8B1E76B5F86DF4396D77AB09787F6D37 ] BMLoad          C:\windows\system32\drivers\BMLoad.sys
19:54:30.0790 1020  BMLoad ( UnsignedFile.Multi.Generic ) - warning
19:54:30.0790 1020  BMLoad - detected UnsignedFile.Multi.Generic (1)
19:54:30.0837 1020  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:54:30.0853 1020  Bonjour Service - ok
19:54:30.0884 1020  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
19:54:30.0915 1020  bowser - ok
19:54:30.0946 1020  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
19:54:30.0977 1020  BrFiltLo - ok
19:54:30.0993 1020  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
19:54:31.0024 1020  BrFiltUp - ok
19:54:31.0055 1020  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
19:54:31.0087 1020  Browser - ok
19:54:31.0243 1020  [ B98EF68B1E3DC5AC79A432900947EA2D ] Browser Manager C:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.exe
19:54:31.0352 1020  Browser Manager - ok
19:54:31.0399 1020  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
19:54:31.0445 1020  Brserid - ok
19:54:31.0461 1020  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
19:54:31.0477 1020  BrSerWdm - ok
19:54:31.0508 1020  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
19:54:31.0539 1020  BrUsbMdm - ok
19:54:31.0555 1020  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
19:54:31.0586 1020  BrUsbSer - ok
19:54:31.0633 1020  [ D31303617FE09F5F788BC34EB8028FB5 ] BtFilter        C:\windows\system32\DRIVERS\btfilter.sys
19:54:31.0633 1020  BtFilter - ok
19:54:31.0664 1020  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
19:54:31.0679 1020  BTHMODEM - ok
19:54:31.0726 1020  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
19:54:31.0773 1020  bthserv - ok
19:54:31.0929 1020  [ 9D8A415DF6E7BEF4FC34BF0A4C5C69AC ] Canon Driver Information Assist Service C:\Program Files\Canon\DIAS\CnxDIAS.exe
19:54:32.0116 1020  Canon Driver Information Assist Service - ok
19:54:32.0147 1020  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
19:54:32.0194 1020  cdfs - ok
19:54:32.0210 1020  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
19:54:32.0241 1020  cdrom - ok
19:54:32.0272 1020  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
19:54:32.0319 1020  CertPropSvc - ok
19:54:32.0335 1020  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
19:54:32.0366 1020  circlass - ok
19:54:32.0381 1020  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
19:54:32.0397 1020  CLFS - ok
19:54:32.0475 1020  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:54:32.0475 1020  clr_optimization_v2.0.50727_32 - ok
19:54:32.0522 1020  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:54:32.0522 1020  clr_optimization_v2.0.50727_64 - ok
19:54:32.0600 1020  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:54:32.0662 1020  clr_optimization_v4.0.30319_32 - ok
19:54:32.0709 1020  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:54:32.0725 1020  clr_optimization_v4.0.30319_64 - ok
19:54:32.0756 1020  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
19:54:32.0771 1020  CmBatt - ok
19:54:32.0771 1020  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
19:54:32.0787 1020  cmdide - ok
19:54:32.0834 1020  [ 2B3B8CBEA1BA1BCE5700607FBDB31034 ] cmnsusbser      C:\windows\system32\DRIVERS\cmnsusbser.sys
19:54:32.0865 1020  cmnsusbser - ok
19:54:32.0896 1020  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
19:54:32.0927 1020  CNG - ok
19:54:32.0974 1020  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
19:54:32.0990 1020  Compbatt - ok
19:54:33.0005 1020  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
19:54:33.0037 1020  CompositeBus - ok
19:54:33.0052 1020  COMSysApp - ok
19:54:33.0068 1020  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
19:54:33.0068 1020  crcdisk - ok
19:54:33.0099 1020  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
19:54:33.0146 1020  CryptSvc - ok
19:54:33.0208 1020  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:54:33.0224 1020  cvhsvc - ok
19:54:33.0255 1020  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
19:54:33.0317 1020  DcomLaunch - ok
19:54:33.0349 1020  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
19:54:33.0395 1020  defragsvc - ok
19:54:33.0427 1020  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
19:54:33.0473 1020  DfsC - ok
19:54:33.0520 1020  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
19:54:33.0551 1020  Dhcp - ok
19:54:33.0583 1020  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
19:54:33.0629 1020  discache - ok
19:54:33.0661 1020  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
19:54:33.0661 1020  Disk - ok
19:54:33.0692 1020  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
19:54:33.0723 1020  Dnscache - ok
19:54:33.0754 1020  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
19:54:33.0801 1020  dot3svc - ok
19:54:33.0832 1020  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
19:54:33.0879 1020  DPS - ok
19:54:33.0910 1020  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
19:54:33.0926 1020  drmkaud - ok
19:54:33.0957 1020  [ 85DBF6EC7BDFA6187F4A1EC8F3145CD0 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
19:54:33.0988 1020  DXGKrnl - ok
19:54:34.0019 1020  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
19:54:34.0051 1020  EapHost - ok
19:54:34.0144 1020  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
19:54:34.0222 1020  ebdrv - ok
19:54:34.0253 1020  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
19:54:34.0285 1020  EFS - ok
19:54:34.0347 1020  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
19:54:34.0378 1020  ehRecvr - ok
19:54:34.0409 1020  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
19:54:34.0441 1020  ehSched - ok
19:54:34.0487 1020  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
19:54:34.0503 1020  elxstor - ok
19:54:34.0519 1020  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
19:54:34.0534 1020  ErrDev - ok
19:54:34.0581 1020  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
19:54:34.0612 1020  EventSystem - ok
19:54:34.0643 1020  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
19:54:34.0690 1020  exfat - ok
19:54:34.0706 1020  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
19:54:34.0753 1020  fastfat - ok
19:54:34.0784 1020  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
19:54:34.0831 1020  Fax - ok
19:54:34.0846 1020  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
19:54:34.0862 1020  fdc - ok
19:54:34.0893 1020  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
19:54:34.0924 1020  fdPHost - ok
19:54:34.0940 1020  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
19:54:34.0971 1020  FDResPub - ok
19:54:34.0987 1020  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
19:54:35.0002 1020  FileInfo - ok
19:54:35.0018 1020  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
19:54:35.0065 1020  Filetrace - ok
19:54:35.0096 1020  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
19:54:35.0096 1020  flpydisk - ok
19:54:35.0127 1020  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
19:54:35.0143 1020  FltMgr - ok
19:54:35.0174 1020  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
19:54:35.0236 1020  FontCache - ok
19:54:35.0267 1020  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:54:35.0283 1020  FontCache3.0.0.0 - ok
19:54:35.0299 1020  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
19:54:35.0314 1020  FsDepends - ok
19:54:35.0361 1020  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
19:54:35.0361 1020  fssfltr - ok
19:54:35.0439 1020  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:54:35.0470 1020  fsssvc - ok
19:54:35.0486 1020  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
19:54:35.0501 1020  Fs_Rec - ok
19:54:35.0517 1020  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
19:54:35.0533 1020  fvevol - ok
19:54:35.0564 1020  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
19:54:35.0579 1020  gagp30kx - ok
19:54:35.0611 1020  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:54:35.0626 1020  GamesAppService - ok
19:54:35.0657 1020  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:54:35.0657 1020  GEARAspiWDM - ok
19:54:35.0689 1020  [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv        C:\Windows\System32\GFNEXSrv.exe
19:54:35.0689 1020  GFNEXSrv - ok
19:54:35.0782 1020  [ F1951EF0151372B54C49F3B7B99F051A ] GoogleIMEJaCacheService C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
19:54:35.0813 1020  GoogleIMEJaCacheService - ok
19:54:35.0845 1020  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
19:54:35.0876 1020  gpsvc - ok
19:54:35.0938 1020  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:54:35.0938 1020  gupdate - ok
19:54:35.0938 1020  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:54:35.0954 1020  gupdatem - ok
19:54:36.0016 1020  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:54:36.0032 1020  gusvc - ok
19:54:36.0047 1020  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
19:54:36.0079 1020  hcw85cir - ok
19:54:36.0125 1020  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:54:36.0141 1020  HdAudAddService - ok
19:54:36.0188 1020  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
19:54:36.0203 1020  HDAudBus - ok
19:54:36.0219 1020  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
19:54:36.0250 1020  HidBatt - ok
19:54:36.0281 1020  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
19:54:36.0313 1020  HidBth - ok
19:54:36.0328 1020  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
19:54:36.0344 1020  HidIr - ok
19:54:36.0359 1020  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
19:54:36.0406 1020  hidserv - ok
19:54:36.0453 1020  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
19:54:36.0453 1020  HidUsb - ok
19:54:36.0484 1020  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
19:54:36.0531 1020  hkmsvc - ok
19:54:36.0562 1020  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:54:36.0609 1020  HomeGroupListener - ok
19:54:36.0625 1020  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:54:36.0640 1020  HomeGroupProvider - ok
19:54:36.0671 1020  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
19:54:36.0671 1020  HpSAMD - ok
19:54:36.0718 1020  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
19:54:36.0765 1020  HTTP - ok
19:54:36.0796 1020  [ BAFE6B0B92BE69144D59907550A07678 ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys
19:54:36.0843 1020  huawei_enumerator - ok
19:54:36.0874 1020  [ F47F112DC883F7A9E4618A006CC6DE1B ] hwdatacard      C:\windows\system32\DRIVERS\ewusbmdm.sys
19:54:36.0921 1020  hwdatacard - ok
19:54:36.0921 1020  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
19:54:36.0937 1020  hwpolicy - ok
19:54:36.0952 1020  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
19:54:36.0968 1020  i8042prt - ok
19:54:36.0983 1020  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
19:54:36.0999 1020  iaStor - ok
19:54:37.0030 1020  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
19:54:37.0046 1020  iaStorV - ok
19:54:37.0077 1020  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:54:37.0108 1020  idsvc - ok
19:54:37.0139 1020  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
19:54:37.0139 1020  iirsp - ok
19:54:37.0171 1020  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
19:54:37.0217 1020  IKEEXT - ok
19:54:37.0327 1020  [ 7C49C45A86CC0CD59C36701FB2A91E77 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:54:37.0420 1020  IntcAzAudAddService - ok
19:54:37.0483 1020  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:54:37.0498 1020  Intel(R) Capability Licensing Service Interface - ok
19:54:37.0545 1020  [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
19:54:37.0545 1020  Intel(R) ME Service - ok
19:54:37.0561 1020  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
19:54:37.0561 1020  intelide - ok
19:54:37.0592 1020  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
