Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: incredibar als Startseite: besteht nun eine Trojanergefahr?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.02.2013, 12:32   #1
Clegane
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Unglücklich

incredibar als Startseite: besteht nun eine Trojanergefahr?



Hallo Damen und Herren ,

ich bin neu hier und habe mich gerade hier angemeldet, da ich ein Problem mit meinem Laptop habe. Ich musste mir fürs Studium SPSS 20 als Testversion runterladen und habe mir auf irgendeiner Seite diese Incredibar Startseite eingefangen. Daraufhin hab ich auch erstmal gegoogelt und erfahren, das es sich hier auch wohlmöglich um einen Trojaner handeln kann und bin auch auf das Forum hier gestoßen.

Ich muss leider dazu sagen, das ich ansonsten von PC's und Programmen nicht viel Ahnung habe und dann hat mir erstmal ein anderer Student geholfen und mir dieses Programm mitgegeben. hxxp://www.chip.de/downloads/AdwCleaner_58118522.html Damit habe ich sogar die Incredibarstartseite wegbekommen.

Meine Frage ist nun ob das schon reicht? Ich habe da nur so meine Zweifel, da es sich doch um einen Trojaner handelt und der vielleicht im Hintergrund noch aktiv ist.

VIELEN DANK IM VORAUS!!!

fühl mich in der Sache echt hilflos.....

Alt 19.02.2013, 12:40   #2
markusg
/// Malware-holic
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Standard

incredibar als Startseite: besteht nun eine Trojanergefahr?



Hi
poste mal das adw cleaner log mit den Funden.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 19.02.2013, 14:20   #3
Clegane
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Standard

incredibar als Startseite: besteht nun eine Trojanergefahr?



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.02.2013 14:01:46 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michel\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 55,41% Memory free
7,72 Gb Paging File | 5,72 Gb Available in Paging File | 74,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 95,62 Gb Free Space | 64,16% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 148,56 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: MICHEL-TOSH | User Name: Michel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Michel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (pgsql-8.3) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{54C0397E-5089-4058-9B86-1FC5438A1A97}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{DF6F571F-53BD-4474-8696-57CA8BC56AC4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4239002381-3861534095-2962323685-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-4239002381-3861534095-2962323685-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4239002381-3861534095-2962323685-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4239002381-3861534095-2962323685-1001\..\SearchScopes\{BA4380C5-68FA-4146-AE43-5E1254494416}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-4239002381-3861534095-2962323685-1001\..\SearchScopes\{E90C296E-0416-4D43-8684-81904562979F}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-4239002381-3861534095-2962323685-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4239002381-3861534095-2962323685-1003\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Michel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 00:04:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.07 16:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2011.03.02 13:29:07 | 000,000,000 | ---D | M]
 
[2013.02.19 00:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michel\AppData\Roaming\mozilla\Extensions
[2013.02.19 00:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.07 16:02:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.07 16:02:53 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
[2012.12.07 16:02:54 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2013.02.01 19:21:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.01 20:33:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.01 20:33:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.01 20:33:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.01 20:33:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.01 20:33:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.01 20:33:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Michel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: New Tab Creator for Chrome\u2122 = C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhljpgmfjednccepebhodcpbdbdpjch\1.0_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4239002381-3861534095-2962323685-1001..\Run: [PokerStrategy.com SideKick] "C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms" File not found
O4 - HKU\S-1-5-21-4239002381-3861534095-2962323685-1001..\Run: [Spotify Web Helper] C:\Users\Michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-4239002381-3861534095-2962323685-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4239002381-3861534095-2962323685-1003..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4239002381-3861534095-2962323685-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\elephant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{661C6153-BE67-41CD-95C0-464AE7E7C0B2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1C680D7-D66C-472D-B81F-89243DD65C09}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.19 13:11:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michel\Desktop\OTL.exe
[2013.02.19 00:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.02.19 00:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.02.19 00:11:22 | 004,189,792 | ---- | C] (Piriform Ltd) -- C:\Users\Michel\Desktop\ccsetup327.exe
[2013.02.19 00:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.14 10:31:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 10:31:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 10:31:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 10:30:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 10:30:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 10:30:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 10:30:56 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 10:30:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 10:30:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 10:30:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 10:30:53 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 10:30:53 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 10:30:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 10:30:50 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 10:30:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.14 10:21:53 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.14 10:21:51 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.14 10:21:51 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.14 10:17:42 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.14 10:17:42 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.14 10:17:42 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.14 10:17:42 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.14 10:17:41 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.14 10:17:41 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.14 10:17:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.14 10:17:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.14 10:17:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.14 10:17:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.14 10:17:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.14 10:17:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 10:17:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 10:17:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.14 10:17:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 10:17:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 10:17:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 10:17:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 10:17:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 10:17:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 10:17:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 10:17:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 10:17:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 10:17:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 10:17:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 10:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 10:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 10:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 10:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 10:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 10:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 10:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 10:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 10:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 10:17:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 10:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 10:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 10:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 10:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 10:17:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 10:17:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 10:17:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 10:17:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 10:17:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 10:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 10:17:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 10:17:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 10:17:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 10:17:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 10:17:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.14 10:17:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.14 10:17:16 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[26 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.19 13:40:28 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.19 13:40:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.19 13:11:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michel\Desktop\OTL.exe
[2013.02.19 13:09:13 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.19 13:09:13 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.19 13:03:14 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.19 13:01:47 | 3110,080,512 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.19 12:24:27 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.19 12:24:27 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.19 12:24:27 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.19 12:24:27 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.19 12:24:27 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.19 00:12:24 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.19 00:11:29 | 004,189,792 | ---- | M] (Piriform Ltd) -- C:\Users\Michel\Desktop\ccsetup327.exe
[2013.02.19 00:04:23 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.18 10:14:34 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.20 15:59:20 | 001,592,786 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[26 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.19 00:12:24 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.19 00:04:23 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.19 00:04:22 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.01.07 00:58:01 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013.01.06 23:34:33 | 000,000,043 | ---- | C] () -- C:\Users\Michel\dlmgr_.pro
[2012.12.30 15:10:44 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012.12.30 15:10:44 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012.12.30 15:10:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2012.12.30 15:10:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll
[2012.12.30 15:10:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll
[2012.12.30 15:10:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll
[2012.12.30 15:07:03 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.12.30 15:07:03 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.12.10 10:59:18 | 000,000,383 | ---- | C] () -- C:\Users\Michel\AppData\Local\postgresinstall.bat
[2011.12.10 10:52:58 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.05.11 12:04:59 | 000,000,000 | ---D | M] -- C:\Users\Michel\AppData\Roaming\HEM Data
[2012.10.22 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\Michel\AppData\Roaming\HoldemManager
[2013.02.17 12:08:07 | 000,000,000 | ---D | M] -- C:\Users\Michel\AppData\Roaming\PacificPoker
[2012.08.14 21:58:28 | 000,000,000 | ---D | M] -- C:\Users\Michel\AppData\Roaming\Party
[2013.01.07 21:29:19 | 000,000,000 | ---D | M] -- C:\Users\Michel\AppData\Roaming\SoftGrid Client
[2012.12.20 21:11:26 | 000,000,000 | ---D | M] -- C:\Users\Michel\AppData\Roaming\Spotify
[2011.02.26 18:45:58 | 000,000,000 | ---D | M] -- C:\Users\Michel\AppData\Roaming\Toshiba
[2012.09.07 07:49:06 | 000,000,000 | ---D | M] -- C:\Users\Michel\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.02.2013 13:42:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michel\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 50,82% Memory free
7,72 Gb Paging File | 5,50 Gb Available in Paging File | 71,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 95,62 Gb Free Space | 64,15% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 148,56 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: MICHEL-TOSH | User Name: Michel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4239002381-3861534095-2962323685-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026DB876-A083-40A6-A781-812CFD65D79C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{09DB8CD8-DD1D-4017-8C27-656C0F3FB518}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1C33EF2F-823D-46E1-ADDB-51F5634642EF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1FFE2D89-19F0-4639-BF7C-D3FCBEFA75CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2F31D416-6D16-42E2-B2B5-D2F6596985D4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3822EDEC-6B29-4315-86C8-E885D9B58E01}" = rport=139 | protocol=6 | dir=out | app=system | 
"{44C0A52F-176B-4A92-A2E0-C5988284A542}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4CC0CB05-0E51-4CB6-87C7-796DC4F0E566}" = lport=445 | protocol=6 | dir=in | app=system | 
"{50E7810F-6A83-4746-BC6C-85A2EC4010D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{51D7EF61-D5A1-4712-9F82-F7D18673938D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{66C4D15C-CA3E-4E9F-B8B9-9CA3D3A5052D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6BCF14D6-2E26-4D2D-BFA6-4D62D01239F1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6D2B6C00-DB3C-4097-9EF6-8A1C467DF9FE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{706E8275-83CE-4611-9ECC-7A4304779DD4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7592F6FE-16F6-4F6D-B353-09788BA3E275}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{78B184B9-49A0-4DA6-887B-2AB89C9FA758}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7AEA932C-1C6D-450E-86BD-391D228D79A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{873305E6-0345-48AC-8724-6B2A9536A532}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{913B4EE1-6FB9-4AA4-8BA5-DF8853B16798}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0287888-8B6F-457C-B11F-0EB561BD0A99}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A1B5743A-B5A5-4138-A465-F78A24040FE0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B432AD12-0FDE-4356-8114-4B30DFDFA3B4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C511276C-3276-4FCB-B675-D68AAF19418C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CA0656C8-4B0C-40CE-81CC-98E09C7B6320}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEF66A96-A621-4CAF-9D85-A77E62D28D9F}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0074CF74-20CB-4D98-A0DD-14CC61077F09}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0587FC91-7A0A-4773-8F3D-BB3B1815A46B}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{0F1A7BEE-8BEE-443E-8ACC-54E201155201}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1C06EB8F-40C2-41A0-BE94-C526A175E54C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{256D9236-83EB-4030-8A44-95F1934C4356}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3172ACC0-2D46-4D61-B272-787AF46D0241}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{42AB4AD7-F3E7-4A88-9344-E4E499E8692B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{44A809A1-5315-4BAD-A50E-DE9A241C8BED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{48012661-ADD9-4CE0-A278-CBF808063D58}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{530A4F63-7E81-4EF7-9264-B9EA2CB1E644}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{57498872-ED0D-42AB-8012-BCE6456D71C2}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{5EB797C8-013B-4C52-854D-86DEC246D50D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | 
"{62AABDEE-0264-470A-B57C-6400E6E79747}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6345D55E-98B3-4AA6-8280-62F10A9B22F0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7594D149-A8A4-49F3-AD2D-EBE518EF0237}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7C7B3D8B-27F1-4A53-839C-6F0F2308AE1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{84BFF245-8207-4B92-B633-03F59A403D66}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{899C88E5-F0C5-4F24-84CF-93F506B1F605}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8EC1F719-19EA-4F79-830D-DABC0A55B84B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{A18CFE25-2996-48FE-9528-242A034DF4C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AC003688-65B6-47A6-929F-33E340C79748}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{B4C96DA2-63B7-4299-A5E0-9E4DB5660DE7}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | 
"{C03F76F3-DB80-4F65-8D2D-E4413CAF73ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6EE5FA5-1A68-4290-9FC2-DB59B71CE91E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CC8B378B-2AFE-4412-B068-0FC414EDEF05}" = protocol=6 | dir=out | app=system | 
"{D4727619-69C7-4DED-AA40-039D3AB1CB8A}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{E16E275B-D038-4523-A36D-A22BDE13D067}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EABCA87A-6655-4D74-9A7F-BCB1E1880CEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FEE06C3D-312C-48C8-A0FC-9F90103FD024}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FF1BEF78-D8FA-4DE0-9E88-4B512D1D7EBE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{19087D46-BF7E-9A26-9270-9B36B77898AB}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3F7C54EA-F59C-45DD-BA93-AD1E084A9550}" = Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A92CF2B1-6B11-49CE-66E4-0140C7F5784A}" = ATI Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{ECFFD23C-3111-4685-8118-E1F79644203F}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"4F214B105BE2C47A7C10086525680BB7DCF7DEEB" = Windows-Treiberpaket - ATI Technologies Inc. (amdkmdap) Display  (10/05/2010 8.783.0.0000)
"CCleaner" = CCleaner
"E8AD071510D6DB50A4A5327191F59F7569D3BB7F" = Windows-Treiberpaket - ATI Technologies Inc. (amdkmdap) Display  (10/05/2010 8.783.0.0000)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0ABDFAA5-B009-D501-DF69-149E3616A158}" = CCC Help Hungarian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2CA6BDD8-6408-5335-E168-3EC1D11794D2}" = CCC Help German
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3CDEEF17-0808-6986-A217-5E683487791C}" = CCC Help Chinese Standard
"{3D047C6C-19EE-46E3-C14B-9FA84260DF9B}" = Photo Service - powered by myphotobook
"{3DC44403-BC62-95DF-09B6-7ECA2497D020}" = ccc-core-static
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{423EE102-4E12-F41C-58D0-461D3854B3E8}" = CCC Help Greek
"{4517E23D-4BDF-4274-D13A-0D47422B4880}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4D17E-89A1-6664-19FF-2D0D8B457683}" = CCC Help Japanese
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53CF942D-C13D-4252-A60D-82D8626E03A2}" = CCC Help Dutch
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{59C4A26F-060A-FE5D-8978-18C9CDA17ADD}" = CCC Help Norwegian
"{5CED4654-5416-F816-5464-106E21FF2484}" = CCC Help Thai
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6000D586-E066-3044-63BE-854ECC5DBC57}" = Catalyst Control Center InstallProxy
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6BDD00D7-DBE1-EB7C-4EFF-79FDD5AB9471}" = CCC Help English
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{743280B5-F04D-909D-27FC-50074576A3C7}" = CCC Help Spanish
"{754B5075-86CF-499D-BB3A-C8716821153F}" = Catalyst Control Center Localization All
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AC3D68A-39E1-421D-8E7E-7071A6C6EFD0}" = Catalyst Control Center - Branding
"{7FCAD144-6740-77DC-E056-403362752EBB}" = CCC Help Italian
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D4E90A0-8E0B-B6DF-8F8D-57365E4BC567}" = Catalyst Control Center Graphics Previews Common
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EB0C95A-4532-F1F5-F9EE-1D2A065F7AFF}" = CCC Help Chinese Traditional
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{946D0475-A801-D3CE-5EF9-3058DB11228F}" = CCC Help Turkish
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9E80531C-FB38-F137-1A95-373581ACD4A0}" = CCC Help Russian
"{A19926A5-5057-E1D4-37AB-C11673A691E9}" = CCC Help Swedish
"{A7059FE7-EC11-DE4F-7343-DA8668DD1BDE}" = CCC Help Korean
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BC3AB0D7-5F53-3767-433C-1FBB8909FF83}" = CCC Help Polish
"{BD474DC3-3728-160E-0B81-7C3D14D01A8D}" = CCC Help Finnish
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5F45A2E-7D97-CE35-C35B-946062A4EED5}" = CCC Help Portuguese
"{C6D3FE2A-D248-FA78-CFF3-9A5EA7FA23C2}" = CCC Help French
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF76F70B-342A-117C-E909-F1C08D2E8743}" = CCC Help Danish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FAA369-B0E3-48B8-9447-4873103B0012}" = TOSHIBA ConfigFree
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"{FF52988E-45D6-F3AC-A7A6-2A3C1708EFC4}" = CCC Help Czech
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"Google Chrome" = Google Chrome
"HoldemManager2" = Holdem Manager 2
"HP Photo Creations" = HP Photo Creations
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088759" = Polar Bowler
"WT089367" = Farm Mania 2
"WT089378" = Jewel Quest II
"WT089380" = Penguins!
"WT089381" = Slingo Supreme
"WT089388" = Zuma Deluxe
"WT089395" = Plants vs. Zombies - Game of the Year
"WT089404" = Fishdom
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4239002381-3861534095-2962323685-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JoinMe" = join.me
"Spotify" = Spotify
"William Hill Poker" = William Hill Poker
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.01.2013 19:58:01 | Computer Name = Michel-TOSH | Source = VSS | ID = 13
Description = 
 