19:54:37.0623 1020  intelppm - ok
19:54:37.0654 1020  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
19:54:37.0685 1020  IPBusEnum - ok
19:54:37.0701 1020  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
19:54:37.0732 1020  IpFilterDriver - ok
19:54:37.0763 1020  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
19:54:37.0795 1020  iphlpsvc - ok
19:54:37.0810 1020  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
19:54:37.0826 1020  IPMIDRV - ok
19:54:37.0841 1020  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
19:54:37.0888 1020  IPNAT - ok
19:54:37.0935 1020  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:54:37.0951 1020  iPod Service - ok
19:54:37.0966 1020  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
19:54:37.0982 1020  IRENUM - ok
19:54:38.0013 1020  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
19:54:38.0013 1020  isapnp - ok
19:54:38.0044 1020  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
19:54:38.0060 1020  iScsiPrt - ok
19:54:38.0075 1020  [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs        C:\windows\system32\DRIVERS\iusb3hcs.sys
19:54:38.0075 1020  iusb3hcs - ok
19:54:38.0107 1020  [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub        C:\windows\system32\DRIVERS\iusb3hub.sys
19:54:38.0122 1020  iusb3hub - ok
19:54:38.0153 1020  [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc        C:\windows\system32\DRIVERS\iusb3xhc.sys
19:54:38.0169 1020  iusb3xhc - ok
19:54:38.0216 1020  [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:54:38.0216 1020  jhi_service - ok
19:54:38.0247 1020  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
19:54:38.0247 1020  kbdclass - ok
19:54:38.0278 1020  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
19:54:38.0294 1020  kbdhid - ok
19:54:38.0309 1020  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
19:54:38.0325 1020  KeyIso - ok
19:54:38.0341 1020  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
19:54:38.0356 1020  KSecDD - ok
19:54:38.0387 1020  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
19:54:38.0387 1020  KSecPkg - ok
19:54:38.0419 1020  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
19:54:38.0450 1020  ksthunk - ok
19:54:38.0481 1020  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
19:54:38.0543 1020  KtmRm - ok
19:54:38.0575 1020  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
19:54:38.0621 1020  LanmanServer - ok
19:54:38.0653 1020  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:54:38.0699 1020  LanmanWorkstation - ok
19:54:38.0746 1020  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
19:54:38.0762 1020  lltdio - ok
19:54:38.0793 1020  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
19:54:38.0840 1020  lltdsvc - ok
19:54:38.0855 1020  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
19:54:38.0887 1020  lmhosts - ok
19:54:38.0933 1020  [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:54:38.0949 1020  LMS - ok
19:54:38.0965 1020  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
19:54:38.0980 1020  LSI_FC - ok
19:54:38.0996 1020  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
19:54:39.0011 1020  LSI_SAS - ok
19:54:39.0011 1020  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
19:54:39.0027 1020  LSI_SAS2 - ok
19:54:39.0027 1020  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
19:54:39.0027 1020  LSI_SCSI - ok
19:54:39.0058 1020  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
19:54:39.0105 1020  luafv - ok
19:54:39.0136 1020  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
19:54:39.0152 1020  Mcx2Svc - ok
19:54:39.0183 1020  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
19:54:39.0183 1020  megasas - ok
19:54:39.0199 1020  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
19:54:39.0214 1020  MegaSR - ok
19:54:39.0261 1020  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
19:54:39.0261 1020  MEIx64 - ok
19:54:39.0292 1020  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
19:54:39.0339 1020  MMCSS - ok
19:54:39.0355 1020  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
19:54:39.0401 1020  Modem - ok
19:54:39.0433 1020  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
19:54:39.0448 1020  monitor - ok
19:54:39.0464 1020  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
19:54:39.0479 1020  mouclass - ok
19:54:39.0511 1020  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
19:54:39.0526 1020  mouhid - ok
19:54:39.0557 1020  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
19:54:39.0557 1020  mountmgr - ok
19:54:39.0604 1020  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
19:54:39.0604 1020  mpio - ok
19:54:39.0620 1020  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
19:54:39.0667 1020  mpsdrv - ok
19:54:39.0713 1020  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
19:54:39.0760 1020  MpsSvc - ok
19:54:39.0776 1020  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
19:54:39.0807 1020  MRxDAV - ok
19:54:39.0823 1020  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
19:54:39.0869 1020  mrxsmb - ok
19:54:39.0885 1020  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
19:54:39.0901 1020  mrxsmb10 - ok
19:54:39.0901 1020  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
19:54:39.0916 1020  mrxsmb20 - ok
19:54:39.0947 1020  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
19:54:39.0963 1020  msahci - ok
19:54:39.0979 1020  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
19:54:39.0979 1020  msdsm - ok
19:54:40.0010 1020  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
19:54:40.0010 1020  MSDTC - ok
19:54:40.0041 1020  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
19:54:40.0072 1020  Msfs - ok
19:54:40.0088 1020  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
19:54:40.0119 1020  mshidkmdf - ok
19:54:40.0150 1020  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
19:54:40.0150 1020  msisadrv - ok
19:54:40.0181 1020  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
19:54:40.0228 1020  MSiSCSI - ok
19:54:40.0228 1020  msiserver - ok
19:54:40.0259 1020  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
19:54:40.0306 1020  MSKSSRV - ok
19:54:40.0322 1020  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
19:54:40.0369 1020  MSPCLOCK - ok
19:54:40.0400 1020  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
19:54:40.0431 1020  MSPQM - ok
19:54:40.0462 1020  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
19:54:40.0478 1020  MsRPC - ok
19:54:40.0493 1020  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
19:54:40.0509 1020  mssmbios - ok
19:54:40.0525 1020  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
19:54:40.0556 1020  MSTEE - ok
19:54:40.0587 1020  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
19:54:40.0618 1020  MTConfig - ok
19:54:40.0634 1020  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
19:54:40.0634 1020  Mup - ok
19:54:40.0681 1020  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
19:54:40.0712 1020  napagent - ok
19:54:40.0743 1020  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
19:54:40.0774 1020  NativeWifiP - ok
19:54:40.0868 1020  [ DFE14D63F0F649EE94A9E3442B7C8F2C ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
19:54:40.0883 1020  NAUpdate - ok
19:54:40.0883 1020  [ DACA803A8D732FE5EEAA024EC342F81D ] NBVol           C:\windows\system32\DRIVERS\NBVol.sys
19:54:40.0899 1020  NBVol - ok
19:54:40.0899 1020  [ 6208F622E9E35860DFB0753DFF56F0C0 ] NBVolUp         C:\windows\system32\DRIVERS\NBVolUp.sys
19:54:40.0899 1020  NBVolUp - ok
19:54:40.0961 1020  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
19:54:40.0977 1020  NDIS - ok
19:54:40.0993 1020  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
19:54:41.0039 1020  NdisCap - ok
19:54:41.0071 1020  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
19:54:41.0086 1020  NdisTapi - ok
19:54:41.0117 1020  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
19:54:41.0149 1020  Ndisuio - ok
19:54:41.0164 1020  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
19:54:41.0195 1020  NdisWan - ok
19:54:41.0227 1020  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
19:54:41.0273 1020  NDProxy - ok
19:54:41.0289 1020  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
19:54:41.0336 1020  NetBIOS - ok
19:54:41.0367 1020  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
19:54:41.0398 1020  NetBT - ok
19:54:41.0429 1020  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
19:54:41.0429 1020  Netlogon - ok
19:54:41.0461 1020  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
19:54:41.0507 1020  Netman - ok
19:54:41.0539 1020  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
19:54:41.0585 1020  netprofm - ok
19:54:41.0617 1020  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:54:41.0632 1020  NetTcpPortSharing - ok
19:54:41.0663 1020  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
19:54:41.0663 1020  nfrd960 - ok
19:54:41.0710 1020  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
19:54:41.0726 1020  NlaSvc - ok
19:54:41.0741 1020  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
19:54:41.0773 1020  Npfs - ok
19:54:41.0804 1020  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
19:54:41.0819 1020  nsi - ok
19:54:41.0851 1020  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
19:54:41.0882 1020  nsiproxy - ok
19:54:41.0929 1020  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
19:54:41.0960 1020  Ntfs - ok
19:54:41.0975 1020  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
19:54:42.0022 1020  Null - ok
19:54:42.0038 1020  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
19:54:42.0053 1020  nvraid - ok
19:54:42.0085 1020  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
19:54:42.0085 1020  nvstor - ok
19:54:42.0116 1020  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
19:54:42.0131 1020  nv_agp - ok
19:54:42.0147 1020  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
19:54:42.0163 1020  ohci1394 - ok
19:54:42.0178 1020  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:54:42.0194 1020  ose - ok
19:54:42.0350 1020  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:54:42.0506 1020  osppsvc - ok
19:54:42.0537 1020  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
19:54:42.0568 1020  p2pimsvc - ok
19:54:42.0584 1020  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
19:54:42.0615 1020  p2psvc - ok
19:54:42.0646 1020  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
19:54:42.0662 1020  Parport - ok
19:54:42.0693 1020  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
19:54:42.0693 1020  partmgr - ok
19:54:42.0724 1020  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
19:54:42.0755 1020  PcaSvc - ok
19:54:42.0771 1020  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
19:54:42.0787 1020  pci - ok
19:54:42.0818 1020  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\DRIVERS\pciide.sys
19:54:42.0818 1020  pciide - ok
19:54:42.0833 1020  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
19:54:42.0849 1020  pcmcia - ok
19:54:42.0865 1020  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
19:54:42.0880 1020  pcw - ok
19:54:42.0896 1020  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
19:54:42.0943 1020  PEAUTH - ok
19:54:43.0005 1020  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
19:54:43.0067 1020  PerfHost - ok
19:54:43.0114 1020  [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
19:54:43.0114 1020  PGEffect - ok
19:54:43.0192 1020  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
19:54:43.0223 1020  pla - ok
19:54:43.0255 1020  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
19:54:43.0286 1020  PlugPlay - ok
19:54:43.0301 1020  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
19:54:43.0333 1020  PNRPAutoReg - ok
19:54:43.0348 1020  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
19:54:43.0348 1020  PNRPsvc - ok
19:54:43.0379 1020  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
19:54:43.0426 1020  PolicyAgent - ok
19:54:43.0457 1020  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\windows\system32\umpo.dll
19:54:43.0489 1020  Power - ok
19:54:43.0520 1020  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
19:54:43.0551 1020  PptpMiniport - ok
19:54:43.0567 1020  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
19:54:43.0582 1020  Processor - ok
19:54:43.0629 1020  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
19:54:43.0660 1020  ProfSvc - ok
19:54:43.0676 1020  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:54:43.0676 1020  ProtectedStorage - ok
19:54:43.0707 1020  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
19:54:43.0738 1020  Psched - ok
19:54:43.0785 1020  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
19:54:43.0816 1020  ql2300 - ok
19:54:43.0832 1020  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
19:54:43.0847 1020  ql40xx - ok
19:54:43.0879 1020  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
19:54:43.0879 1020  QWAVE - ok
19:54:43.0910 1020  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
19:54:43.0941 1020  QWAVEdrv - ok
19:54:43.0957 1020  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
19:54:44.0003 1020  RasAcd - ok
19:54:44.0035 1020  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
19:54:44.0066 1020  RasAgileVpn - ok
19:54:44.0097 1020  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
19:54:44.0144 1020  RasAuto - ok
19:54:44.0191 1020  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
19:54:44.0206 1020  Rasl2tp - ok
19:54:44.0253 1020  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
19:54:44.0300 1020  RasMan - ok
19:54:44.0331 1020  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
19:54:44.0378 1020  RasPppoe - ok
19:54:44.0378 1020  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
19:54:44.0425 1020  RasSstp - ok
19:54:44.0440 1020  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
19:54:44.0487 1020  rdbss - ok
19:54:44.0503 1020  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
19:54:44.0534 1020  rdpbus - ok
19:54:44.0549 1020  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
19:54:44.0596 1020  RDPCDD - ok
19:54:44.0612 1020  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
19:54:44.0643 1020  RDPENCDD - ok
19:54:44.0674 1020  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
19:54:44.0705 1020  RDPREFMP - ok
19:54:44.0737 1020  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
19:54:44.0783 1020  RDPWD - ok
19:54:44.0815 1020  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
19:54:44.0830 1020  rdyboost - ok
19:54:44.0846 1020  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
19:54:44.0877 1020  RemoteAccess - ok
19:54:44.0924 1020  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
19:54:44.0971 1020  RemoteRegistry - ok
19:54:44.0986 1020  [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb          C:\windows\system32\Drivers\RimUsb_AMD64.sys
19:54:45.0017 1020  RimUsb - ok
19:54:45.0049 1020  [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort     C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
19:54:45.0064 1020  RimVSerPort - ok
19:54:45.0111 1020  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\windows\system32\Drivers\RootMdm.sys
19:54:45.0158 1020  ROOTMODEM - ok
19:54:45.0189 1020  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
19:54:45.0220 1020  RpcEptMapper - ok
19:54:45.0236 1020  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
19:54:45.0236 1020  RpcLocator - ok
19:54:45.0267 1020  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
19:54:45.0298 1020  RpcSs - ok
19:54:45.0314 1020  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
19:54:45.0361 1020  rspndr - ok
19:54:45.0392 1020  [ BB1C3DF1D6CC0972E9C7268A19E62D2E ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
19:54:45.0392 1020  RSUSBSTOR - ok
19:54:45.0423 1020  [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
19:54:45.0439 1020  RTL8167 - ok
19:54:45.0454 1020  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
19:54:45.0454 1020  SamSs - ok
19:54:45.0470 1020  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
19:54:45.0485 1020  sbp2port - ok
19:54:45.0501 1020  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
19:54:45.0548 1020  SCardSvr - ok
19:54:45.0579 1020  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
19:54:45.0610 1020  scfilter - ok
19:54:45.0642 1020  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
19:54:45.0704 1020  Schedule - ok
19:54:45.0735 1020  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
19:54:45.0751 1020  SCPolicySvc - ok
19:54:45.0782 1020  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
19:54:45.0813 1020  SDRSVC - ok
19:54:45.0829 1020  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
19:54:45.0860 1020  secdrv - ok
19:54:45.0876 1020  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
19:54:45.0907 1020  seclogon - ok
19:54:45.0922 1020  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
19:54:45.0969 1020  SENS - ok
19:54:46.0000 1020  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
19:54:46.0032 1020  SensrSvc - ok
19:54:46.0047 1020  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
19:54:46.0078 1020  Serenum - ok
19:54:46.0125 1020  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
19:54:46.0141 1020  Serial - ok
19:54:46.0156 1020  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
19:54:46.0172 1020  sermouse - ok
19:54:46.0219 1020  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
19:54:46.0250 1020  SessionEnv - ok
19:54:46.0281 1020  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
19:54:46.0297 1020  sffdisk - ok
19:54:46.0312 1020  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
19:54:46.0328 1020  sffp_mmc - ok
19:54:46.0344 1020  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
19:54:46.0375 1020  sffp_sd - ok
19:54:46.0390 1020  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
19:54:46.0390 1020  sfloppy - ok
19:54:46.0437 1020  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
19:54:46.0453 1020  Sftfs - ok
19:54:46.0500 1020  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:54:46.0515 1020  sftlist - ok
19:54:46.0531 1020  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
19:54:46.0546 1020  Sftplay - ok
19:54:46.0562 1020  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
19:54:46.0562 1020  Sftredir - ok
19:54:46.0578 1020  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
19:54:46.0578 1020  Sftvol - ok
19:54:46.0609 1020  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:54:46.0624 1020  sftvsa - ok
19:54:46.0671 1020  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
19:54:46.0702 1020  SharedAccess - ok
19:54:46.0718 1020  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:54:46.0749 1020  ShellHWDetection - ok
19:54:46.0780 1020  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
19:54:46.0780 1020  SiSRaid2 - ok
19:54:46.0796 1020  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
19:54:46.0812 1020  SiSRaid4 - ok
19:54:46.0858 1020  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:54:46.0874 1020  SkypeUpdate - ok
19:54:46.0905 1020  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
19:54:46.0952 1020  Smb - ok
19:54:46.0983 1020  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
19:54:46.0999 1020  SNMPTRAP - ok
19:54:47.0030 1020  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
19:54:47.0030 1020  spldr - ok
19:54:47.0046 1020  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
19:54:47.0092 1020  Spooler - ok
19:54:47.0170 1020  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
19:54:47.0295 1020  sppsvc - ok
19:54:47.0295 1020  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
19:54:47.0342 1020  sppuinotify - ok
19:54:47.0373 1020  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
19:54:47.0404 1020  srv - ok
19:54:47.0436 1020  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
19:54:47.0467 1020  srv2 - ok
19:54:47.0498 1020  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
19:54:47.0514 1020  srvnet - ok
19:54:47.0545 1020  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
19:54:47.0592 1020  SSDPSRV - ok
19:54:47.0607 1020  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
19:54:47.0638 1020  SstpSvc - ok
19:54:47.0654 1020  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
19:54:47.0670 1020  stexstor - ok
19:54:47.0701 1020  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
19:54:47.0716 1020  stisvc - ok
19:54:47.0732 1020  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
19:54:47.0748 1020  swenum - ok
19:54:47.0763 1020  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
19:54:47.0794 1020  swprv - ok
19:54:47.0841 1020  [ B868E292FBA5B62B9FC71572A5FAEF5C ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
19:54:47.0857 1020  SynTP - ok
19:54:47.0888 1020  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
19:54:47.0935 1020  SysMain - ok
19:54:47.0966 1020  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:54:47.0982 1020  TabletInputService - ok
19:54:47.0997 1020  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
19:54:48.0028 1020  TapiSrv - ok
19:54:48.0060 1020  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
19:54:48.0091 1020  TBS - ok
19:54:48.0138 1020  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
19:54:48.0169 1020  Tcpip - ok
19:54:48.0216 1020  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
19:54:48.0247 1020  TCPIP6 - ok
19:54:48.0262 1020  [ FBA939B917976B2C37F1B235DFCD4876 ] tcpipBM         C:\windows\system32\drivers\tcpipBM.sys
19:54:48.0294 1020  tcpipBM ( UnsignedFile.Multi.Generic ) - warning
19:54:48.0294 1020  tcpipBM - detected UnsignedFile.Multi.Generic (1)
19:54:48.0325 1020  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
19:54:48.0356 1020  tcpipreg - ok
19:54:48.0403 1020  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
19:54:48.0403 1020  tdcmdpst - ok
19:54:48.0418 1020  TDEIO - ok
19:54:48.0434 1020  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
19:54:48.0465 1020  TDPIPE - ok
19:54:48.0481 1020  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
19:54:48.0496 1020  TDTCP - ok
19:54:48.0528 1020  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
19:54:48.0559 1020  tdx - ok
19:54:48.0606 1020  [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
19:54:48.0606 1020  TemproMonitoringService - ok
19:54:48.0621 1020  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
19:54:48.0637 1020  TermDD - ok
19:54:48.0668 1020  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
19:54:48.0715 1020  TermService - ok
19:54:48.0746 1020  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
19:54:48.0762 1020  Themes - ok
19:54:48.0777 1020  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
19:54:48.0808 1020  THREADORDER - ok
19:54:48.0871 1020  [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:54:48.0871 1020  TMachInfo - ok
19:54:48.0886 1020  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv         C:\windows\system32\TODDSrv.exe
19:54:48.0902 1020  TODDSrv - ok
19:54:49.0011 1020  [ 4AE80C5F7772C4FB2A762F70AD4A111E ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:54:49.0027 1020  TosCoSrv - ok
19:54:49.0074 1020  [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
19:54:49.0074 1020  TOSHIBA Bluetooth Service - ok
19:54:49.0136 1020  [ 6E2330FB032ED3EBEFC1349AD7081A98 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:54:49.0136 1020  TOSHIBA eco Utility Service - ok
19:54:49.0183 1020  [ 9338C2DEB14CA2804BCB3276CB7EB4FD ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:54:49.0198 1020  TOSHIBA HDD SSD Alert Service - ok
19:54:49.0214 1020  [ 755E5CA34D6186FC0E1430CD47E6E97C ] toshidpt        C:\windows\system32\drivers\Toshidpt.sys