Error - 06.01.2013 19:58:01 | Computer Name = Michel-TOSH | Source = VSS | ID = 8193
Description = 
 
Error - 21.01.2013 14:26:53 | Computer Name = Michel-TOSH | Source = .NET Runtime Optimization Service | ID = 1107
Description = 
 
Error - 21.01.2013 14:39:05 | Computer Name = Michel-TOSH | Source = Application Hang | ID = 1002
Description = Programm SoftwareUpdate.exe, Version 2.1.3.127 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: f5c    Startzeit: 01cdf806380b0d77    Endzeit: 0    Anwendungspfad: C:\Program
 Files (x86)\Apple Software Update\SoftwareUpdate.exe    Berichts-ID: cd8f0015-63f9-11e2-ae9a-1c750877a868

 
Error - 14.02.2013 05:23:32 | Computer Name = Michel-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 17.0.1.4715,
 Zeitstempel: 0x50b719e5  Name des fehlerhaften Moduls: NPSWF32.dll, Version: 10.3.183.16,
 Zeitstempel: 0x4f4d2711  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00047f52  ID des fehlerhaften
 Prozesses: 0x126c  Startzeit der fehlerhaften Anwendung: 0x01ce0a9453e28ad9  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll  Berichtskennung:
 32a4ba47-7688-11e2-9ed0-1c750877a868
 
Error - 17.02.2013 07:02:39 | Computer Name = Michel-TOSH | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Michel\Downloads\SoftonicDownloader_fuer_ibm-spss-statistics-standard.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 17.02.2013 07:02:39 | Computer Name = Michel-TOSH | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Michel\Downloads\SoftonicDownloader_fuer_ibm-spss-statistics-standard(1).exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 17.02.2013 07:15:25 | Computer Name = Michel-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7600.16385,
 Zeitstempel: 0x4a5bc3e6  Name des fehlerhaften Moduls: MSI39B5.tmp, Version: 16.0.0.328,
 Zeitstempel: 0x4a2febfa  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000a3399  ID des fehlerhaften
 Prozesses: 0x10a4  Startzeit der fehlerhaften Anwendung: 0x01ce0d000e8b5504  Pfad der
 fehlerhaften Anwendung: C:\Windows\syswow64\MsiExec.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\Installer\MSI39B5.tmp  Berichtskennung: 5367e798-78f3-11e2-85cf-1c750877a868
 
Error - 17.02.2013 07:15:51 | Computer Name = Michel-TOSH | Source = MsiInstaller | ID = 11905
Description = 
 
Error - 17.02.2013 07:15:52 | Computer Name = Michel-TOSH | Source = MsiInstaller | ID = 11905
Description = 
 
Error - 18.02.2013 07:49:01 | Computer Name = Michel-TOSH | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
[ System Events ]
Error - 05.02.2013 11:33:55 | Computer Name = Michel-TOSH | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?01.?2013 um 00:05:46 unerwartet heruntergefahren.
 
Error - 17.02.2013 06:53:33 | Computer Name = Michel-TOSH | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?02.?2013 um 10:42:07 unerwartet heruntergefahren.
 
Error - 17.02.2013 07:17:42 | Computer Name = Michel-TOSH | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst TrustedInstaller erreicht.
 
Error - 18.02.2013 05:14:51 | Computer Name = Michel-TOSH | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?02.?2013 um 12:35:10 unerwartet heruntergefahren.
 
Error - 18.02.2013 05:18:23 | Computer Name = Michel-TOSH | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
  %%-2147024882
 
Error - 18.02.2013 18:45:17 | Computer Name = Michel-TOSH | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?02.?2013 um 23:06:30 unerwartet heruntergefahren.
 
Error - 18.02.2013 18:59:03 | Computer Name = Michel-TOSH | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde nicht richtig gestartet.
 
Error - 19.02.2013 06:25:45 | Computer Name = Michel-TOSH | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?02.?2013 um 00:23:22 unerwartet heruntergefahren.
 
Error - 19.02.2013 07:46:42 | Computer Name = Michel-TOSH | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 19.02.2013 08:01:52 | Computer Name = Michel-TOSH | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?02.?2013 um 12:46:21 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---

hi, hab ich das oben richtig gemacht? bin der anleitung gefolgt.
__________________

Alt 19.02.2013, 17:05   #4
markusg
/// Malware-holic
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Standard

incredibar als Startseite: besteht nun eine Trojanergefahr?



Hi
kaspersky ist total veraltet.
besuche die Homepage, hohl Version 2013

otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.02.2013, 19:09   #5
Clegane
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Standard

incredibar als Startseite: besteht nun eine Trojanergefahr?



All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: elephant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Michel
->Temp folder emptied: 1205010 bytes
->Temporary Internet Files folder emptied: 1461515 bytes
->Java cache emptied: 1071231 bytes
->FireFox cache emptied: 58582899 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 57671 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1105540 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36916678 bytes
RecycleBin emptied: 5513 bytes

Total Files Cleaned = 96,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02192013_190221

Files\Folders moved on Reboot...
File\Folder C:\Users\Michel\AppData\Local\Temp\CVHLauncher(201302191857338DC).log not found!
C:\Users\Michel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP00000002305E6B0D52251D20 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Um Kaspersky werde ich mich auch sofort kümmern. Den nächsten OTL-Schritt habe ich nun gemacht.

Kann man daraus schon was erkennen?


Alt 19.02.2013, 19:11   #6
markusg
/// Malware-holic
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Standard

incredibar als Startseite: besteht nun eine Trojanergefahr?



ich warte auf das adw cleaner log welches du bereits erstellt hast.
dann:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> incredibar als Startseite: besteht nun eine Trojanergefahr?

Alt 19.02.2013, 19:41   #7
Clegane
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Standard

incredibar als Startseite: besteht nun eine Trojanergefahr?



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 18/02/2013 um 23:52:06 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Michel - MICHEL-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Michel\Downloads\adwcleaner_2.112 (1).exe
# Option [Suche]


**** [Dienste] ****

Gefunden : IBUpdaterService

***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files (x86)\file scout
Ordner Gefunden : C:\ProgramData\IBUpdaterService
Ordner Gefunden : C:\Users\Michel\AppData\Roaming\PerformerSoft
Ordner Gefunden : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\WNLT
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\I
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\incredibar.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.12] : urls_to_restore_on_startup = [ "hxxp://mystart.incredibar.com/mb203?a=6PQUiytrQr&i=26" ]
Gefunden [l.388] : urls_to_restore_on_startup = [ "hxxp://mystart.incredibar.com/mb203?a=6PQUiytrQr&i=26" ]

*************************

AdwCleaner[R1].txt - [7421 octets] - [18/02/2013 23:52:06]

########## EOF - C:\AdwCleaner[R1].txt - [7481 octets] ##########
         
--- --- ---

Alt 19.02.2013, 19:42   #8
markusg
/// Malware-holic
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Standard

incredibar als Startseite: besteht nun eine Trojanergefahr?



ok, weiter bitte mit tdss killer
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.02.2013, 19:44   #9
Clegane
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Standard

incredibar als Startseite: besteht nun eine Trojanergefahr?



"Der Text, den Sie eingegeben haben, besteht aus 150511 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen."


Die Datei ist zu groß werds mal teilen oder kann ich einen Teil davon weglassen?

Alt 19.02.2013, 19:45   #10
markusg
/// Malware-holic
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Standard

incredibar als Startseite: besteht nun eine Trojanergefahr?



dann hängs an oder teile es auf.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.02.2013, 19:48   #11
Clegane
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Standard

incredibar als Startseite: besteht nun eine Trojanergefahr?