19:54:49.0230 1020  toshidpt - ok
19:54:49.0230 1020  [ 8021F63311797085949FA387F7C83583 ] tosporte        C:\windows\system32\DRIVERS\tosporte.sys
19:54:49.0245 1020  tosporte - ok
19:54:49.0276 1020  [ B9FA0498F6CC596FFA5CF47A04CD1785 ] tosrfbd         C:\windows\system32\DRIVERS\tosrfbd.sys
19:54:49.0292 1020  tosrfbd - ok
19:54:49.0308 1020  [ 90F0B1745ABF13F44C2A6ED79F7CE9FB ] tosrfbnp        C:\windows\system32\Drivers\tosrfbnp.sys
19:54:49.0323 1020  tosrfbnp - ok
19:54:49.0354 1020  [ 9E4E65EA51E34647340BD6007467AC54 ] Tosrfcom        C:\windows\system32\Drivers\tosrfcom.sys
19:54:49.0370 1020  Tosrfcom - ok
19:54:49.0401 1020  [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec         C:\windows\system32\DRIVERS\tosrfec.sys
19:54:49.0401 1020  tosrfec - ok
19:54:49.0432 1020  [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid        C:\windows\system32\DRIVERS\Tosrfhid.sys
19:54:49.0432 1020  Tosrfhid - ok
19:54:49.0448 1020  [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds        C:\windows\system32\DRIVERS\tosrfnds.sys
19:54:49.0448 1020  tosrfnds - ok
19:54:49.0464 1020  [ 7052B10E54B48AF12BD5606596A8E039 ] TosRfSnd        C:\windows\system32\drivers\tosrfsnd.sys
19:54:49.0495 1020  TosRfSnd - ok
19:54:49.0526 1020  [ AF8A0D2E2A41043A77CA77CCBDB8D9C2 ] Tosrfusb        C:\windows\system32\DRIVERS\tosrfusb.sys
19:54:49.0542 1020  Tosrfusb - ok
19:54:49.0604 1020  [ 36CDD894395BEC46EFB14F49D77D3D82 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
19:54:49.0620 1020  TPCHSrv - ok
19:54:49.0651 1020  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
19:54:49.0682 1020  TrkWks - ok
19:54:49.0729 1020  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:54:49.0744 1020  TrustedInstaller - ok
19:54:49.0776 1020  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
19:54:49.0807 1020  tssecsrv - ok
19:54:49.0838 1020  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
19:54:49.0869 1020  TsUsbFlt - ok
19:54:49.0885 1020  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
19:54:49.0900 1020  TsUsbGD - ok
19:54:49.0947 1020  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
19:54:49.0994 1020  tunnel - ok
19:54:50.0025 1020  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:54:50.0041 1020  TVALZ - ok
19:54:50.0056 1020  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
19:54:50.0072 1020  TVALZFL - ok
19:54:50.0072 1020  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
19:54:50.0088 1020  uagp35 - ok
19:54:50.0103 1020  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
19:54:50.0150 1020  udfs - ok
19:54:50.0181 1020  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
19:54:50.0197 1020  UI0Detect - ok
19:54:50.0212 1020  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
19:54:50.0228 1020  uliagpkx - ok
19:54:50.0259 1020  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
19:54:50.0275 1020  umbus - ok
19:54:50.0290 1020  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
19:54:50.0322 1020  UmPass - ok
19:54:50.0384 1020  [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:54:50.0400 1020  UNS - ok
19:54:50.0431 1020  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
19:54:50.0462 1020  upnphost - ok
19:54:50.0509 1020  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
19:54:50.0540 1020  USBAAPL64 - ok
19:54:50.0556 1020  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
19:54:50.0587 1020  usbccgp - ok
19:54:50.0618 1020  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
19:54:50.0634 1020  usbcir - ok
19:54:50.0665 1020  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
19:54:50.0680 1020  usbehci - ok
19:54:50.0727 1020  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
19:54:50.0743 1020  usbhub - ok
19:54:50.0758 1020  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
19:54:50.0774 1020  usbohci - ok
19:54:50.0790 1020  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\drivers\usbprint.sys
19:54:50.0805 1020  usbprint - ok
19:54:50.0821 1020  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
19:54:50.0868 1020  USBSTOR - ok
19:54:50.0883 1020  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
19:54:50.0899 1020  usbuhci - ok
19:54:50.0946 1020  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
19:54:50.0961 1020  usbvideo - ok
19:54:50.0992 1020  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
19:54:51.0039 1020  UxSms - ok
19:54:51.0055 1020  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
19:54:51.0055 1020  VaultSvc - ok
19:54:51.0086 1020  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
19:54:51.0086 1020  vdrvroot - ok
19:54:51.0102 1020  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
19:54:51.0133 1020  vds - ok
19:54:51.0180 1020  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
19:54:51.0180 1020  vga - ok
19:54:51.0211 1020  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
19:54:51.0242 1020  VgaSave - ok
19:54:51.0273 1020  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
19:54:51.0273 1020  vhdmp - ok
19:54:51.0289 1020  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
19:54:51.0289 1020  viaide - ok
19:54:51.0367 1020  [ 59E6D1CC4EA1A19D07570AA0657ED966 ] VmbService      C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
19:54:51.0445 1020  VmbService ( UnsignedFile.Multi.Generic ) - warning
19:54:51.0445 1020  VmbService - detected UnsignedFile.Multi.Generic (1)
19:54:51.0476 1020  [ 1E4D31FEC921300C5F262C52F5FCC666 ] vodafone_K3805-z_dc_enum C:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
19:54:51.0507 1020  vodafone_K3805-z_dc_enum - ok
19:54:51.0538 1020  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
19:54:51.0538 1020  volmgr - ok
19:54:51.0554 1020  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
19:54:51.0570 1020  volmgrx - ok
19:54:51.0585 1020  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
19:54:51.0601 1020  volsnap - ok
19:54:51.0616 1020  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
19:54:51.0632 1020  vsmraid - ok
19:54:51.0679 1020  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
19:54:51.0741 1020  VSS - ok
19:54:51.0741 1020  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
19:54:51.0772 1020  vwifibus - ok
19:54:51.0788 1020  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
19:54:51.0804 1020  vwififlt - ok
19:54:51.0850 1020  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
19:54:51.0866 1020  vwifimp - ok
19:54:51.0882 1020  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
19:54:51.0913 1020  W32Time - ok
19:54:51.0928 1020  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
19:54:51.0944 1020  WacomPen - ok
19:54:51.0991 1020  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
19:54:52.0038 1020  WANARP - ok
19:54:52.0038 1020  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
19:54:52.0069 1020  Wanarpv6 - ok
19:54:52.0116 1020  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
19:54:52.0178 1020  wbengine - ok
19:54:52.0209 1020  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
19:54:52.0240 1020  WbioSrvc - ok
19:54:52.0256 1020  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
19:54:52.0272 1020  wcncsvc - ok
19:54:52.0287 1020  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:54:52.0318 1020  WcsPlugInService - ok
19:54:52.0350 1020  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
19:54:52.0350 1020  Wd - ok
19:54:52.0381 1020  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
19:54:52.0396 1020  Wdf01000 - ok
19:54:52.0412 1020  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
19:54:52.0474 1020  WdiServiceHost - ok
19:54:52.0490 1020  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
19:54:52.0490 1020  WdiSystemHost - ok
19:54:52.0521 1020  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
19:54:52.0552 1020  WebClient - ok
19:54:52.0568 1020  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
19:54:52.0615 1020  Wecsvc - ok
19:54:52.0646 1020  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
19:54:52.0677 1020  wercplsupport - ok
19:54:52.0693 1020  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
19:54:52.0724 1020  WerSvc - ok
19:54:52.0740 1020  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
19:54:52.0755 1020  WfpLwf - ok
19:54:52.0786 1020  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
19:54:52.0802 1020  WIMMount - ok
19:54:52.0818 1020  WinDefend - ok
19:54:52.0818 1020  WinHttpAutoProxySvc - ok
19:54:52.0864 1020  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
19:54:52.0896 1020  Winmgmt - ok
19:54:52.0958 1020  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
19:54:53.0005 1020  WinRM - ok
19:54:53.0052 1020  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
19:54:53.0083 1020  WinUsb - ok
19:54:53.0130 1020  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
19:54:53.0161 1020  Wlansvc - ok
19:54:53.0208 1020  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:54:53.0223 1020  wlcrasvc - ok
19:54:53.0332 1020  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:54:53.0379 1020  wlidsvc - ok
19:54:53.0410 1020  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
19:54:53.0410 1020  WmiAcpi - ok
19:54:53.0457 1020  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
19:54:53.0473 1020  wmiApSrv - ok
19:54:53.0504 1020  WMPNetworkSvc - ok
19:54:53.0520 1020  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
19:54:53.0535 1020  WPCSvc - ok
19:54:53.0551 1020  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
19:54:53.0582 1020  WPDBusEnum - ok
19:54:53.0598 1020  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
19:54:53.0644 1020  ws2ifsl - ok
19:54:53.0676 1020  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
19:54:53.0676 1020  wscsvc - ok
19:54:53.0676 1020  WSearch - ok
19:54:53.0738 1020  [ 67C1BCCCB4B59552BD62827F812A3A8B ] WTGService      C:\Program Files (x86)\XSManager\WTGService.exe
19:54:53.0738 1020  WTGService - ok
19:54:53.0800 1020  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
19:54:53.0847 1020  wuauserv - ok
19:54:53.0878 1020  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
19:54:53.0910 1020  WudfPf - ok
19:54:53.0941 1020  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
19:54:53.0972 1020  WUDFRd - ok
19:54:53.0988 1020  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
19:54:54.0003 1020  wudfsvc - ok
19:54:54.0034 1020  [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc         C:\windows\System32\wwansvc.dll
19:54:54.0066 1020  WwanSvc - ok
19:54:54.0097 1020  [ 1EA18D9ADA8FE282D7B5822F1BD05E8F ] XS Stick Service C:\windows\service4g.exe
19:54:54.0097 1020  XS Stick Service - ok
19:54:54.0128 1020  ================ Scan global ===============================
19:54:54.0159 1020  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:54:54.0190 1020  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
19:54:54.0190 1020  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
19:54:54.0222 1020  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:54:54.0237 1020  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:54:54.0237 1020  [Global] - ok
19:54:54.0237 1020  ================ Scan MBR ==================================
19:54:54.0253 1020  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
19:54:54.0612 1020  \Device\Harddisk0\DR0 - ok
19:54:54.0612 1020  ================ Scan VBR ==================================
19:54:54.0643 1020  [ DA36CD35EA32FA9F2CEA0FCAF23F0769 ] \Device\Harddisk0\DR0\Partition1
19:54:54.0643 1020  \Device\Harddisk0\DR0\Partition1 - ok
19:54:54.0643 1020  ============================================================
19:54:54.0643 1020  Scan finished
19:54:54.0643 1020  ============================================================
19:54:54.0643 2332  Detected object count: 3
19:54:54.0643 2332  Actual detected object count: 3
         

Alt 05.02.2013, 20:14   #10
markusg
/// Malware-holic
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



hi
Combofix:
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.02.2013, 21:07   #11
Cenchan
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



Hi Markus, hab nun Combofix ausgeführt! werde den pc hier sofort neustarten lassen.
Code:
ATTFilter
ComboFix 13-02-03.03 - Celine 05.02.2013  20:57:45.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4056.3237 [GMT 1:00]
ausgeführt von:: c:\users\Celine\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Savings Sidekick
c:\program files (x86)\Savings Sidekick\ButtonUtil.dll
c:\program files (x86)\Savings Sidekick\Savings Sidekick-bg.exe
c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll
c:\program files (x86)\Savings Sidekick\Savings Sidekick.exe
c:\program files (x86)\Savings Sidekick\Savings Sidekick.ico
c:\program files (x86)\Savings Sidekick\Savings Sidekick.ini
c:\program files (x86)\Savings Sidekick\Savings SidekickInstaller.log
c:\program files (x86)\Savings Sidekick\Uninstall.exe
c:\program files (x86)\Yahoo!J
c:\program files (x86)\Yahoo!J\PC Service Manager\INSTALL.LOG
c:\program files (x86)\Yahoo!J\PC Service Manager\license.txt
c:\program files (x86)\Yahoo!J\PC Service Manager\UNINST.EXE
c:\program files (x86)\Yahoo!J\PC Service Manager\UNINST.INI
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcpm.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcsm.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcuninst.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcut.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ysp.ico
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\Config.xml
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_bland20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_comment20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_customize20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_search20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\LocalPlugin.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\Update.xml
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yjem.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yjgh.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YJImage.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YJImageToCom.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yjop.exe
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YJTools.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yphb.exe
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\uninst.exe
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\uninstall.exe
c:\program files (x86)\Yahoo!J\Toolbar\ytcnt.exe
c:\programdata\8bO3W7RR.exe.b
c:\users\Celine\AppData\Local\Savings Sidekick
c:\users\Celine\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx
c:\users\Celine\wgsdgsdgdsgsd.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-05 bis 2013-02-05  ))))))))))))))))))))))))))))))
.
.
2013-02-05 20:02 . 2013-02-05 20:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-05 17:47 . 2013-02-05 18:00	--------	d-----w-	c:\users\Celine\AppData\Local\ElevatedDiagnostics
2013-02-05 17:22 . 2013-02-05 17:22	--------	dc----w-	C:\_OTL
2013-02-02 14:26 . 2013-01-08 05:32	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DBC68FA-092C-4E92-9249-8492777FBBFA}\mpengine.dll
2013-01-27 21:00 . 2013-01-27 21:00	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2013-01-27 20:30 . 2013-01-27 20:30	--------	d-----w-	c:\program files (x86)\Microsoft Analysis Services
2013-01-27 20:29 . 2013-01-27 20:29	--------	dc----r-	C:\MSOCache
2013-01-24 22:03 . 2013-02-05 08:30	--------	d-----w-	c:\users\Celine\.rainlendar2
2013-01-24 22:02 . 2013-01-24 22:02	--------	d-----w-	c:\program files (x86)\Rainlendar2
2013-01-22 22:21 . 2013-01-22 22:21	2194456	----a-w-	c:\windows\system32\GIMEJa.ime
2013-01-22 22:03 . 2013-01-22 22:03	1593368	----a-w-	c:\windows\SysWow64\GIMEJa.ime
2013-01-09 08:49 . 2012-11-30 05:41	424448	----a-w-	c:\windows\system32\KernelBase.dll
2013-01-09 08:48 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 08:48 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-01-07 10:21 . 2013-01-07 10:22	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-07 10:21 . 2013-01-07 10:22	--------	dc----w-	c:\program files\iTunes
2013-01-07 10:21 . 2013-01-07 10:22	--------	d-----w-	c:\program files (x86)\iTunes
2013-01-07 10:21 . 2013-01-07 10:21	--------	dc----w-	c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-09 12:43 . 2012-06-06 19:57	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-09 08:52 . 2012-02-17 05:19	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 08:52 . 2012-02-17 05:19	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 22:14 . 2012-12-16 22:14	117888	----a-w-	c:\windows\system32\drivers\cmnsusbser.sys
2012-12-16 17:11 . 2012-12-22 14:39	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 14:39	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 14:39	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 14:39	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 08:49	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-09 05:45 . 2012-12-12 07:55	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 07:55	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}]
2012-07-09 00:09	263272	----a-w-	c:\program files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33	1519304	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
"{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"= "c:\program files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll" [2012-07-09 287848]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{9e131a93-eed7-4beb-b015-a0adb30b5646}]
[HKEY_CLASSES_ROOT\claro.clarodskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\claro.clarodskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-17 39408]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2012-12-29 2587136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-20 343168]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"starter4g"="c:\windows\starter4g.exe" [2010-03-19 161040]
"Google Japanese Input Prelauncher"="c:\program files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" [2013-01-22 1328664]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\Celine\Desktop\OTL.exe" [2013-02-04 602112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2012-2-4 2824104]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2012-5-17 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261123~1.78\{61D8B~1\brwmngr.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
   Ime File	REG_SZ         	GIMEJA.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-01-20 235520]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.exe [2013-01-31 2561488]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
R2 GoogleIMEJaCacheService;Google Japanese Input Cache Service;c:\program files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [2013-01-22 681496]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-04 687400]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
R2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-04-19 9216]
R2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2009-06-22 304592]
R2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-03-19 145680]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2011-08-09 45168]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2012-12-16 117888]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2012-06-08 16512]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-04-18 85504]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-17 251496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 92446227
*Deregistered* - 92446227
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-30 18:49	1607120	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-17 08:52]
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 05:24]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 05:24]
.
2013-02-05 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-02-02 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-16 12459112]
"SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-22 2165120]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2012-02-17 150992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110011501160} - c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ypcsm - c:\progra~2\Yahoo!J\PCSERV~1\ypcsm.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ypcsm - c:\progra~2\Yahoo!J\PCSERV~1\ypcsm.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-Savings Sidekick - c:\program files (x86)\Savings Sidekick\Uninstall.exe
AddRemove-Yahoo!Jƒc[ƒ‹ƒo[ - c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\uninst.exe
AddRemove-ƒRƒ“Ý’è - c:\progra~2\Yahoo!J\PCSERV~1\YPCUNI~1.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-05  21:04:53
ComboFix-quarantined-files.txt  2013-02-05 20:04
.
Vor Suchlauf: 10 Verzeichnis(se), 568.844.419.072 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 568.506.961.920 Bytes frei
.
- - End Of File - - 89049C932D7B91DA47CACB4D9970E5C7
         