19:33:50.0924 1972 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:33:51.0610 1972 ============================================================
19:33:51.0610 1972 Current date / time: 2013/02/19 19:33:51.0610
19:33:51.0610 1972 SystemInfo:
19:33:51.0610 1972
19:33:51.0610 1972 OS Version: 6.1.7600 ServicePack: 0.0
19:33:51.0610 1972 Product type: Workstation
19:33:51.0610 1972 ComputerName: MICHEL-TOSH
19:33:51.0610 1972 UserName: Michel
19:33:51.0610 1972 Windows directory: C:\Windows
19:33:51.0610 1972 System windows directory: C:\Windows
19:33:51.0610 1972 Running under WOW64
19:33:51.0610 1972 Processor architecture: Intel x64
19:33:51.0610 1972 Number of processors: 4
19:33:51.0610 1972 Page size: 0x1000
19:33:51.0610 1972 Boot type: Normal boot
19:33:51.0610 1972 ============================================================
19:33:53.0654 1972 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:33:53.0669 1972 ============================================================
19:33:53.0669 1972 \Device\Harddisk0\DR0:
19:33:53.0685 1972 MBR partitions:
19:33:53.0685 1972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000
19:33:53.0685 1972 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000
19:33:53.0685 1972 ============================================================
19:33:53.0763 1972 C: <-> \Device\Harddisk0\DR0\Partition1
19:33:53.0810 1972 D: <-> \Device\Harddisk0\DR0\Partition2
19:33:53.0810 1972 ============================================================
19:33:53.0810 1972 Initialize success
19:33:53.0810 1972 ============================================================
19:34:59.0032 5564 ============================================================
19:34:59.0032 5564 Scan started
19:34:59.0032 5564 Mode: Manual; SigCheck; TDLFS;
19:34:59.0032 5564 ============================================================
19:35:02.0074 5564 ================ Scan system memory ========================
19:35:02.0074 5564 System memory - ok
19:35:02.0074 5564 ================ Scan services =============================
19:35:02.0511 5564 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:35:02.0761 5564 1394ohci - ok
19:35:02.0823 5564 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
19:35:02.0870 5564 ACPI - ok
19:35:02.0917 5564 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
19:35:03.0041 5564 AcpiPmi - ok
19:35:03.0088 5564 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:35:03.0135 5564 adp94xx - ok
19:35:03.0182 5564 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:35:03.0213 5564 adpahci - ok
19:35:03.0244 5564 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:35:03.0275 5564 adpu320 - ok
19:35:03.0322 5564 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:35:03.0494 5564 AeLookupSvc - ok
19:35:03.0587 5564 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
19:35:03.0712 5564 AFD - ok
19:35:03.0759 5564 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
19:35:03.0790 5564 agp440 - ok
19:35:03.0821 5564 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:35:03.0946 5564 ALG - ok
19:35:03.0993 5564 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
19:35:04.0024 5564 aliide - ok
19:35:04.0071 5564 [ F581CE4A97766833FBBC8581734E2BBF ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:35:04.0180 5564 AMD External Events Utility - ok
19:35:04.0211 5564 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
19:35:04.0243 5564 amdide - ok
19:35:04.0274 5564 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:35:04.0336 5564 AmdK8 - ok
19:35:04.0679 5564 [ 91890B3670C129E2B3466D2AFAE05EAC ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:35:05.0003 5564 amdkmdag - ok
19:35:05.0043 5564 [ CC5B75D4A24E7493408510D061DF51AA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:35:05.0103 5564 amdkmdap - ok
19:35:05.0133 5564 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:35:05.0193 5564 AmdPPM - ok
19:35:05.0263 5564 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:35:05.0313 5564 amdsata - ok
19:35:05.0343 5564 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:35:05.0373 5564 amdsbs - ok
19:35:05.0393 5564 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:35:05.0413 5564 amdxata - ok
19:35:05.0463 5564 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
19:35:05.0583 5564 AppID - ok
19:35:05.0603 5564 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:35:05.0733 5564 AppIDSvc - ok
19:35:05.0773 5564 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
19:35:05.0873 5564 Appinfo - ok
19:35:05.0903 5564 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:35:05.0933 5564 arc - ok
19:35:05.0933 5564 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:35:05.0953 5564 arcsas - ok
19:35:06.0233 5564 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:35:06.0303 5564 aspnet_state - ok
19:35:06.0333 5564 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:06.0403 5564 AsyncMac - ok
19:35:06.0433 5564 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
19:35:06.0473 5564 atapi - ok
19:35:06.0593 5564 [ C5AB7EB4673ED2726A8A89D31CD30E20 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:35:06.0723 5564 athr - ok
19:35:06.0783 5564 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:35:06.0933 5564 AudioEndpointBuilder - ok
19:35:06.0993 5564 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:35:07.0071 5564 AudioSrv - ok
19:35:07.0204 5564 [ 946D70667B0119F2BEEAE0849E1D46A2 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
19:35:07.0284 5564 AVP - ok
19:35:07.0324 5564 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:35:07.0444 5564 AxInstSV - ok
19:35:07.0494 5564 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:35:07.0574 5564 b06bdrv - ok
19:35:07.0614 5564 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:35:07.0674 5564 b57nd60a - ok
19:35:07.0754 5564 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:35:07.0834 5564 BDESVC - ok
19:35:07.0854 5564 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:35:07.0984 5564 Beep - ok
19:35:08.0044 5564 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
19:35:08.0164 5564 BFE - ok
19:35:08.0294 5564 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
19:35:08.0394 5564 BITS - ok
19:35:08.0434 5564 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:35:08.0484 5564 blbdrive - ok
19:35:08.0544 5564 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:35:08.0624 5564 bowser - ok
19:35:08.0704 5564 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:35:08.0774 5564 BrFiltLo - ok
19:35:08.0794 5564 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:35:08.0844 5564 BrFiltUp - ok
19:35:08.0924 5564 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
19:35:08.0974 5564 Browser - ok
19:35:09.0044 5564 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:35:09.0104 5564 Brserid - ok
19:35:09.0114 5564 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:35:09.0154 5564 BrSerWdm - ok
19:35:09.0174 5564 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:35:09.0272 5564 BrUsbMdm - ok
19:35:09.0287 5564 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:35:09.0333 5564 BrUsbSer - ok
19:35:09.0393 5564 [ 2347ABBD13BADA65826FDAB4CAAFE357 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
19:35:09.0403 5564 BtFilter - ok
19:35:09.0423 5564 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:35:09.0453 5564 BTHMODEM - ok
19:35:09.0473 5564 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:35:09.0543 5564 bthserv - ok
19:35:09.0563 5564 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:35:09.0643 5564 cdfs - ok
19:35:09.0683 5564 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:35:09.0753 5564 cdrom - ok
19:35:09.0833 5564 [ 7E83E47BD1FF93E11CD69F1AD65A9581 ] CeKbFilter C:\Windows\system32\DRIVERS\CeKbFilter.sys
19:35:09.0883 5564 CeKbFilter - ok
19:35:09.0933 5564 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
19:35:09.0993 5564 CertPropSvc - ok
19:35:10.0143 5564 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
19:35:10.0173 5564 cfWiMAXService - ok
19:35:10.0193 5564 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:35:10.0273 5564 circlass - ok
19:35:10.0323 5564 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:35:10.0363 5564 CLFS - ok
19:35:10.0493 5564 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:10.0533 5564 clr_optimization_v2.0.50727_32 - ok
19:35:10.0593 5564 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:35:10.0633 5564 clr_optimization_v2.0.50727_64 - ok
19:35:10.0733 5564 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:10.0773 5564 clr_optimization_v4.0.30319_32 - ok
19:35:10.0783 5564 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:35:10.0823 5564 clr_optimization_v4.0.30319_64 - ok
19:35:10.0853 5564 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:35:10.0893 5564 CmBatt - ok
19:35:10.0913 5564 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
19:35:10.0943 5564 cmdide - ok
19:35:11.0033 5564 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
19:35:11.0103 5564 CNG - ok
19:35:11.0143 5564 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:35:11.0163 5564 Compbatt - ok
19:35:11.0183 5564 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:35:11.0233 5564 CompositeBus - ok
19:35:11.0253 5564 COMSysApp - ok
19:35:11.0283 5564 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:35:11.0313 5564 ConfigFree Service - ok
19:35:11.0323 5564 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:35:11.0353 5564 crcdisk - ok
19:35:11.0425 5564 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:35:11.0482 5564 CryptSvc - ok
19:35:11.0662 5564 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:35:11.0712 5564 cvhsvc - ok
19:35:11.0782 5564 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:35:11.0892 5564 DcomLaunch - ok
19:35:11.0962 5564 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:35:12.0062 5564 defragsvc - ok
19:35:12.0122 5564 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:35:12.0152 5564 DfsC - ok
19:35:12.0192 5564 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
19:35:12.0272 5564 Dhcp - ok
19:35:12.0292 5564 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:35:12.0372 5564 discache - ok
19:35:12.0422 5564 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:35:12.0442 5564 Disk - ok
19:35:12.0482 5564 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:35:12.0562 5564 Dnscache - ok
19:35:12.0602 5564 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
19:35:12.0702 5564 dot3svc - ok
19:35:12.0732 5564 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
19:35:12.0842 5564 DPS - ok
19:35:12.0882 5564 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:35:12.0932 5564 drmkaud - ok
19:35:13.0032 5564 [ 601E731BF8E3F22906CE7D4D724B0439 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:35:13.0142 5564 DXGKrnl - ok
19:35:13.0172 5564 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:35:13.0242 5564 EapHost - ok
19:35:13.0706 5564 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:35:13.0862 5564 ebdrv - ok
19:35:13.0924 5564 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
19:35:14.0002 5564 EFS - ok
19:35:14.0127 5564 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:35:14.0252 5564 ehRecvr - ok
19:35:14.0314 5564 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:35:14.0392 5564 ehSched - ok
19:35:14.0455 5564 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:35:14.0486 5564 elxstor - ok
19:35:14.0501 5564 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
19:35:14.0579 5564 ErrDev - ok
19:35:14.0626 5564 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:35:14.0673 5564 EventSystem - ok
19:35:14.0720 5564 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:35:14.0813 5564 exfat - ok
19:35:14.0860 5564 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:35:14.0954 5564 fastfat - ok
19:35:15.0001 5564 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
19:35:15.0079 5564 Fax - ok
19:35:15.0079 5564 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:35:15.0125 5564 fdc - ok
19:35:15.0172 5564 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:35:15.0235 5564 fdPHost - ok
19:35:15.0250 5564 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:35:15.0313 5564 FDResPub - ok
19:35:15.0375 5564 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:35:15.0406 5564 FileInfo - ok
19:35:15.0437 5564 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:35:15.0500 5564 Filetrace - ok
19:35:15.0515 5564 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:35:15.0547 5564 flpydisk - ok
19:35:15.0609 5564 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:35:15.0640 5564 FltMgr - ok
19:35:15.0703 5564 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
19:35:15.0765 5564 FontCache - ok
19:35:15.0874 5564 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:35:15.0890 5564 FontCache3.0.0.0 - ok
19:35:15.0968 5564 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:35:16.0015 5564 FsDepends - ok
19:35:16.0061 5564 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:35:16.0093 5564 Fs_Rec - ok
19:35:16.0155 5564 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:35:16.0202 5564 fvevol - ok
19:35:16.0249 5564 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:35:16.0264 5564 gagp30kx - ok
19:35:16.0389 5564 [ 1FDA0DF739234C4023851A282DD28704 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
19:35:16.0436 5564 GameConsoleService - ok
19:35:16.0436 5564 Scan interrupted by user!
19:35:16.0436 5564 ================ Scan global ===============================
19:35:16.0436 5564 Scan interrupted by user!
19:35:16.0436 5564 ================ Scan MBR ==================================
19:35:16.0436 5564 Scan interrupted by user!
19:35:16.0436 5564 ================ Scan VBR ==================================
19:35:16.0436 5564 Scan interrupted by user!
19:35:16.0436 5564 ============================================================
19:35:16.0436 5564 Scan finished
19:35:16.0436 5564 ============================================================
19:35:16.0451 3132 Detected object count: 0
19:35:16.0451 3132 Actual detected object count: 0
19:35:20.0133 4888 ============================================================
19:35:20.0133 4888 Scan started
19:35:20.0133 4888 Mode: Manual; SigCheck; TDLFS;
19:35:20.0133 4888 ============================================================
19:35:20.0492 4888 ================ Scan system memory ========================
19:35:20.0492 4888 System memory - ok
19:35:20.0492 4888 ================ Scan services =============================
19:35:20.0819 4888 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:35:20.0882 4888 1394ohci - ok
19:35:20.0975 4888 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
19:35:21.0007 4888 ACPI - ok
19:35:21.0038 4888 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
19:35:21.0085 4888 AcpiPmi - ok
19:35:21.0147 4888 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:35:21.0194 4888 adp94xx - ok
19:35:21.0225 4888 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:35:21.0272 4888 adpahci - ok
19:35:21.0287 4888 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:35:21.0319 4888 adpu320 - ok
19:35:21.0365 4888 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:35:21.0428 4888 AeLookupSvc - ok
19:35:21.0521 4888 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
19:35:21.0568 4888 AFD - ok
19:35:21.0615 4888 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
19:35:21.0631 4888 agp440 - ok
19:35:21.0662 4888 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:35:21.0693 4888 ALG - ok
19:35:21.0709 4888 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
19:35:21.0740 4888 aliide - ok
19:35:21.0771 4888 [ F581CE4A97766833FBBC8581734E2BBF ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:35:21.0787 4888 AMD External Events Utility - ok
19:35:21.0787 4888 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
19:35:21.0818 4888 amdide - ok
19:35:21.0849 4888 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:35:21.0896 4888 AmdK8 - ok
19:35:22.0832 4888 [ 91890B3670C129E2B3466D2AFAE05EAC ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:35:22.0925 4888 amdkmdag - ok
19:35:22.0972 4888 [ CC5B75D4A24E7493408510D061DF51AA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:35:23.0019 4888 amdkmdap - ok
19:35:23.0050 4888 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:35:23.0066 4888 AmdPPM - ok
19:35:23.0128 4888 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:35:23.0144 4888 amdsata - ok
19:35:23.0191 4888 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:35:23.0206 4888 amdsbs - ok
19:35:23.0237 4888 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:35:23.0253 4888 amdxata - ok
19:35:23.0284 4888 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
19:35:23.0300 4888 AppID - ok
19:35:23.0362 4888 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:35:23.0409 4888 AppIDSvc - ok
19:35:23.0425 4888 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
19:35:23.0440 4888 Appinfo - ok
19:35:23.0487 4888 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:35:23.0518 4888 arc - ok
19:35:23.0534 4888 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:35:23.0565 4888 arcsas - ok
19:35:23.0752 4888 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:35:23.0799 4888 aspnet_state - ok
19:35:23.0830 4888 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:23.0877 4888 AsyncMac - ok
19:35:23.0908 4888 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
19:35:23.0924 4888 atapi - ok