Hi Markus, habe nun den Combofix ausgeführt und werde gleich den PC neustarten!

Code:
ATTFilter
ComboFix 13-02-03.03 - Celine 05.02.2013  20:57:45.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4056.3237 [GMT 1:00]
ausgeführt von:: c:\users\Celine\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Savings Sidekick
c:\program files (x86)\Savings Sidekick\ButtonUtil.dll
c:\program files (x86)\Savings Sidekick\Savings Sidekick-bg.exe
c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll
c:\program files (x86)\Savings Sidekick\Savings Sidekick.exe
c:\program files (x86)\Savings Sidekick\Savings Sidekick.ico
c:\program files (x86)\Savings Sidekick\Savings Sidekick.ini
c:\program files (x86)\Savings Sidekick\Savings SidekickInstaller.log
c:\program files (x86)\Savings Sidekick\Uninstall.exe
c:\program files (x86)\Yahoo!J
c:\program files (x86)\Yahoo!J\PC Service Manager\INSTALL.LOG
c:\program files (x86)\Yahoo!J\PC Service Manager\license.txt
c:\program files (x86)\Yahoo!J\PC Service Manager\UNINST.EXE
c:\program files (x86)\Yahoo!J\PC Service Manager\UNINST.INI
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcpm.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcsm.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcuninst.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ypcut.exe
c:\program files (x86)\Yahoo!J\PC Service Manager\ysp.ico
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\Config.xml
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_bland20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_comment20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_customize20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\def_search20.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\LocalPlugin.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\Update.xml
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yjem.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yjgh.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YJImage.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YJImageToCom.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yjop.exe
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YJTools.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\yphb.exe
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\uninst.exe
c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\uninstall.exe
c:\program files (x86)\Yahoo!J\Toolbar\ytcnt.exe
c:\programdata\8bO3W7RR.exe.b
c:\users\Celine\AppData\Local\Savings Sidekick
c:\users\Celine\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx
c:\users\Celine\wgsdgsdgdsgsd.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-05 bis 2013-02-05  ))))))))))))))))))))))))))))))
.
.
2013-02-05 20:02 . 2013-02-05 20:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-05 17:47 . 2013-02-05 18:00	--------	d-----w-	c:\users\Celine\AppData\Local\ElevatedDiagnostics
2013-02-05 17:22 . 2013-02-05 17:22	--------	dc----w-	C:\_OTL
2013-02-02 14:26 . 2013-01-08 05:32	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DBC68FA-092C-4E92-9249-8492777FBBFA}\mpengine.dll
2013-01-27 21:00 . 2013-01-27 21:00	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2013-01-27 20:30 . 2013-01-27 20:30	--------	d-----w-	c:\program files (x86)\Microsoft Analysis Services
2013-01-27 20:29 . 2013-01-27 20:29	--------	dc----r-	C:\MSOCache
2013-01-24 22:03 . 2013-02-05 08:30	--------	d-----w-	c:\users\Celine\.rainlendar2
2013-01-24 22:02 . 2013-01-24 22:02	--------	d-----w-	c:\program files (x86)\Rainlendar2
2013-01-22 22:21 . 2013-01-22 22:21	2194456	----a-w-	c:\windows\system32\GIMEJa.ime
2013-01-22 22:03 . 2013-01-22 22:03	1593368	----a-w-	c:\windows\SysWow64\GIMEJa.ime
2013-01-09 08:49 . 2012-11-30 05:41	424448	----a-w-	c:\windows\system32\KernelBase.dll
2013-01-09 08:48 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 08:48 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-01-07 10:21 . 2013-01-07 10:22	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-07 10:21 . 2013-01-07 10:22	--------	dc----w-	c:\program files\iTunes
2013-01-07 10:21 . 2013-01-07 10:22	--------	d-----w-	c:\program files (x86)\iTunes
2013-01-07 10:21 . 2013-01-07 10:21	--------	dc----w-	c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-09 12:43 . 2012-06-06 19:57	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-09 08:52 . 2012-02-17 05:19	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 08:52 . 2012-02-17 05:19	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 22:14 . 2012-12-16 22:14	117888	----a-w-	c:\windows\system32\drivers\cmnsusbser.sys
2012-12-16 17:11 . 2012-12-22 14:39	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 14:39	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 14:39	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 14:39	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 08:49	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-09 05:45 . 2012-12-12 07:55	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 07:55	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}]
2012-07-09 00:09	263272	----a-w-	c:\program files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33	1519304	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
"{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"= "c:\program files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll" [2012-07-09 287848]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{9e131a93-eed7-4beb-b015-a0adb30b5646}]
[HKEY_CLASSES_ROOT\claro.clarodskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\claro.clarodskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-17 39408]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2012-12-29 2587136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-20 343168]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"starter4g"="c:\windows\starter4g.exe" [2010-03-19 161040]
"Google Japanese Input Prelauncher"="c:\program files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" [2013-01-22 1328664]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\Celine\Desktop\OTL.exe" [2013-02-04 602112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2012-2-4 2824104]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2012-5-17 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261123~1.78\{61D8B~1\brwmngr.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
   Ime File	REG_SZ         	GIMEJA.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-01-20 235520]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.exe [2013-01-31 2561488]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
R2 GoogleIMEJaCacheService;Google Japanese Input Cache Service;c:\program files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [2013-01-22 681496]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-04 687400]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
R2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-04-19 9216]
R2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2009-06-22 304592]
R2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-03-19 145680]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2011-08-09 45168]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2012-12-16 117888]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2012-06-08 16512]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-04-18 85504]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-17 251496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 92446227
*Deregistered* - 92446227
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-30 18:49	1607120	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-17 08:52]
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 05:24]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 05:24]
.
2013-02-05 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-02-02 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-16 12459112]
"SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-22 2165120]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2012-02-17 150992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110011501160} - c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ypcsm - c:\progra~2\Yahoo!J\PCSERV~1\ypcsm.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ypcsm - c:\progra~2\Yahoo!J\PCSERV~1\ypcsm.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-Savings Sidekick - c:\program files (x86)\Savings Sidekick\Uninstall.exe
AddRemove-Yahoo!Jƒc[ƒ‹ƒo[ - c:\program files (x86)\Yahoo!J\Toolbar\7_3_0_18\uninst.exe
AddRemove-ƒRƒ“Ý’è - c:\progra~2\Yahoo!J\PCSERV~1\YPCUNI~1.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-05  21:04:53
ComboFix-quarantined-files.txt  2013-02-05 20:04
.
Vor Suchlauf: 10 Verzeichnis(se), 568.844.419.072 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 568.506.961.920 Bytes frei
.
- - End Of File - - 89049C932D7B91DA47CACB4D9970E5C7
         
Und nochmal zur Sicherheit wollte ich erwähnen, dass ich alle deine Anweisungen unter dem abgespeicherten Mudus befolge, das ist doch hoffentlich richtig, denn beim normalen Start ist ja der desktop gesperrt und keine internet-Verbindung möglich?!

Hi Markus, habe gerade versucht "normal" nicht über den abgespeicherten Modus zu starten. Es funktioniert jetzt soweit ich es sehen kann!!! Es erscheint keine Anfrage von der Benutzerkonstensteuerung mehr, dass eine Änderung vorgenommen werden soll und vor allem keine Sperre mit der GUV-Seite auf dem Desktop!!! Es ist wie vor 2Tage nach dem Virus für meine Augen..Vielen dank erstmal bis hierher!! Was kann noch gemacht werden??

Alt 05.02.2013, 21:53   #12
markusg
/// Malware-holic
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.02.2013, 23:34   #13
Cenchan
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



hi hier ist das log nach der Entfernung von 9 Virendaten.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.05.09

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Celine :: CELINE-TOSH [Administrator]

Schutz: Deaktiviert

05.02.2013 22:14:56
mbam-log-2013-02-05 (22-14-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 335214
Laufzeit: 29 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|5060 (PUP.CrossFire.SA) -> Daten: Savings Sidekick -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 6
C:\Qoobox\Quarantine\C\Program Files (x86)\Savings Sidekick\Savings Sidekick-bg.exe.vir (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll.vir (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Program Files (x86)\Savings Sidekick\Savings Sidekick.exe.vir (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Program Files (x86)\Savings Sidekick\Uninstall.exe.vir (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Celine\wgsdgsdgdsgsd.exe.vir (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
es gab einen zweiten Text von Malwarebytes also poste ich es auch mal hierher!

Code:
ATTFilter
2013/02/05 23:36:43 +0100	CELINE-TOSH	(null)	MESSAGE	Starting protection
2013/02/05 23:36:43 +0100	CELINE-TOSH	(null)	MESSAGE	Protection started successfully
2013/02/05 23:36:43 +0100	CELINE-TOSH	(null)	MESSAGE	Starting IP protection
2013/02/05 23:36:45 +0100	CELINE-TOSH	(null)	MESSAGE	IP Protection started successfully
         

Alt 06.02.2013, 12:54   #14
markusg
/// Malware-holic
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



Danke.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.02.2013, 17:30   #15
Cenchan
 
GUV- Virus  Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Standard

GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)