19:35:24.0298 4888 [ C5AB7EB4673ED2726A8A89D31CD30E20 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:35:24.0376 4888 athr - ok
19:35:24.0423 4888 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:35:24.0485 4888 AudioEndpointBuilder - ok
19:35:24.0501 4888 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:35:24.0548 4888 AudioSrv - ok
19:35:24.0657 4888 [ 946D70667B0119F2BEEAE0849E1D46A2 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
19:35:24.0688 4888 AVP - ok
19:35:24.0751 4888 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:35:24.0813 4888 AxInstSV - ok
19:35:24.0860 4888 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:35:24.0875 4888 b06bdrv - ok
19:35:24.0985 4888 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:35:25.0016 4888 b57nd60a - ok
19:35:25.0078 4888 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:35:25.0141 4888 BDESVC - ok
19:35:25.0141 4888 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:35:25.0187 4888 Beep - ok
19:35:25.0265 4888 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
19:35:25.0343 4888 BFE - ok
19:35:25.0515 4888 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
19:35:25.0593 4888 BITS - ok
19:35:25.0624 4888 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:35:25.0640 4888 blbdrive - ok
19:35:25.0702 4888 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:35:25.0749 4888 bowser - ok
19:35:25.0765 4888 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:35:25.0796 4888 BrFiltLo - ok
19:35:25.0811 4888 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:35:25.0843 4888 BrFiltUp - ok
19:35:25.0921 4888 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
19:35:25.0983 4888 Browser - ok
19:35:26.0030 4888 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:35:26.0077 4888 Brserid - ok
19:35:26.0108 4888 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:35:26.0123 4888 BrSerWdm - ok
19:35:26.0139 4888 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:35:26.0155 4888 BrUsbMdm - ok
19:35:26.0170 4888 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:35:26.0201 4888 BrUsbSer - ok
19:35:26.0233 4888 [ 2347ABBD13BADA65826FDAB4CAAFE357 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
19:35:26.0248 4888 BtFilter - ok
19:35:26.0264 4888 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:35:26.0295 4888 BTHMODEM - ok
19:35:26.0311 4888 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:35:26.0357 4888 bthserv - ok
19:35:26.0389 4888 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:35:26.0435 4888 cdfs - ok
19:35:26.0451 4888 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:35:26.0467 4888 cdrom - ok
19:35:26.0513 4888 [ 7E83E47BD1FF93E11CD69F1AD65A9581 ] CeKbFilter C:\Windows\system32\DRIVERS\CeKbFilter.sys
19:35:26.0545 4888 CeKbFilter - ok
19:35:26.0576 4888 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
19:35:26.0623 4888 CertPropSvc - ok
19:35:26.0716 4888 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
19:35:26.0732 4888 cfWiMAXService - ok
19:35:26.0747 4888 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:35:26.0779 4888 circlass - ok
19:35:26.0841 4888 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:35:26.0888 4888 CLFS - ok
19:35:26.0997 4888 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:27.0028 4888 clr_optimization_v2.0.50727_32 - ok
19:35:27.0091 4888 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:35:27.0122 4888 clr_optimization_v2.0.50727_64 - ok
19:35:27.0184 4888 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:27.0215 4888 clr_optimization_v4.0.30319_32 - ok
19:35:27.0231 4888 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:35:27.0247 4888 clr_optimization_v4.0.30319_64 - ok
19:35:27.0293 4888 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:35:27.0309 4888 CmBatt - ok
19:35:27.0325 4888 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
19:35:27.0340 4888 cmdide - ok
19:35:27.0418 4888 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
19:35:27.0449 4888 CNG - ok
19:35:27.0496 4888 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:35:27.0512 4888 Compbatt - ok
19:35:27.0543 4888 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:35:27.0559 4888 CompositeBus - ok
19:35:27.0574 4888 COMSysApp - ok
19:35:27.0621 4888 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:35:27.0637 4888 ConfigFree Service - ok
19:35:27.0683 4888 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:35:27.0699 4888 crcdisk - ok
19:35:27.0777 4888 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:35:27.0793 4888 CryptSvc - ok
19:35:27.0980 4888 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:35:28.0011 4888 cvhsvc - ok
19:35:28.0042 4888 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:35:28.0105 4888 DcomLaunch - ok
19:35:28.0151 4888 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:35:28.0229 4888 defragsvc - ok
19:35:28.0292 4888 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:35:28.0323 4888 DfsC - ok
19:35:28.0417 4888 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
19:35:28.0463 4888 Dhcp - ok
19:35:28.0526 4888 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:35:28.0604 4888 discache - ok
19:35:28.0619 4888 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:35:28.0635 4888 Disk - ok
19:35:28.0666 4888 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:35:28.0713 4888 Dnscache - ok
19:35:28.0775 4888 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
19:35:28.0838 4888 dot3svc - ok
19:35:28.0885 4888 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
19:35:28.0963 4888 DPS - ok
19:35:29.0025 4888 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:35:29.0056 4888 drmkaud - ok
19:35:29.0181 4888 [ 601E731BF8E3F22906CE7D4D724B0439 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:35:29.0243 4888 DXGKrnl - ok
19:35:29.0259 4888 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:35:29.0306 4888 EapHost - ok
19:35:29.0509 4888 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:35:29.0587 4888 ebdrv - ok
19:35:29.0633 4888 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
19:35:29.0649 4888 EFS - ok
19:35:29.0789 4888 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:35:29.0836 4888 ehRecvr - ok
19:35:29.0867 4888 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:35:29.0883 4888 ehSched - ok
19:35:30.0055 4888 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:35:30.0101 4888 elxstor - ok
19:35:30.0133 4888 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
19:35:30.0179 4888 ErrDev - ok
19:35:30.0211 4888 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:35:30.0257 4888 EventSystem - ok
19:35:30.0351 4888 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:35:30.0398 4888 exfat - ok
19:35:30.0413 4888 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:35:30.0476 4888 fastfat - ok
19:35:30.0632 4888 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
19:35:30.0694 4888 Fax - ok
19:35:30.0710 4888 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:35:30.0725 4888 fdc - ok
19:35:30.0772 4888 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:35:30.0819 4888 fdPHost - ok
19:35:30.0850 4888 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:35:30.0881 4888 FDResPub - ok
19:35:30.0928 4888 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:35:30.0959 4888 FileInfo - ok
19:35:31.0022 4888 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:35:31.0069 4888 Filetrace - ok
19:35:31.0069 4888 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:35:31.0100 4888 flpydisk - ok
19:35:31.0162 4888 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:35:31.0193 4888 FltMgr - ok
19:35:31.0412 4888 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
19:35:31.0459 4888 FontCache - ok
19:35:31.0583 4888 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:35:31.0615 4888 FontCache3.0.0.0 - ok
19:35:31.0708 4888 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:35:31.0739 4888 FsDepends - ok
19:35:31.0786 4888 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:35:31.0817 4888 Fs_Rec - ok
19:35:31.0849 4888 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:35:31.0880 4888 fvevol - ok
19:35:31.0942 4888 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:35:31.0973 4888 gagp30kx - ok
19:35:32.0207 4888 [ 1FDA0DF739234C4023851A282DD28704 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
19:35:32.0239 4888 GameConsoleService - ok
19:35:32.0395 4888 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
19:35:32.0488 4888 gpsvc - ok
19:35:32.0629 4888 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:35:32.0675 4888 gupdate - ok
19:35:32.0707 4888 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:35:32.0738 4888 gupdatem - ok
19:35:32.0753 4888 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:35:32.0816 4888 hcw85cir - ok
19:35:32.0847 4888 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:35:32.0909 4888 HdAudAddService - ok
19:35:32.0941 4888 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:35:33.0003 4888 HDAudBus - ok
19:35:33.0050 4888 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:35:33.0097 4888 HECIx64 - ok
19:35:33.0112 4888 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:35:33.0175 4888 HidBatt - ok
19:35:33.0206 4888 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:35:33.0284 4888 HidBth - ok
19:35:33.0299 4888 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:35:33.0315 4888 HidIr - ok
19:35:33.0346 4888 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:35:33.0409 4888 hidserv - ok
19:35:33.0471 4888 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:35:33.0533 4888 HidUsb - ok
19:35:33.0580 4888 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:35:33.0643 4888 hkmsvc - ok
19:35:33.0689 4888 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:35:33.0814 4888 HomeGroupListener - ok
19:35:33.0908 4888 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:35:33.0986 4888 HomeGroupProvider - ok
19:35:34.0017 4888 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
19:35:34.0048 4888 HpSAMD - ok
19:35:34.0095 4888 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:35:34.0220 4888 HTTP - ok
19:35:34.0235 4888 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:35:34.0251 4888 hwpolicy - ok
19:35:34.0298 4888 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:35:34.0360 4888 i8042prt - ok
19:35:34.0407 4888 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:35:34.0423 4888 iaStor - ok
19:35:34.0469 4888 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:35:34.0516 4888 iaStorV - ok
19:35:34.0657 4888 [ 4DE2EE2A5186D74BABC4E7F60D2AE989 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
19:35:34.0719 4888 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
19:35:34.0719 4888 IconMan_R - detected UnsignedFile.Multi.Generic (1)
19:35:34.0906 4888 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:35:34.0937 4888 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:35:34.0937 4888 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:35:35.0187 4888 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:35:35.0234 4888 idsvc - ok
19:35:35.0281 4888 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:35:35.0312 4888 iirsp - ok
19:35:35.0359 4888 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
19:35:35.0452 4888 IKEEXT - ok
19:35:36.0092 4888 [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:35:36.0217 4888 IntcAzAudAddService - ok
19:35:36.0232 4888 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:35:36.0263 4888 intelide - ok
19:35:36.0310 4888 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:35:36.0341 4888 intelppm - ok
19:35:36.0373 4888 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:35:36.0435 4888 IPBusEnum - ok
19:35:36.0466 4888 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:35:36.0513 4888 IpFilterDriver - ok
19:35:36.0591 4888 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:35:36.0653 4888 iphlpsvc - ok
19:35:36.0669 4888 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:35:36.0747 4888 IPMIDRV - ok
19:35:36.0794 4888 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:35:36.0903 4888 IPNAT - ok
19:35:36.0950 4888 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:35:36.0965 4888 IRENUM - ok
19:35:36.0981 4888 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
19:35:37.0012 4888 isapnp - ok
19:35:37.0059 4888 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:35:37.0090 4888 iScsiPrt - ok
19:35:37.0137 4888 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:35:37.0199 4888 kbdclass - ok
19:35:37.0277 4888 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:35:37.0340 4888 kbdhid - ok
19:35:37.0371 4888 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
19:35:37.0402 4888 KeyIso - ok
19:35:37.0511 4888 [ 8D7120743A0973CEAB548B475C9D4289 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
19:35:37.0558 4888 KL1 - ok
19:35:37.0636 4888 [ CD146D8E525D6EEBDCAF24120A8AB9CE ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
19:35:37.0667 4888 kl2 - ok
19:35:37.0855 4888 [ 177505577604C94C4BE7B9316A90ADA1 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
19:35:37.0917 4888 KLIF - ok
19:35:37.0995 4888 [ 2A64B3A9EED93A2E96537B67C079FC96 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
19:35:38.0042 4888 KLIM6 - ok
19:35:38.0057 4888 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
19:35:38.0104 4888 klmouflt - ok
19:35:38.0182 4888 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:35:38.0213 4888 KSecDD - ok
19:35:38.0245 4888 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:35:38.0276 4888 KSecPkg - ok
19:35:38.0354 4888 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:35:38.0463 4888 ksthunk - ok
19:35:38.0525 4888 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:35:38.0619 4888 KtmRm - ok
19:35:38.0744 4888 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:35:38.0853 4888 LanmanServer - ok
19:35:38.0931 4888 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:35:39.0025 4888 LanmanWorkstation - ok
19:35:39.0103 4888 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:35:39.0196 4888 lltdio - ok
19:35:39.0274 4888 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:35:39.0352 4888 lltdsvc - ok
19:35:39.0415 4888 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:35:39.0461 4888 lmhosts - ok
19:35:39.0664 4888 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:35:39.0695 4888 LMS - ok
19:35:39.0805 4888 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
19:35:39.0851 4888 LPCFilter - ok
19:35:39.0898 4888 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:35:39.0945 4888 LSI_FC - ok
19:35:40.0007 4888 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:35:40.0054 4888 LSI_SAS - ok
19:35:40.0101 4888 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:35:40.0148 4888 LSI_SAS2 - ok
19:35:40.0226 4888 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:35:40.0273 4888 LSI_SCSI - ok
19:35:40.0288 4888 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:35:40.0382 4888 luafv - ok
19:35:40.0413 4888 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:35:40.0475 4888 Mcx2Svc - ok
19:35:40.0522 4888 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:35:40.0569 4888 megasas - ok
19:35:40.0647 4888 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:35:40.0694 4888 MegaSR - ok
19:35:40.0725 4888 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:35:40.0803 4888 MMCSS - ok
19:35:40.0819 4888 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:35:40.0897 4888 Modem - ok
19:35:40.0959 4888 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:35:41.0037 4888 monitor - ok
19:35:41.0068 4888 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:35:41.0115 4888 mouclass - ok
19:35:41.0162 4888 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:35:41.0240 4888 mouhid - ok
19:35:41.0287 4888 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:35:41.0365 4888 mountmgr - ok
19:35:41.0536 4888 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:35:41.0583 4888 MozillaMaintenance - ok
19:35:41.0661 4888 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
19:35:41.0708 4888 mpio - ok
19:35:41.0739 4888 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:35:41.0801 4888 mpsdrv - ok
19:35:41.0942 4888 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:35:42.0067 4888 MpsSvc - ok
19:35:42.0082 4888 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:35:42.0160 4888 MRxDAV - ok
19:35:42.0207 4888 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:35:42.0269 4888 mrxsmb - ok
19:35:42.0363 4888 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:35:42.0379 4888 mrxsmb10 - ok
19:35:42.0441 4888 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:35:42.0488 4888 mrxsmb20 - ok
19:35:42.0550 4888 [ 2BA4FF3D5EB68587DD662A896F649C7D ] msahci C:\Windows\system32\DRIVERS\msahci.sys
19:35:42.0581 4888 msahci - ok
19:35:42.0597 4888 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
19:35:42.0644 4888 msdsm - ok
19:35:42.0737 4888 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:35:42.0815 4888 MSDTC - ok
19:35:42.0878 4888 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:35:42.0940 4888 Msfs - ok
19:35:42.0987 4888 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:35:43.0081 4888 mshidkmdf - ok
19:35:43.0112 4888 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
19:35:43.0127 4888 msisadrv - ok
19:35:43.0221 4888 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:35:43.0315 4888 MSiSCSI - ok
19:35:43.0315 4888 msiserver - ok
19:35:43.0377 4888 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:35:43.0471 4888 MSKSSRV - ok