Hi Markus, danke für die kontinulierliche Hilfe hier!! Unten ist die liste von CCleaner!
Code:
ATTFilter
Adobe Flash Player 11 ActiveX (nötig)	Adobe Systems Incorporated	09.01.2013	6,00MB	11.5.502.146
Adobe Reader X (10.1.3) MUI(nötig)	Adobe Systems Incorporated	28.06.2012	479MB	10.1.3
Adobe Reader X (10.1.4) - Deutsch (nötig)	Adobe Systems Incorporated	02.10.2012	121MB	10.1.4
AMD Catalyst Install Manager (unbekannt)	Advanced Micro Devices, Inc.	16.05.2012	26,2MB	3.0.859.0
Apple Application Support (unnötig)	Apple Inc.	07.01.2013	65,0MB	2.3.2
Apple Mobile Device Support (nötig)	Apple Inc.	07.01.2013	25,1MB	6.0.1.3
Apple Software Update	Apple Inc. (unnötig)	31.10.2012	2,38MB	2.1.3.127
Atheros Bluetooth Filter Driver Package	Atheros Communications	(nötig) 16.05.2012	4,59MB	1.0.0.12
Atheros Driver Installation Program (unbekannt)	Atheros	16.05.2012		9.2
avast! Free Antivirus	AVAST Software	09.12.2012 (nötig)		7.0.1474.0
BlackBerry Desktop Software 5.0.1(nötig)	Research in Motion Ltd.	18.11.2012		5.0.1.28
BlackBerry® Media Sync	Research In Motion (nötig)	18.11.2012	6,79MB	2.0.28
Bluetooth Stack for Windows by Toshiba(nötig)	TOSHIBA CORPORATION	16.05.2012	76,4MB	v9.00.00(T)
Bonjour	Apple Inc.(unbekannt)	31.10.2012	2,00MB	3.0.0.10
Browser Manager	(nötig)	31.01.2013		
CCleaner (nötig)	Piriform	23.01.2013		3.27
Claro LTD toolbar (unnötig)	Claro LTD	09.10.2012		
Contrôle ActiveX Windows Live Mesh pour connexions à distance (nötig)	Microsoft Corporation	17.02.2012	5,57MB	15.4.5722.2
Craving Explorer Version 1.5.0	T-Craft / tuck	30.10.2012 (nötig)	15,2MB	1.5.0.0
Foxit PDF Creator Toolbar (unnötig)	Ask.com	20.06.2012	3,56MB	1.15.4.0
Foxit PDF Creator Toolbar Updater (unnötig)	Ask.com	20.06.2012		1.2.2.23821
Foxit Reader	Foxit Corporation (unnötig)	20.06.2012	39,3MB	5.3.1.606
Google Chrome	Google Inc.	17.02.2012 (unnötig)		24.0.1312.57
Google Toolbar for Internet Explorer	Google Inc.(nötig)	14.12.2012		7.4.3607.2246
Google 日本語入力	(nötig) Google Inc.	29.01.2013	80,6MB	1.8.1310.0
Intel(R) Manageability Engine Firmware Recovery Agent(nötig)	Intel Corporation	16.05.2012	54,8MB	1.0.0.35342
Intel(R) Management Engine Components	Intel Corporation(nötig)	16.05.2012		8.0.3.1427
Intel(R) Rapid Storage Technology	Intel Corporation(nötig)	06.02.2013		11.0.0.1032
Intel(R) USB 3.0 eXtensible Host Controller Driver(nötig)	Intel Corporation	16.05.2012		1.0.1.209
Intel® Trusted Connect Service Client (nötig)	Intel Corporation	16.05.2012	10,6MB	1.23.605.1
iTunes	Apple Inc. (nötig)	07.01.2013	191MB	11.0.1.12
Java(TM) 6 Update 30	Oracle	17.02.2012 (nötig)	97,3MB	6.0.300
Malwarebytes Anti-Malware Version 1.70.0.1100 (nötig)	Malwarebytes Corporation	05.02.2013	18,4MB	1.70.0.1100
Microsoft .NET Framework 4 Client Profile (nötig)	Microsoft Corporation	17.02.2012	38,8MB	4.0.30319
Microsoft Office 2010	Microsoft Corporation (nötig)	17.02.2012	6,40MB	14.0.4763.1000
Microsoft Office Klick-und-Los 2010	(nötig) Microsoft Corporation	08.06.2012		14.0.4763.1000
Microsoft Office Professional 2010 (nötig)	Microsoft Corporation	27.01.2013		14.0.6029.1000
Microsoft Office Starter 2010 (nötig) - Deutsch	Microsoft Corporation	08.06.2012		14.0.5139.5005
Microsoft Silverlight (nötig)	Microsoft Corporation	08.06.2012	40,3MB	4.1.10329.0
Microsoft SQL Server 2005 Compact Edition (nötig) [ENU]	Microsoft Corporation	17.02.2012	1,69MB	3.1.0000
Microsoft Visual C++ 2005 Redistributable (nötig)	Microsoft Corporation	08.06.2012	290KB	8.0.61001
Microsoft Visual C++ 2005 Redistributable (nötig) (x64)	Microsoft Corporation	16.05.2012	572KB	8.0.61000
Microsoft Visual C++ 2008 Redistributable (nötig) - x86 9.0.30729.17	Microsoft Corporation	17.02.2012	596KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable (nötig) - x86 9.0.30729.4148	Microsoft Corporation	17.02.2012	596KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable (nötig) - x86 9.0.30729.6161	Microsoft Corporation	08.06.2012	598KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable  (nötig) - 10.0.40219	Microsoft Corporation	16.05.2012	13,8MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable (nötig) - 10.0.40219	Microsoft Corporation	16.05.2012	15,0MB	10.0.40219
Nero 11 Essentials (unnötig)	Nero AG	17.02.2012	775MB	11.0.00300
Nero Backup Drivers (unnötig)	Nero AG	17.02.2012	94,0KB	1.0.11100.8.0
Network ScanGear Ver.2.30 (nötig)	Canon Inc.	10.12.2012	6,95MB	2.30.0000
PlayReady PC Runtime amd64 (nötig)	Microsoft Corporation	17.02.2012	2,05MB	1.3.0
Premium Sound HD (nötig)	SRS Labs, Inc.	16.05.2012	1,76MB	1.12.1800
Rainlendar2 (remove only) (nötig)		24.01.2013		
Realtek Ethernet Controller Driver (nötig)	Realtek	16.05.2012		7.48.823.2011
Realtek High Definition Audio Driver (nötig)	Realtek Semiconductor Corp.	16.05.2012		6.0.1.6597
Realtek USB 2.0 Card Reader(nötig)	Realtek Semiconductor Corp.	16.05.2012		6.1.7601.30130
Savings Sidekick	(unbekannt) 215 Apps	09.10.2012		1.23.151.151
Skype™ 6.0 (nötig)	Skype Technologies S.A.	01.01.2013	20,3MB	6.0.126
Synaptics Pointing Device Driver (unbekannt)	Synaptics Incorporated	16.05.2012	46,4MB	15.3.38.2
TOSHIBA Assist	TOSHIBA CORPORATION (nötig)	17.02.2012		4.2.3.0
TOSHIBA Disc Creator	TOSHIBA Corporation (nötig)	16.05.2012	19,0MB	2.1.0.11 for x64
TOSHIBA eco Utility	TOSHIBA Corporation (nötig)	16.05.2012	18,7MB	1.3.10.64
TOSHIBA Hardware Setup	TOSHIBA	16.05.2012 (nötig)		2.00.0020
TOSHIBA HDD/SSD Alert	TOSHIBA Corporation (nötig)	16.05.2012	57,1MB	3.1.64.11
Toshiba Manuals	TOSHIBA	16.05.2012	 (nötig)	10.04
TOSHIBA Media Controller (nötig)	TOSHIBA CORPORATION	16.05.2012		1.0.87.5
TOSHIBA Media Controller Plug-in (nötig)	TOSHIBA CORPORATION	16.05.2012	6,65MB	1.0.7.7
TOSHIBA Online Product Information (unnötig)	TOSHIBA	17.02.2012		4.01.0000
TOSHIBA PC Health Monitor (nötig)	TOSHIBA Corporation	16.05.2012	29,4MB	1.7.15.64
TOSHIBA Places Icon Utility (nötig)	TOSHIBA Corporation	16.05.2012		1.1.1.4
TOSHIBA Recovery Media Creator (nötig)	TOSHIBA CORPORATION	16.05.2012		2.1.6.52020009
TOSHIBA Recovery Media Creator  Reminder (nötig) 	TOSHIBA	16.05.2012	460KB	1.00.0019
TOSHIBA Resolution+ Plug-in for Windows Media Player (nötig)	TOSHIBA Corporation	16.05.2012		1.1.2004
TOSHIBA Service Station	TOSHIBA	(nötig) 16.05.2012		2.2.13
TOSHIBA Sleep Utility	(nötig) TOSHIBA Corporation	16.05.2012		1.4.0022.000104
TOSHIBA Supervisor Password (nötig)	TOSHIBA	16.05.2012		2.00.0009
TOSHIBA TEMPRO	Toshiba Europe GmbH (nötig)	17.02.2012	11,3MB	3.35
TOSHIBA Value Added Package (nötig)	 TOSHIBA Corporation	16.05.2012	243MB	1.6.0021.640203
TOSHIBA Web Camera Application (nötig)	TOSHIBA Corporation	16.05.2012	65,2MB	2.0.3.33
Vodafone Mobile Broadband (nötig)	Vodafone	08.06.2012	110MB	10.2.103.31248
WildTangent Games	(unnötig) WildTangent	17.05.2012		1.0.2.5
Windows Live Essentials (unnötig)	Microsoft Corporation	12.08.2012		15.4.3555.0308
Windows Live Mesh (nötig) - ActiveX-besturingselement voor externe verbindingen	Microsoft Corporation	17.02.2012	5,57MB	15.4.5722.2
Windows Live Mesh ActiveX Control for Remote Connections(nötig)	Microsoft Corporation	17.02.2012	5,37MB	15.4.5722.2
Windows Live Mesh ActiveX control for remote connections (nötig)	Microsoft Corporation	17.02.2012	5,57MB	15.4.5722.2
WinRAR 4.20 (64-Bit) (unnötig)	win.rar GmbH	09.10.2012		4.20.0
XSManager	(nötig) XSManager	16.12.2012		3.0
Yahoo!ƒc[ƒ‹ƒo[	Yahoo! JAPAN. (nötig)	10.10.2012	2,76MB	7.3.0.18
リモート接続用の Windows Live Mesh ActiveX コントロール (日本語) (nötig) 	Microsoft Corporation	29.12.2012	5,57MB	15.4.5722.2
         

Antwort

Themen zu GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)
abgesichert modus, avast, bundespolizei trojaner hilfe, bundespolizei-virus, computer, datei, desktop, dringend, eingabeaufforderung, euro, folge, frage, free, funktioniert, gen, gesperrt, gmer, guv trojaner, infiziert, klicke, microsoft, programm, programme, toshiba, viren, virus, wiederholt, win, windows



Ähnliche Themen: GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)


  1. Bundespolizei Virus-ohne Sperrung
    Plagegeister aller Art und deren Bekämpfung - 19.02.2014 (13)
  2. Bundespolizei Virus kann aber noch auf Desktop zugreifen
    Log-Analyse und Auswertung - 10.04.2013 (2)
  3. BKA Trojaner XP desktop Sperrung auch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 20.02.2013 (39)
  4. Avira funktioniert nicht, später funktioniert es wieder und findet Virus/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (25)
  5. Bundesamt für Sicherheit in der Informationstechnik - GVU - Virus: Sperrung des Rechners
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (23)
  6. GUV - Virus: Sperrung des Rechners
    Plagegeister aller Art und deren Bekämpfung - 16.09.2012 (1)
  7. Polizei Virus Einheit 5.2 Österreich - Windows funktioniert sonst noch
    Log-Analyse und Auswertung - 09.07.2012 (1)
  8. WIN XP Verschlüsselungstrojaner Sporopo po po Sperrung Desktop und SafeMode
    Log-Analyse und Auswertung - 05.06.2012 (2)
  9. Nach Entfernung von S.M.A.R.T. HDD Virus mit unhide.exe noch Problem mit Desktop
    Log-Analyse und Auswertung - 12.04.2012 (3)
  10. Sperrung des Windowssystems durch einen Virus der 50€ für Entsperrung haben will.
    Log-Analyse und Auswertung - 07.03.2012 (8)
  11. windows sperrung virus
    Log-Analyse und Auswertung - 21.02.2012 (12)
  12. 50€ Virus, Malwarebytes bereits durchgelaufen,Objekte gelöscht funktioniert immer noch nix
    Plagegeister aller Art und deren Bekämpfung - 20.02.2012 (13)
  13. 50 euro Virus / Windows Sperrung
    Log-Analyse und Auswertung - 24.01.2012 (16)
  14. unbek. Virus/Rootkit legen mit Proxy und Sperrung des Wlanzugangs den Rechner lahm
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (1)
  15. BKA-Trojaner, Desktop und Statusleiste weg, Taskmanager funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 28.11.2011 (1)
  16. Desktop wird gelöscht, Tastatur reagiert nicht, Malewarebytes funktioniert nicht-Virus?
    Antiviren-, Firewall- und andere Schutzprogramme - 04.01.2011 (6)
  17. Desktop funktioniert nach Virusattacke nicht richtig!!
    Plagegeister aller Art und deren Bekämpfung - 23.06.2005 (1)

Zum Thema GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) - Sehr geehrtes Trojaner-Board-Team, ich habe mir gestern (03.01.2013 Abends) einen Bundespolizei-Virus eingefangen mit der Aufforderung 100Euro zu überweisen, um der Strafe zu entgehen. Der PC kann normal bis zum Desktop - GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7)...
Archiv
Du betrachtest: GUV- Virus Sperrung auf Desktop, abgespeicherter Mudus funktioniert noch ( Win 7) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.