19:35:43.0486 4888 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:35:43.0564 4888 MSPCLOCK - ok
19:35:43.0642 4888 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:35:43.0736 4888 MSPQM - ok
19:35:43.0767 4888 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:35:43.0798 4888 MsRPC - ok
19:35:43.0861 4888 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:35:43.0892 4888 mssmbios - ok
19:35:43.0923 4888 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:35:44.0032 4888 MSTEE - ok
19:35:44.0063 4888 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:35:44.0141 4888 MTConfig - ok
19:35:44.0173 4888 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:35:44.0204 4888 Mup - ok
19:35:44.0297 4888 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
19:35:44.0407 4888 napagent - ok
19:35:44.0547 4888 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:35:44.0641 4888 NativeWifiP - ok
19:35:44.0828 4888 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate c:\Program Files (x86)\Nero\Update\NASvc.exe
19:35:44.0875 4888 NAUpdate - ok
19:35:45.0062 4888 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:35:45.0140 4888 NDIS - ok
19:35:45.0187 4888 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:35:45.0265 4888 NdisCap - ok
19:35:45.0311 4888 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:45.0405 4888 NdisTapi - ok
19:35:45.0467 4888 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:45.0545 4888 Ndisuio - ok
19:35:45.0561 4888 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:45.0639 4888 NdisWan - ok
19:35:45.0779 4888 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:35:45.0857 4888 NDProxy - ok
19:35:45.0904 4888 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:35:46.0013 4888 NetBIOS - ok
19:35:46.0076 4888 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:35:46.0154 4888 NetBT - ok
19:35:46.0201 4888 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
19:35:46.0232 4888 Netlogon - ok
19:35:46.0294 4888 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:35:46.0403 4888 Netman - ok
19:35:46.0497 4888 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:35:46.0544 4888 NetMsmqActivator - ok
19:35:46.0622 4888 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:35:46.0653 4888 NetPipeActivator - ok
19:35:46.0731 4888 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:35:46.0825 4888 netprofm - ok
19:35:46.0856 4888 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:35:46.0871 4888 NetTcpActivator - ok
19:35:46.0871 4888 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:35:46.0903 4888 NetTcpPortSharing - ok
19:35:46.0965 4888 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:35:46.0981 4888 nfrd960 - ok
19:35:47.0074 4888 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:35:47.0183 4888 NlaSvc - ok
19:35:47.0199 4888 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:35:47.0277 4888 Npfs - ok
19:35:47.0308 4888 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:35:47.0402 4888 nsi - ok
19:35:47.0449 4888 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:35:47.0527 4888 nsiproxy - ok
19:35:47.0745 4888 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:35:47.0885 4888 Ntfs - ok
19:35:47.0901 4888 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:35:48.0010 4888 Null - ok
19:35:48.0073 4888 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:35:48.0088 4888 nvraid - ok
19:35:48.0119 4888 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:35:48.0135 4888 nvstor - ok
19:35:48.0182 4888 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
19:35:48.0197 4888 nv_agp - ok
19:35:48.0213 4888 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:35:48.0275 4888 ohci1394 - ok
19:35:48.0353 4888 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:35:48.0400 4888 ose - ok
19:35:48.0665 4888 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:35:48.0884 4888 osppsvc - ok
19:35:49.0009 4888 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:35:49.0102 4888 p2pimsvc - ok
19:35:49.0149 4888 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:35:49.0180 4888 p2psvc - ok
19:35:49.0227 4888 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:35:49.0274 4888 Parport - ok
19:35:49.0321 4888 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:35:49.0352 4888 partmgr - ok
19:35:49.0399 4888 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:35:49.0477 4888 PcaSvc - ok
19:35:49.0570 4888 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
19:35:49.0617 4888 pci - ok
19:35:49.0633 4888 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
19:35:49.0664 4888 pciide - ok
19:35:49.0679 4888 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:35:49.0695 4888 pcmcia - ok
19:35:49.0711 4888 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:35:49.0726 4888 pcw - ok
19:35:49.0757 4888 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:35:49.0882 4888 PEAUTH - ok
19:35:49.0991 4888 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:35:50.0054 4888 PerfHost - ok
19:35:50.0132 4888 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
19:35:50.0179 4888 PGEffect - ok
19:35:50.0319 4888 [ E05CC0B8CC6DD51CC3FD7980F41FFABD ] pgsql-8.3 C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
19:35:50.0350 4888 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - warning
19:35:50.0350 4888 pgsql-8.3 - detected UnsignedFile.Multi.Generic (1)
19:35:50.0569 4888 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
19:35:50.0693 4888 pla - ok
19:35:50.0771 4888 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:35:50.0881 4888 PlugPlay - ok
19:35:50.0896 4888 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:35:50.0959 4888 PNRPAutoReg - ok
19:35:51.0037 4888 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:35:51.0083 4888 PNRPsvc - ok
19:35:51.0130 4888 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:35:51.0224 4888 PolicyAgent - ok
19:35:51.0286 4888 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:35:51.0395 4888 Power - ok
19:35:51.0442 4888 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:35:51.0520 4888 PptpMiniport - ok
19:35:51.0536 4888 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:35:51.0567 4888 Processor - ok
19:35:51.0614 4888 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
19:35:51.0645 4888 ProfSvc - ok
19:35:51.0645 4888 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:35:51.0661 4888 ProtectedStorage - ok
19:35:51.0707 4888 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:35:51.0785 4888 Psched - ok
19:35:51.0848 4888 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:35:51.0910 4888 ql2300 - ok
19:35:51.0910 4888 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:35:51.0926 4888 ql40xx - ok
19:35:52.0019 4888 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:35:52.0082 4888 QWAVE - ok
19:35:52.0129 4888 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:35:52.0207 4888 QWAVEdrv - ok
19:35:52.0238 4888 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:35:52.0316 4888 RasAcd - ok
19:35:52.0347 4888 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:35:52.0409 4888 RasAgileVpn - ok
19:35:52.0456 4888 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:35:52.0550 4888 RasAuto - ok
19:35:52.0565 4888 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:52.0612 4888 Rasl2tp - ok
19:35:52.0659 4888 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
19:35:52.0721 4888 RasMan - ok
19:35:52.0737 4888 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:52.0784 4888 RasPppoe - ok
19:35:52.0815 4888 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:35:52.0877 4888 RasSstp - ok
19:35:52.0909 4888 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:35:52.0987 4888 rdbss - ok
19:35:53.0049 4888 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:35:53.0096 4888 rdpbus - ok
19:35:53.0112 4888 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:53.0174 4888 RDPCDD - ok
19:35:53.0205 4888 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:35:53.0283 4888 RDPENCDD - ok
19:35:53.0314 4888 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:35:53.0392 4888 RDPREFMP - ok
19:35:53.0424 4888 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:35:53.0502 4888 RDPWD - ok
19:35:53.0533 4888 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:35:53.0564 4888 rdyboost - ok
19:35:53.0595 4888 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:35:53.0720 4888 RemoteAccess - ok
19:35:53.0751 4888 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:35:53.0829 4888 RemoteRegistry - ok
19:35:53.0860 4888 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:35:53.0985 4888 RpcEptMapper - ok
19:35:54.0048 4888 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:35:54.0110 4888 RpcLocator - ok
19:35:54.0204 4888 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
19:35:54.0282 4888 RpcSs - ok
19:35:54.0313 4888 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:35:54.0375 4888 rspndr - ok
19:35:54.0422 4888 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:35:54.0438 4888 RSUSBSTOR - ok
19:35:54.0469 4888 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:35:54.0531 4888 RTL8167 - ok
19:35:54.0547 4888 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
19:35:54.0562 4888 SamSs - ok
19:35:54.0578 4888 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
19:35:54.0609 4888 sbp2port - ok
19:35:54.0625 4888 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:35:54.0703 4888 SCardSvr - ok
19:35:54.0734 4888 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:35:54.0828 4888 scfilter - ok
19:35:54.0984 4888 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
19:35:55.0062 4888 Schedule - ok
19:35:55.0108 4888 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:35:55.0171 4888 SCPolicySvc - ok
19:35:55.0202 4888 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:35:55.0264 4888 SDRSVC - ok
19:35:55.0296 4888 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:35:55.0374 4888 secdrv - ok
19:35:55.0405 4888 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
19:35:55.0498 4888 seclogon - ok
19:35:55.0530 4888 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:35:55.0608 4888 SENS - ok
19:35:55.0623 4888 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:35:55.0701 4888 SensrSvc - ok
19:35:55.0717 4888 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:35:55.0748 4888 Serenum - ok
19:35:55.0795 4888 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:35:55.0857 4888 Serial - ok
19:35:55.0873 4888 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:35:55.0951 4888 sermouse - ok
19:35:55.0998 4888 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
19:35:56.0076 4888 SessionEnv - ok
19:35:56.0138 4888 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:35:56.0232 4888 sffdisk - ok
19:35:56.0247 4888 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:35:56.0278 4888 sffp_mmc - ok
19:35:56.0310 4888 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:35:56.0341 4888 sffp_sd - ok
19:35:56.0356 4888 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:35:56.0403 4888 sfloppy - ok
19:35:56.0528 4888 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:35:56.0606 4888 Sftfs - ok
19:35:56.0700 4888 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:35:56.0762 4888 sftlist - ok
19:35:56.0824 4888 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:35:56.0902 4888 Sftplay - ok
19:35:56.0918 4888 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:35:56.0949 4888 Sftredir - ok
19:35:56.0980 4888 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:35:57.0012 4888 Sftvol - ok
19:35:57.0058 4888 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:35:57.0121 4888 sftvsa - ok
19:35:57.0136 4888 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:35:57.0214 4888 SharedAccess - ok
19:35:57.0261 4888 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:35:57.0324 4888 ShellHWDetection - ok
19:35:57.0355 4888 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:35:57.0370 4888 SiSRaid2 - ok
19:35:57.0386 4888 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:35:57.0402 4888 SiSRaid4 - ok
19:35:57.0464 4888 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:35:57.0480 4888 SkypeUpdate - ok
19:35:57.0495 4888 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:35:57.0558 4888 Smb - ok
19:35:57.0620 4888 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:35:57.0698 4888 SNMPTRAP - ok
19:35:57.0729 4888 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:35:57.0745 4888 spldr - ok
19:35:57.0792 4888 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
19:35:57.0838 4888 Spooler - ok
19:35:57.0932 4888 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
19:35:58.0088 4888 sppsvc - ok
19:35:58.0119 4888 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:35:58.0182 4888 sppuinotify - ok
19:35:58.0213 4888 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:35:58.0306 4888 srv - ok
19:35:58.0322 4888 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:35:58.0384 4888 srv2 - ok
19:35:58.0416 4888 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:35:58.0462 4888 srvnet - ok
19:35:58.0509 4888 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:35:58.0587 4888 SSDPSRV - ok
19:35:58.0618 4888 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:35:58.0696 4888 SstpSvc - ok
19:35:58.0728 4888 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:35:58.0743 4888 stexstor - ok
19:35:58.0774 4888 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
19:35:58.0806 4888 stisvc - ok
19:35:58.0821 4888 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:35:58.0852 4888 swenum - ok
19:35:58.0899 4888 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:35:58.0946 4888 swprv - ok
19:35:59.0008 4888 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:35:59.0071 4888 SynTP - ok
19:35:59.0118 4888 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
19:35:59.0196 4888 SysMain - ok
19:35:59.0227 4888 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:35:59.0274 4888 TabletInputService - ok
19:35:59.0305 4888 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
19:35:59.0367 4888 TapiSrv - ok
19:35:59.0398 4888 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:35:59.0476 4888 TBS - ok
19:35:59.0554 4888 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:35:59.0632 4888 Tcpip - ok
19:35:59.0710 4888 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:35:59.0757 4888 TCPIP6 - ok
19:35:59.0804 4888 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:35:59.0851 4888 tcpipreg - ok
19:35:59.0929 4888 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
19:35:59.0960 4888 tdcmdpst - ok
19:35:59.0991 4888 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:36:00.0069 4888 TDPIPE - ok
19:36:00.0116 4888 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:36:00.0163 4888 TDTCP - ok
19:36:00.0178 4888 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:36:00.0256 4888 tdx - ok
19:36:00.0303 4888 [ 40E154B3125E17CE6F2AFAD57AFCFEB2 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
19:36:00.0350 4888 TemproMonitoringService - ok
19:36:00.0381 4888 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:36:00.0412 4888 TermDD - ok
19:36:00.0444 4888 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
19:36:00.0522 4888 TermService - ok
19:36:00.0553 4888 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:36:00.0584 4888 Themes - ok
19:36:00.0615 4888 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:36:00.0678 4888 THREADORDER - ok
19:36:00.0740 4888 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:36:00.0771 4888 TMachInfo - ok
19:36:00.0802 4888 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
19:36:00.0834 4888 TODDSrv - ok
19:36:00.0912 4888 [ DB9719688C08F42705FEB3F6A0C98B91 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:36:00.0958 4888 TosCoSrv - ok
19:36:01.0021 4888 [ 8F099BE5DB17D025E19652851399B9F1 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
19:36:01.0052 4888 TOSHIBA Bluetooth Service - ok
19:36:01.0099 4888 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:36:01.0146 4888 TOSHIBA HDD SSD Alert Service - ok
19:36:01.0161 4888 Tosrfcom - ok
19:36:01.0192 4888 [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
19:36:01.0224 4888 tosrfec - ok
19:36:01.0255 4888 [ 8197B0EAE0D804AC3466045DDC5DA98B ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
19:36:01.0286 4888 Tosrfusb - ok
19:36:01.0317 4888 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:36:01.0395 4888 TrkWks - ok
19:36:01.0458 4888 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:36:01.0504 4888 TrustedInstaller - ok
19:36:01.0536 4888 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:01.0614 4888 tssecsrv - ok
19:36:01.0645 4888 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:36:01.0707 4888 tunnel - ok
19:36:01.0770 4888 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:36:01.0801 4888 TVALZ - ok
19:36:01.0816 4888 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:36:01.0848 4888 uagp35 - ok
19:36:01.0848 4888 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:36:01.0926 4888 udfs - ok
19:36:01.0957 4888 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:36:01.0972 4888 UI0Detect - ok
19:36:01.0988 4888 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
19:36:02.0004 4888 uliagpkx - ok
19:36:02.0035 4888 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:36:02.0082 4888 umbus - ok
19:36:02.0097 4888 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

Alt 19.02.2013, 19:49   #12
Clegane
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Standard

incredibar als Startseite: besteht nun eine Trojanergefahr?



19:36:02.0253 4888 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:36:02.0316 4888 UNS - ok
19:36:02.0347 4888 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:36:02.0425 4888 upnphost - ok
19:36:02.0440 4888 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:02.0518 4888 usbccgp - ok
19:36:02.0550 4888 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
19:36:02.0596 4888 usbcir - ok
19:36:02.0628 4888 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:36:02.0674 4888 usbehci - ok
19:36:02.0721 4888 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:36:02.0784 4888 usbhub - ok
19:36:02.0799 4888 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:36:02.0830 4888 usbohci - ok
19:36:02.0877 4888 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:36:02.0940 4888 usbprint - ok
19:36:02.0971 4888 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:36:03.0002 4888 usbscan - ok
19:36:03.0049 4888 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:36:03.0096 4888 USBSTOR - ok
19:36:03.0142 4888 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:36:03.0205 4888 usbuhci - ok
19:36:03.0252 4888 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:36:03.0330 4888 usbvideo - ok
19:36:03.0361 4888 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:36:03.0408 4888 UxSms - ok
19:36:03.0439 4888 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
19:36:03.0454 4888 VaultSvc - ok
19:36:03.0501 4888 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
19:36:03.0517 4888 vdrvroot - ok
19:36:03.0532 4888 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
19:36:03.0595 4888 vds - ok
19:36:03.0610 4888 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:03.0642 4888 vga - ok
19:36:03.0642 4888 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:36:03.0720 4888 VgaSave - ok
19:36:03.0720 4888 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
19:36:03.0751 4888 vhdmp - ok
19:36:03.0766 4888 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
19:36:03.0798 4888 viaide - ok
19:36:03.0813 4888 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
19:36:03.0844 4888 volmgr - ok
19:36:03.0876 4888 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:36:03.0907 4888 volmgrx - ok
19:36:03.0938 4888 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:36:03.0985 4888 volsnap - ok
19:36:04.0000 4888 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:36:04.0032 4888 vsmraid - ok
19:36:04.0094 4888 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
19:36:04.0172 4888 VSS - ok
19:36:04.0188 4888 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:36:04.0250 4888 vwifibus - ok
19:36:04.0297 4888 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:36:04.0375 4888 vwififlt - ok
19:36:04.0422 4888 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:36:04.0484 4888 W32Time - ok
19:36:04.0500 4888 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:36:04.0531 4888 WacomPen - ok
19:36:04.0578 4888 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:36:04.0671 4888 WANARP - ok
19:36:04.0687 4888 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:36:04.0734 4888 Wanarpv6 - ok
19:36:04.0780 4888 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
19:36:04.0890 4888 wbengine - ok
19:36:04.0905 4888 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:36:04.0968 4888 WbioSrvc - ok
19:36:05.0014 4888 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:36:05.0077 4888 wcncsvc - ok
19:36:05.0108 4888 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:36:05.0170 4888 WcsPlugInService - ok
19:36:05.0186 4888 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:36:05.0217 4888 Wd - ok
19:36:05.0264 4888 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:36:05.0311 4888 Wdf01000 - ok
19:36:05.0358 4888 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:36:05.0404 4888 WdiServiceHost - ok
19:36:05.0404 4888 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:36:05.0436 4888 WdiSystemHost - ok
19:36:05.0467 4888 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
19:36:05.0514 4888 WebClient - ok
19:36:05.0529 4888 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:36:05.0607 4888 Wecsvc - ok
19:36:05.0623 4888 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:36:05.0685 4888 wercplsupport - ok
19:36:05.0732 4888 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:36:05.0810 4888 WerSvc - ok
19:36:05.0857 4888 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:05.0935 4888 WfpLwf - ok
19:36:05.0935 4888 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:36:05.0966 4888 WIMMount - ok
19:36:05.0966 4888 WinDefend - ok
19:36:05.0982 4888 WinHttpAutoProxySvc - ok
19:36:06.0044 4888 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:36:06.0122 4888 Winmgmt - ok
19:36:06.0200 4888 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
19:36:06.0309 4888 WinRM - ok
19:36:06.0372 4888 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:36:06.0434 4888 Wlansvc - ok
19:36:06.0481 4888 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:36:06.0496 4888 wlcrasvc - ok
19:36:06.0621 4888 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:36:06.0684 4888 wlidsvc - ok
19:36:06.0699 4888 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:36:06.0746 4888 WmiAcpi - ok
19:36:06.0777 4888 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:36:06.0840 4888 wmiApSrv - ok
19:36:06.0871 4888 WMPNetworkSvc - ok
19:36:06.0902 4888 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:36:06.0964 4888 WPCSvc - ok
19:36:06.0980 4888 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:36:07.0074 4888 WPDBusEnum - ok
19:36:07.0089 4888 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:36:07.0167 4888 ws2ifsl - ok
19:36:07.0214 4888 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
19:36:07.0292 4888 wscsvc - ok
19:36:07.0292 4888 WSearch - ok
19:36:07.0417 4888 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:36:07.0479 4888 wuauserv - ok
19:36:07.0510 4888 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:36:07.0557 4888 WudfPf - ok
19:36:07.0588 4888 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:07.0620 4888 WUDFRd - ok
19:36:07.0651 4888 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:36:07.0682 4888 wudfsvc - ok
19:36:07.0713 4888 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:36:07.0791 4888 WwanSvc - ok
19:36:07.0791 4888 ================ Scan global ===============================
19:36:07.0822 4888 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:36:07.0854 4888 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
19:36:07.0869 4888 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
19:36:07.0900 4888 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:36:07.0932 4888 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:36:07.0947 4888 [Global] - ok
19:36:07.0947 4888 ================ Scan MBR ==================================
19:36:07.0963 4888 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:36:08.0306 4888 \Device\Harddisk0\DR0 - ok
19:36:08.0306 4888 ================ Scan VBR ==================================
19:36:08.0322 4888 [ EF05A1928D9FBF94F29C69D093CE8559 ] \Device\Harddisk0\DR0\Partition1
19:36:08.0337 4888 \Device\Harddisk0\DR0\Partition1 - ok
19:36:08.0353 4888 [ A0AC9DC6F791C2419840CF75E4DEFDE8 ] \Device\Harddisk0\DR0\Partition2
19:36:08.0353 4888 \Device\Harddisk0\DR0\Partition2 - ok
19:36:08.0353 4888 ============================================================
19:36:08.0353 4888 Scan finished
19:36:08.0353 4888 ============================================================
19:36:08.0368 4456 Detected object count: 3
19:36:08.0368 4456 Actual detected object count: 3
19:38:03.0185 4456 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:03.0185 4456 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:03.0201 4456 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:03.0201 4456 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:03.0201 4456 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:03.0201 4456 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:18.0239 1932 ============================================================
19:38:18.0239 1932 Scan started
19:38:18.0239 1932 Mode: Manual; SigCheck; TDLFS;
19:38:18.0239 1932 ============================================================
19:38:18.0473 1932 ================ Scan system memory ========================
19:38:18.0473 1932 System memory - ok
19:38:18.0489 1932 ================ Scan services =============================
19:38:18.0660 1932 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:38:18.0707 1932 1394ohci - ok
19:38:18.0738 1932 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
19:38:18.0770 1932 ACPI - ok
19:38:18.0801 1932 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
19:38:18.0816 1932 AcpiPmi - ok
19:38:18.0863 1932 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:38:18.0894 1932 adp94xx - ok
19:38:18.0926 1932 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:38:18.0957 1932 adpahci - ok
19:38:18.0957 1932 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:38:18.0988 1932 adpu320 - ok
19:38:19.0019 1932 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:38:19.0066 1932 AeLookupSvc - ok
19:38:19.0175 1932 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
19:38:19.0206 1932 AFD - ok
19:38:19.0238 1932 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
19:38:19.0269 1932 agp440 - ok
19:38:19.0284 1932 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:38:19.0316 1932 ALG - ok
19:38:19.0331 1932 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
19:38:19.0347 1932 aliide - ok
19:38:19.0378 1932 [ F581CE4A97766833FBBC8581734E2BBF ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:38:19.0409 1932 AMD External Events Utility - ok
19:38:19.0409 1932 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
19:38:19.0425 1932 amdide - ok
19:38:19.0456 1932 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:38:19.0472 1932 AmdK8 - ok
19:38:19.0643 1932 [ 91890B3670C129E2B3466D2AFAE05EAC ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:38:19.0737 1932 amdkmdag - ok
19:38:19.0784 1932 [ CC5B75D4A24E7493408510D061DF51AA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:38:19.0799 1932 amdkmdap - ok
19:38:19.0815 1932 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:38:19.0846 1932 AmdPPM - ok
19:38:19.0877 1932 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:38:19.0924 1932 amdsata - ok
19:38:19.0940 1932 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:38:19.0971 1932 amdsbs - ok
19:38:19.0986 1932 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:38:20.0018 1932 amdxata - ok
19:38:20.0018 1932 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
19:38:20.0049 1932 AppID - ok
19:38:20.0080 1932 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:38:20.0127 1932 AppIDSvc - ok
19:38:20.0142 1932 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
19:38:20.0158 1932 Appinfo - ok
19:38:20.0158 1932 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:38:20.0174 1932 arc - ok
19:38:20.0189 1932 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:38:20.0205 1932 arcsas - ok
19:38:20.0314 1932 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:38:20.0345 1932 aspnet_state - ok
19:38:20.0345 1932 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:38:20.0392 1932 AsyncMac - ok
19:38:20.0408 1932 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
19:38:20.0423 1932 atapi - ok
19:38:20.0517 1932 [ C5AB7EB4673ED2726A8A89D31CD30E20 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:38:20.0595 1932 athr - ok
19:38:20.0642 1932 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:38:20.0688 1932 AudioEndpointBuilder - ok
19:38:20.0704 1932 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:38:20.0751 1932 AudioSrv - ok
19:38:20.0844 1932 [ 946D70667B0119F2BEEAE0849E1D46A2 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
19:38:20.0876 1932 AVP - ok
19:38:20.0907 1932 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:38:20.0938 1932 AxInstSV - ok
19:38:20.0969 1932 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:38:21.0000 1932 b06bdrv - ok
19:38:21.0016 1932 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:38:21.0032 1932 b57nd60a - ok
19:38:21.0063 1932 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:38:21.0078 1932 BDESVC - ok
19:38:21.0094 1932 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:38:21.0156 1932 Beep - ok
19:38:21.0172 1932 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
19:38:21.0234 1932 BFE - ok
19:38:21.0266 1932 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
19:38:21.0328 1932 BITS - ok
19:38:21.0359 1932 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:38:21.0375 1932 blbdrive - ok
19:38:21.0422 1932 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:38:21.0468 1932 bowser - ok
19:38:21.0500 1932 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:38:21.0531 1932 BrFiltLo - ok
19:38:21.0546 1932 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:38:21.0578 1932 BrFiltUp - ok
19:38:21.0640 1932 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
19:38:21.0671 1932 Browser - ok
19:38:21.0734 1932 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:38:21.0765 1932 Brserid - ok
19:38:21.0796 1932 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:38:21.0812 1932 BrSerWdm - ok
19:38:21.0827 1932 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:38:21.0843 1932 BrUsbMdm - ok
19:38:21.0858 1932 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:38:21.0890 1932 BrUsbSer - ok
19:38:21.0936 1932 [ 2347ABBD13BADA65826FDAB4CAAFE357 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
19:38:21.0952 1932 BtFilter - ok
19:38:21.0952 1932 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:38:21.0968 1932 BTHMODEM - ok
19:38:21.0999 1932 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:38:22.0030 1932 bthserv - ok
19:38:22.0046 1932 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:38:22.0092 1932 cdfs - ok
19:38:22.0108 1932 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:38:22.0139 1932 cdrom - ok
19:38:22.0170 1932 [ 7E83E47BD1FF93E11CD69F1AD65A9581 ] CeKbFilter C:\Windows\system32\DRIVERS\CeKbFilter.sys
19:38:22.0202 1932 CeKbFilter - ok
19:38:22.0202 1932 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
19:38:22.0264 1932 CertPropSvc - ok
19:38:22.0342 1932 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
19:38:22.0373 1932 cfWiMAXService - ok
19:38:22.0389 1932 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:38:22.0420 1932 circlass - ok
19:38:22.0451 1932 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:38:22.0482 1932 CLFS - ok
19:38:22.0545 1932 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:38:22.0576 1932 clr_optimization_v2.0.50727_32 - ok
19:38:22.0623 1932 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:38:22.0654 1932 clr_optimization_v2.0.50727_64 - ok
19:38:22.0716 1932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:38:22.0748 1932 clr_optimization_v4.0.30319_32 - ok
19:38:22.0779 1932 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:38:22.0794 1932 clr_optimization_v4.0.30319_64 - ok
19:38:22.0810 1932 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:38:22.0841 1932 CmBatt - ok
19:38:22.0857 1932 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
19:38:22.0904 1932 cmdide - ok
19:38:22.0950 1932 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
19:38:23.0013 1932 CNG - ok
19:38:23.0028 1932 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:38:23.0060 1932 Compbatt - ok
19:38:23.0060 1932 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:38:23.0091 1932 CompositeBus - ok
19:38:23.0091 1932 COMSysApp - ok
19:38:23.0122 1932 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:38:23.0153 1932 ConfigFree Service - ok
19:38:23.0169 1932 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:38:23.0184 1932 crcdisk - ok
19:38:23.0216 1932 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:38:23.0247 1932 CryptSvc - ok
19:38:23.0340 1932 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:38:23.0372 1932 cvhsvc - ok
19:38:23.0418 1932 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:38:23.0465 1932 DcomLaunch - ok
19:38:23.0496 1932 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:38:23.0543 1932 defragsvc - ok
19:38:23.0574 1932 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:38:23.0606 1932 DfsC - ok
19:38:23.0621 1932 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
19:38:23.0652 1932 Dhcp - ok
19:38:23.0668 1932 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:38:23.0715 1932 discache - ok
19:38:23.0730 1932 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:38:23.0746 1932 Disk - ok
19:38:23.0793 1932 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:38:23.0840 1932 Dnscache - ok
19:38:23.0871 1932 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
19:38:23.0949 1932 dot3svc - ok
19:38:23.0980 1932 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
19:38:24.0027 1932 DPS - ok
19:38:24.0042 1932 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:38:24.0074 1932 drmkaud - ok
19:38:24.0183 1932 [ 601E731BF8E3F22906CE7D4D724B0439 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:38:24.0230 1932 DXGKrnl - ok
19:38:24.0261 1932 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:38:24.0308 1932 EapHost - ok
19:38:24.0417 1932 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:38:24.0479 1932 ebdrv - ok
19:38:24.0510 1932 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
19:38:24.0542 1932 EFS - ok
19:38:24.0620 1932 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:38:24.0666 1932 ehRecvr - ok
19:38:24.0698 1932 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:38:24.0729 1932 ehSched - ok
19:38:24.0760 1932 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:38:24.0776 1932 elxstor - ok
19:38:24.0776 1932 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
19:38:24.0807 1932 ErrDev - ok
19:38:24.0838 1932 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:38:24.0885 1932 EventSystem - ok
19:38:24.0900 1932 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:38:24.0947 1932 exfat - ok
19:38:24.0963 1932 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:38:25.0010 1932 fastfat - ok
19:38:25.0041 1932 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
19:38:25.0056 1932 Fax - ok
19:38:25.0088 1932 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:38:25.0119 1932 fdc - ok
19:38:25.0150 1932 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:38:25.0228 1932 fdPHost - ok
19:38:25.0228 1932 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:38:25.0275 1932 FDResPub - ok
19:38:25.0290 1932 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:38:25.0306 1932 FileInfo - ok
19:38:25.0322 1932 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:38:25.0368 1932 Filetrace - ok
19:38:25.0384 1932 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:38:25.0400 1932 flpydisk - ok
19:38:25.0431 1932 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:38:25.0446 1932 FltMgr - ok
19:38:25.0493 1932 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
19:38:25.0524 1932 FontCache - ok
19:38:25.0587 1932 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:38:25.0618 1932 FontCache3.0.0.0 - ok
19:38:25.0649 1932 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:38:25.0665 1932 FsDepends - ok
19:38:25.0712 1932 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:38:25.0743 1932 Fs_Rec - ok
19:38:25.0774 1932 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:38:25.0821 1932 fvevol - ok
19:38:25.0836 1932 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:38:25.0868 1932 gagp30kx - ok
19:38:25.0930 1932 [ 1FDA0DF739234C4023851A282DD28704 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
19:38:25.0961 1932 GameConsoleService - ok
19:38:26.0008 1932 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
19:38:26.0070 1932 gpsvc - ok
19:38:26.0133 1932 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:38:26.0180 1932 gupdate - ok
19:38:26.0195 1932 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:38:26.0211 1932 gupdatem - ok
19:38:26.0258 1932 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:38:26.0289 1932 hcw85cir - ok
19:38:26.0336 1932 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:38:26.0382 1932 HdAudAddService - ok
19:38:26.0414 1932 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:38:26.0429 1932 HDAudBus - ok
19:38:26.0476 1932 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:38:26.0492 1932 HECIx64 - ok
19:38:26.0507 1932 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:38:26.0538 1932 HidBatt - ok
19:38:26.0570 1932 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:38:26.0585 1932 HidBth - ok
19:38:26.0616 1932 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:38:26.0648 1932 HidIr - ok
19:38:26.0663 1932 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:38:26.0726 1932 hidserv - ok
19:38:26.0741 1932 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:38:26.0757 1932 HidUsb - ok
19:38:26.0804 1932 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:38:26.0850 1932 hkmsvc - ok
19:38:26.0866 1932 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:38:26.0897 1932 HomeGroupListener - ok
19:38:26.0928 1932 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:38:26.0944 1932 HomeGroupProvider - ok
19:38:26.0960 1932 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
19:38:26.0991 1932 HpSAMD - ok
19:38:27.0022 1932 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:38:27.0069 1932 HTTP - ok
19:38:27.0084 1932 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:38:27.0100 1932 hwpolicy - ok
19:38:27.0131 1932 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:38:27.0162 1932 i8042prt - ok
19:38:27.0209 1932 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:38:27.0256 1932 iaStor - ok
19:38:27.0303 1932 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:38:27.0350 1932 iaStorV - ok
19:38:27.0443 1932 [ 4DE2EE2A5186D74BABC4E7F60D2AE989 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
19:38:27.0474 1932 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
19:38:27.0474 1932 IconMan_R - detected UnsignedFile.Multi.Generic (1)
19:38:27.0521 1932 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:38:27.0537 1932 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:38:27.0537 1932 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:38:27.0599 1932 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:38:27.0646 1932 idsvc - ok
19:38:27.0662 1932 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:38:27.0693 1932 iirsp - ok
19:38:27.0724 1932 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
19:38:27.0802 1932 IKEEXT - ok
19:38:27.0896 1932 [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:38:27.0958 1932 IntcAzAudAddService - ok
19:38:27.0974 1932 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:38:27.0989 1932 intelide - ok
19:38:28.0005 1932 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:38:28.0020 1932 intelppm - ok
19:38:28.0036 1932 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:38:28.0083 1932 IPBusEnum - ok
19:38:28.0098 1932 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:38:28.0161 1932 IpFilterDriver - ok
19:38:28.0176 1932 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:38:28.0239 1932 iphlpsvc - ok
19:38:28.0254 1932 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:38:28.0270 1932 IPMIDRV - ok
19:38:28.0286 1932 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:38:28.0332 1932 IPNAT - ok
19:38:28.0348 1932 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:38:28.0364 1932 IRENUM - ok
19:38:28.0379 1932 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
19:38:28.0395 1932 isapnp - ok
19:38:28.0410 1932 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:38:28.0442 1932 iScsiPrt - ok
19:38:28.0457 1932 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:38:28.0473 1932 kbdclass - ok
19:38:28.0488 1932 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:38:28.0504 1932 kbdhid - ok
19:38:28.0520 1932 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
19:38:28.0551 1932 KeyIso - ok
19:38:28.0582 1932 [ 8D7120743A0973CEAB548B475C9D4289 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
19:38:28.0613 1932 KL1 - ok
19:38:28.0644 1932 [ CD146D8E525D6EEBDCAF24120A8AB9CE ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
19:38:28.0660 1932 kl2 - ok
19:38:28.0722 1932 [ 177505577604C94C4BE7B9316A90ADA1 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
19:38:28.0769 1932 KLIF - ok
19:38:28.0816 1932 [ 2A64B3A9EED93A2E96537B67C079FC96 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
19:38:28.0847 1932 KLIM6 - ok
19:38:28.0863 1932 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
19:38:28.0910 1932 klmouflt - ok
19:38:28.0956 1932 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:38:28.0988 1932 KSecDD - ok
19:38:29.0019 1932 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:38:29.0034 1932 KSecPkg - ok
19:38:29.0066 1932 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:38:29.0112 1932 ksthunk - ok
19:38:29.0128 1932 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:38:29.0175 1932 KtmRm - ok
19:38:29.0190 1932 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:38:29.0222 1932 LanmanServer - ok
19:38:29.0237 1932 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:38:29.0284 1932 LanmanWorkstation - ok
19:38:29.0300 1932 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:38:29.0346 1932 lltdio - ok
19:38:29.0378 1932 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:38:29.0440 1932 lltdsvc - ok
19:38:29.0456 1932 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:38:29.0502 1932 lmhosts - ok
19:38:29.0549 1932 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:38:29.0596 1932 LMS - ok
19:38:29.0627 1932 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
19:38:29.0658 1932 LPCFilter - ok
19:38:29.0674 1932 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:38:29.0705 1932 LSI_FC - ok
19:38:29.0705 1932 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:38:29.0736 1932 LSI_SAS - ok
19:38:29.0736 1932 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:38:29.0752 1932 LSI_SAS2 - ok
19:38:29.0768 1932 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:38:29.0783 1932 LSI_SCSI - ok
19:38:29.0799 1932 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:38:29.0861 1932 luafv - ok
19:38:29.0892 1932 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:38:29.0924 1932 Mcx2Svc - ok
19:38:29.0924 1932 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:38:29.0955 1932 megasas - ok
19:38:29.0970 1932 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:38:30.0002 1932 MegaSR - ok
19:38:30.0017 1932 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:38:30.0064 1932 MMCSS - ok
19:38:30.0080 1932 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:38:30.0111 1932 Modem - ok
19:38:30.0126 1932 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:38:30.0142 1932 monitor - ok
19:38:30.0158 1932 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:38:30.0173 1932 mouclass - ok
19:38:30.0189 1932 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:38:30.0204 1932 mouhid - ok
19:38:30.0220 1932 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:38:30.0236 1932 mountmgr - ok
19:38:30.0267 1932 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:38:30.0298 1932 MozillaMaintenance - ok
19:38:30.0314 1932 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
19:38:30.0345 1932 mpio - ok
19:38:30.0360 1932 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:38:30.0407 1932 mpsdrv - ok
19:38:30.0438 1932 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:38:30.0501 1932 MpsSvc - ok
19:38:30.0501 1932 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:38:30.0532 1932 MRxDAV - ok
19:38:30.0563 1932 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:38:30.0594 1932 mrxsmb - ok
19:38:30.0641 1932 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:38:30.0672 1932 mrxsmb10 - ok
19:38:30.0688 1932 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:38:30.0704 1932 mrxsmb20 - ok
19:38:30.0735 1932 [ 2BA4FF3D5EB68587DD662A896F649C7D ] msahci C:\Windows\system32\DRIVERS\msahci.sys
19:38:30.0750 1932 msahci - ok
19:38:30.0766 1932 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
19:38:30.0782 1932 msdsm - ok
19:38:30.0813 1932 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:38:30.0844 1932 MSDTC - ok
19:38:30.0860 1932 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:38:30.0906 1932 Msfs - ok
19:38:30.0938 1932 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:38:30.0984 1932 mshidkmdf - ok
19:38:31.0016 1932 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
19:38:31.0031 1932 msisadrv - ok
19:38:31.0062 1932 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:38:31.0109 1932 MSiSCSI - ok
19:38:31.0109 1932 msiserver - ok
19:38:31.0156 1932 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:38:31.0187 1932 MSKSSRV - ok
19:38:31.0203 1932 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:38:31.0250 1932 MSPCLOCK - ok
19:38:31.0281 1932 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:38:31.0343 1932 MSPQM - ok
19:38:31.0374 1932 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:38:31.0390 1932 MsRPC - ok
19:38:31.0421 1932 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:38:31.0437 1932 mssmbios - ok
19:38:31.0452 1932 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:38:31.0499 1932 MSTEE - ok
19:38:31.0499 1932 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:38:31.0515 1932 MTConfig - ok
19:38:31.0530 1932 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:38:31.0546 1932 Mup - ok
19:38:31.0577 1932 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
19:38:31.0624 1932 napagent - ok
19:38:31.0655 1932 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:38:31.0686 1932 NativeWifiP - ok
19:38:31.0733 1932 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate c:\Program Files (x86)\Nero\Update\NASvc.exe
19:38:31.0780 1932 NAUpdate - ok
19:38:31.0827 1932 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:38:31.0858 1932 NDIS - ok
19:38:31.0874 1932 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:38:31.0936 1932 NdisCap - ok
19:38:31.0967 1932 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:38:32.0030 1932 NdisTapi - ok
19:38:32.0030 1932 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:38:32.0076 1932 Ndisuio - ok
19:38:32.0092 1932 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:38:32.0123 1932 NdisWan - ok
19:38:32.0154 1932 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:38:32.0201 1932 NDProxy - ok
19:38:32.0201 1932 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:38:32.0248 1932 NetBIOS - ok
19:38:32.0264 1932 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:38:32.0310 1932 NetBT - ok
19:38:32.0326 1932 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
19:38:32.0342 1932 Netlogon - ok
19:38:32.0373 1932 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:38:32.0420 1932 Netman - ok
19:38:32.0451 1932 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:38:32.0482 1932 NetMsmqActivator - ok
19:38:32.0498 1932 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:38:32.0513 1932 NetPipeActivator - ok
19:38:32.0544 1932 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:38:32.0591 1932 netprofm - ok
19:38:32.0591 1932 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:38:32.0607 1932 NetTcpActivator - ok
19:38:32.0622 1932 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:38:32.0622 1932 NetTcpPortSharing - ok
19:38:32.0654 1932 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:38:32.0669 1932 nfrd960 - ok
19:38:32.0700 1932 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:38:32.0747 1932 NlaSvc - ok
19:38:32.0763 1932 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:38:32.0794 1932 Npfs - ok
19:38:32.0810 1932 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:38:32.0872 1932 nsi - ok
19:38:32.0888 1932 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:38:32.0919 1932 nsiproxy - ok
19:38:32.0997 1932 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:38:33.0059 1932 Ntfs - ok
19:38:33.0075 1932 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:38:33.0122 1932 Null - ok
19:38:33.0137 1932 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:38:33.0168 1932 nvraid - ok
19:38:33.0184 1932 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:38:33.0215 1932 nvstor - ok
19:38:33.0246 1932 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
19:38:33.0278 1932 nv_agp - ok
19:38:33.0293 1932 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:38:33.0324 1932 ohci1394 - ok
19:38:33.0371 1932 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:38:33.0402 1932 ose - ok
19:38:33.0574 1932 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:38:33.0683 1932 osppsvc - ok
19:38:33.0714 1932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:38:33.0730 1932 p2pimsvc - ok
19:38:33.0761 1932 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:38:33.0777 1932 p2psvc - ok
19:38:33.0808 1932 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:38:33.0824 1932 Parport - ok
19:38:33.0855 1932 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:38:33.0902 1932 partmgr - ok
19:38:33.0933 1932 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:38:33.0964 1932 PcaSvc - ok
19:38:33.0995 1932 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
19:38:34.0011 1932 pci - ok
19:38:34.0026 1932 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
19:38:34.0042 1932 pciide - ok
19:38:34.0058 1932 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:38:34.0089 1932 pcmcia - ok
19:38:34.0089 1932 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:38:34.0120 1932 pcw - ok
19:38:34.0136 1932 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:38:34.0198 1932 PEAUTH - ok
19:38:34.0276 1932 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:38:34.0307 1932 PerfHost - ok
19:38:34.0338 1932 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
19:38:34.0385 1932 PGEffect - ok
19:38:34.0479 1932 [ E05CC0B8CC6DD51CC3FD7980F41FFABD ] pgsql-8.3 C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
19:38:34.0494 1932 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - warning
19:38:34.0494 1932 pgsql-8.3 - detected UnsignedFile.Multi.Generic (1)
19:38:34.0557 1932 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
19:38:34.0650 1932 pla - ok
19:38:34.0697 1932 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:38:34.0728 1932 PlugPlay - ok
19:38:34.0744 1932 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:38:34.0760 1932 PNRPAutoReg - ok
19:38:34.0775 1932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:38:34.0806 1932 PNRPsvc - ok
19:38:34.0838 1932 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:38:34.0900 1932 PolicyAgent - ok
19:38:34.0931 1932 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:38:35.0009 1932 Power - ok
19:38:35.0040 1932 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:38:35.0118 1932 PptpMiniport - ok
19:38:35.0134 1932 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:38:35.0150 1932 Processor - ok
19:38:35.0196 1932 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
19:38:35.0243 1932 ProfSvc - ok
19:38:35.0243 1932 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:38:35.0259 1932 ProtectedStorage - ok
19:38:35.0274 1932 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:38:35.0321 1932 Psched - ok
19:38:35.0368 1932 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:38:35.0399 1932 ql2300 - ok
19:38:35.0415 1932 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:38:35.0430 1932 ql40xx - ok
19:38:35.0477 1932 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:38:35.0524 1932 QWAVE - ok
19:38:35.0586 1932 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:38:35.0618 1932 QWAVEdrv - ok
19:38:35.0633 1932 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:38:35.0680 1932 RasAcd - ok
19:38:35.0711 1932 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:38:35.0789 1932 RasAgileVpn - ok
19:38:35.0805 1932 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:38:35.0852 1932 RasAuto - ok
19:38:35.0867 1932 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:38:35.0914 1932 Rasl2tp - ok
19:38:35.0930 1932 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
19:38:35.0976 1932 RasMan - ok
19:38:35.0992 1932 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:38:36.0039 1932 RasPppoe - ok
19:38:36.0054 1932 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:38:36.0086 1932 RasSstp - ok
19:38:36.0101 1932 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:38:36.0148 1932 rdbss - ok
19:38:36.0179 1932 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:38:36.0195 1932 rdpbus - ok
19:38:36.0210 1932 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:38:36.0257 1932 RDPCDD - ok
19:38:36.0273 1932 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:38:36.0320 1932 RDPENCDD - ok
19:38:36.0335 1932 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:38:36.0382 1932 RDPREFMP - ok
19:38:36.0413 1932 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:38:36.0460 1932 RDPWD - ok
19:38:36.0476 1932 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:38:36.0507 1932 rdyboost - ok
19:38:36.0522 1932 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:38:36.0585 1932 RemoteAccess - ok
19:38:36.0616 1932 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:38:36.0647 1932 RemoteRegistry - ok
19:38:36.0678 1932 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:38:36.0725 1932 RpcEptMapper - ok
19:38:36.0741 1932 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:38:36.0756 1932 RpcLocator - ok
19:38:36.0772 1932 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
19:38:36.0834 1932 RpcSs - ok
19:38:36.0850 1932 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:38:36.0912 1932 rspndr - ok
19:38:36.0944 1932 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:38:36.0959 1932 RSUSBSTOR - ok
19:38:36.0990 1932 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:38:37.0006 1932 RTL8167 - ok
19:38:37.0022 1932 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
19:38:37.0037 1932 SamSs - ok
19:38:37.0053 1932 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
19:38:37.0084 1932 sbp2port - ok
19:38:37.0100 1932 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:38:37.0146 1932 SCardSvr - ok
19:38:37.0178 1932 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:38:37.0224 1932 scfilter - ok
19:38:37.0271 1932 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
19:38:37.0318 1932 Schedule - ok
19:38:37.0349 1932 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:38:37.0396 1932 SCPolicySvc - ok
19:38:37.0412 1932 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:38:37.0443 1932 SDRSVC - ok
19:38:37.0458 1932 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:38:37.0521 1932 secdrv - ok
19:38:37.0536 1932 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
19:38:37.0583 1932 seclogon - ok
19:38:37.0599 1932 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:38:37.0646 1932 SENS - ok
19:38:37.0661 1932 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:38:37.0677 1932 SensrSvc - ok
19:38:37.0692 1932 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:38:37.0708 1932 Serenum - ok
19:38:37.0708 1932 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:38:37.0724 1932 Serial - ok
19:38:37.0724 1932 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:38:37.0739 1932 sermouse - ok
19:38:37.0770 1932 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
19:38:37.0817 1932 SessionEnv - ok
19:38:37.0833 1932 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:38:37.0848 1932 sffdisk - ok
19:38:37.0848 1932 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:38:37.0864 1932 sffp_mmc - ok
19:38:37.0895 1932 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:38:37.0911 1932 sffp_sd - ok
19:38:37.0942 1932 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:38:37.0958 1932 sfloppy - ok
19:38:38.0051 1932 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:38:38.0098 1932 Sftfs - ok
19:38:38.0160 1932 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:38:38.0207 1932 sftlist - ok
19:38:38.0223 1932 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:38:38.0254 1932 Sftplay - ok
19:38:38.0270 1932 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:38:38.0285 1932 Sftredir - ok
19:38:38.0316 1932 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:38:38.0332 1932 Sftvol - ok
19:38:38.0379 1932 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:38:38.0410 1932 sftvsa - ok
19:38:38.0441 1932 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:38:38.0504 1932 SharedAccess - ok
19:38:38.0535 1932 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:38:38.0566 1932 ShellHWDetection - ok
19:38:38.0582 1932 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:38:38.0613 1932 SiSRaid2 - ok
19:38:38.0628 1932 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:38:38.0660 1932 SiSRaid4 - ok
19:38:38.0706 1932 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:38:38.0738 1932 SkypeUpdate - ok
19:38:38.0738 1932 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:38:38.0784 1932 Smb - ok
19:38:38.0800 1932 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:38:38.0816 1932 SNMPTRAP - ok
19:38:38.0831 1932 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:38:38.0847 1932 spldr - ok
19:38:38.0894 1932 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
19:38:38.0909 1932 Spooler - ok
19:38:39.0018 1932 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
19:38:39.0081 1932 sppsvc - ok
19:38:39.0096 1932 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:38:39.0143 1932 sppuinotify - ok
19:38:39.0190 1932 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:38:39.0221 1932 srv - ok
19:38:39.0237 1932 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:38:39.0268 1932 srv2 - ok
19:38:39.0299 1932 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:38:39.0330 1932 srvnet - ok
19:38:39.0362 1932 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:38:39.0408 1932 SSDPSRV - ok
19:38:39.0408 1932 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:38:39.0455 1932 SstpSvc - ok
19:38:39.0486 1932 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:38:39.0502 1932 stexstor - ok
19:38:39.0518 1932 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
19:38:39.0564 1932 stisvc - ok
19:38:39.0564 1932 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:38:39.0596 1932 swenum - ok
19:38:39.0627 1932 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:38:39.0705 1932 swprv - ok
19:38:39.0752 1932 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:38:39.0767 1932 SynTP - ok
19:38:39.0830 1932 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
19:38:39.0876 1932 SysMain - ok
19:38:39.0908 1932 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:38:39.0923 1932 TabletInputService - ok
19:38:39.0970 1932 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
19:38:40.0017 1932 TapiSrv - ok
19:38:40.0032 1932 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:38:40.0079 1932 TBS - ok
19:38:40.0344 1932 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:38:40.0407 1932 Tcpip - ok
19:38:40.0563 1932 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:38:40.0610 1932 TCPIP6 - ok
19:38:40.0641 1932 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:38:40.0688 1932 tcpipreg - ok
19:38:40.0719 1932 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
19:38:40.0734 1932 tdcmdpst - ok
19:38:40.0734 1932 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:38:40.0766 1932 TDPIPE - ok
19:38:40.0797 1932 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:38:40.0812 1932 TDTCP - ok
19:38:40.0828 1932 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:38:40.0890 1932 tdx - ok
19:38:40.0937 1932 [ 40E154B3125E17CE6F2AFAD57AFCFEB2 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
19:38:40.0953 1932 TemproMonitoringService - ok
19:38:40.0984 1932 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:38:41.0000 1932 TermDD - ok
19:38:41.0109 1932 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
19:38:41.0187 1932 TermService - ok
19:38:41.0218 1932 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:38:41.0249 1932 Themes - ok
19:38:41.0280 1932 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:38:41.0327 1932 THREADORDER - ok
19:38:41.0405 1932 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:38:41.0436 1932 TMachInfo - ok
19:38:41.0452 1932 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
19:38:41.0468 1932 TODDSrv - ok
19:38:41.0546 1932 [ DB9719688C08F42705FEB3F6A0C98B91 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:38:41.0577 1932 TosCoSrv - ok
19:38:41.0639 1932 [ 8F099BE5DB17D025E19652851399B9F1 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
19:38:41.0670 1932 TOSHIBA Bluetooth Service - ok
19:38:41.0717 1932 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:38:41.0733 1932 TOSHIBA HDD SSD Alert Service - ok
19:38:41.0733 1932 Tosrfcom - ok
19:38:41.0780 1932 [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
19:38:41.0795 1932 tosrfec - ok
19:38:41.0826 1932 [ 8197B0EAE0D804AC3466045DDC5DA98B ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
19:38:41.0842 1932 Tosrfusb - ok
19:38:41.0858 1932 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:38:41.0920 1932 TrkWks - ok
19:38:41.0967 1932 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:38:41.0998 1932 TrustedInstaller - ok
19:38:42.0045 1932 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:38:42.0107 1932 tssecsrv - ok
19:38:42.0123 1932 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:38:42.0170 1932 tunnel - ok
19:38:42.0201 1932 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:38:42.0216 1932 TVALZ - ok
19:38:42.0232 1932 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:38:42.0248 1932 uagp35 - ok
19:38:42.0279 1932 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:38:42.0326 1932 udfs - ok
19:38:42.0419 1932 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:38:42.0450 1932 UI0Detect - ok
19:38:42.0497 1932 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
19:38:42.0544 1932 uliagpkx - ok
19:38:42.0560 1932 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:38:42.0591 1932 umbus - ok
19:38:42.0591 1932 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:38:42.0622 1932 UmPass - ok
19:38:42.0759 1932 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:38:42.0821 1932 UNS - ok
19:38:42.0852 1932 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:38:42.0899 1932 upnphost - ok
19:38:42.0915 1932 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:38:42.0946 1932 usbccgp - ok
19:38:42.0993 1932 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
19:38:43.0008 1932 usbcir - ok
19:38:43.0040 1932 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:38:43.0071 1932 usbehci - ok
19:38:43.0118 1932 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:38:43.0133 1932 usbhub - ok
19:38:43.0164 1932 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:38:43.0180 1932 usbohci - ok
19:38:43.0180 1932 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:38:43.0211 1932 usbprint - ok
19:38:43.0242 1932 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:38:43.0274 1932 usbscan - ok
19:38:43.0305 1932 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:38:43.0336 1932 USBSTOR - ok
19:38:43.0352 1932 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:38:43.0383 1932 usbuhci - ok
19:38:43.0414 1932 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:38:43.0461 1932 usbvideo - ok
19:38:43.0492 1932 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:38:43.0539 1932 UxSms - ok
19:38:43.0554 1932 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
19:38:43.0570 1932 VaultSvc - ok
19:38:43.0586 1932 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
19:38:43.0601 1932 vdrvroot - ok
19:38:43.0617 1932 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
19:38:43.0632 1932 vds - ok
19:38:43.0664 1932 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:38:43.0679 1932 vga - ok
19:38:43.0695 1932 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:38:43.0742 1932 VgaSave - ok
19:38:43.0757 1932 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
19:38:43.0773 1932 vhdmp - ok
19:38:43.0773 1932 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
19:38:43.0788 1932 viaide - ok
19:38:43.0804 1932 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
19:38:43.0820 1932 volmgr - ok
19:38:43.0851 1932 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:38:43.0866 1932 volmgrx - ok
19:38:43.0898 1932 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:38:43.0929 1932 volsnap - ok
19:38:43.0944 1932 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:38:43.0976 1932 vsmraid - ok
19:38:44.0022 1932 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
19:38:44.0069 1932 VSS - ok
19:38:44.0085 1932 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:38:44.0116 1932 vwifibus - ok
19:38:44.0132 1932 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:38:44.0163 1932 vwififlt - ok
19:38:44.0194 1932 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:38:44.0241 1932 W32Time - ok
19:38:44.0241 1932 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:38:44.0256 1932 WacomPen - ok
19:38:44.0272 1932 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:38:44.0319 1932 WANARP - ok
19:38:44.0319 1932 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:38:44.0366 1932 Wanarpv6 - ok
19:38:44.0412 1932 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
19:38:44.0444 1932 wbengine - ok
19:38:44.0459 1932 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:38:44.0490 1932 WbioSrvc - ok
19:38:44.0537 1932 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:38:44.0568 1932 wcncsvc - ok
19:38:44.0584 1932 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:38:44.0615 1932 WcsPlugInService - ok
19:38:44.0631 1932 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:38:44.0646 1932 Wd - ok
19:38:44.0693 1932 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:38:44.0756 1932 Wdf01000 - ok
19:38:44.0756 1932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:38:44.0787 1932 WdiServiceHost - ok
19:38:44.0787 1932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:38:44.0818 1932 WdiSystemHost - ok
19:38:44.0865 1932 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
19:38:44.0880 1932 WebClient - ok
19:38:44.0912 1932 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:38:44.0958 1932 Wecsvc - ok
19:38:44.0974 1932 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:38:45.0036 1932 wercplsupport - ok
19:38:45.0036 1932 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:38:45.0083 1932 WerSvc - ok
19:38:45.0114 1932 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:38:45.0161 1932 WfpLwf - ok
19:38:45.0177 1932 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:38:45.0192 1932 WIMMount - ok
19:38:45.0208 1932 WinDefend - ok
19:38:45.0208 1932 WinHttpAutoProxySvc - ok
19:38:45.0255 1932 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:38:45.0302 1932 Winmgmt - ok
19:38:45.0395 1932 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
19:38:45.0458 1932 WinRM - ok
19:38:45.0489 1932 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:38:45.0520 1932 Wlansvc - ok
19:38:45.0567 1932 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:38:45.0598 1932 wlcrasvc - ok
19:38:45.0723 1932 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:38:45.0785 1932 wlidsvc - ok
19:38:45.0801 1932 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:38:45.0832 1932 WmiAcpi - ok
19:38:45.0863 1932 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:38:45.0894 1932 wmiApSrv - ok
19:38:45.0926 1932 WMPNetworkSvc - ok
19:38:45.0957 1932 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:38:46.0019 1932 WPCSvc - ok
19:38:46.0050 1932 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:38:46.0115 1932 WPDBusEnum - ok
19:38:46.0135 1932 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:38:46.0185 1932 ws2ifsl - ok
19:38:46.0236 1932 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
19:38:46.0283 1932 wscsvc - ok
19:38:46.0283 1932 WSearch - ok
19:38:46.0392 1932 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:38:46.0454 1932 wuauserv - ok
19:38:46.0501 1932 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:38:46.0532 1932 WudfPf - ok
19:38:46.0548 1932 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:38:46.0579 1932 WUDFRd - ok
19:38:46.0610 1932 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:38:46.0626 1932 wudfsvc - ok
19:38:46.0642 1932 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:38:46.0673 1932 WwanSvc - ok
19:38:46.0673 1932 ================ Scan global ===============================
19:38:46.0688 1932 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:38:46.0720 1932 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
19:38:46.0735 1932 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
19:38:46.0766 1932 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:38:46.0813 1932 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:38:46.0813 1932 [Global] - ok
19:38:46.0813 1932 ================ Scan MBR ==================================
19:38:46.0829 1932 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:38:47.0125 1932 \Device\Harddisk0\DR0 - ok
19:38:47.0125 1932 ================ Scan VBR ==================================
19:38:47.0156 1932 [ EF05A1928D9FBF94F29C69D093CE8559 ] \Device\Harddisk0\DR0\Partition1
19:38:47.0156 1932 \Device\Harddisk0\DR0\Partition1 - ok
19:38:47.0188 1932 [ A0AC9DC6F791C2419840CF75E4DEFDE8 ] \Device\Harddisk0\DR0\Partition2
19:38:47.0188 1932 \Device\Harddisk0\DR0\Partition2 - ok
19:38:47.0188 1932 ============================================================
19:38:47.0188 1932 Scan finished
19:38:47.0188 1932 ============================================================
19:38:47.0203 4376 Detected object count: 3
19:38:47.0203 4376 Actual detected object count: 3
19:38:59.0700 4376 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:59.0700 4376 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:59.0700 4376 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:59.0700 4376 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:59.0700 4376 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:59.0700 4376 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:01.0198 3896 Deinitialize success

Alt 19.02.2013, 19:50   #13
markusg
/// Malware-holic
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Standard

incredibar als Startseite: besteht nun eine Trojanergefahr?



hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.02.2013, 20:20   #14
Clegane
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Standard

incredibar als Startseite: besteht nun eine Trojanergefahr?



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-02-18.02 - Michel 19.02.2013  20:02:14.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3955.2114 [GMT 1:00]
ausgeführt von:: c:\users\Michel\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\lsprst7.dll
c:\windows\SysWow64\nsprs.dll
c:\windows\SysWow64\serauth1.dll
c:\windows\SysWow64\serauth2.dll
c:\windows\SysWow64\ssprs.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-19 bis 2013-02-19  ))))))))))))))))))))))))))))))
.
.
2013-02-19 18:02 . 2013-02-19 18:02	--------	d-----w-	C:\_OTL
2013-02-19 18:02 . 2013-01-08 05:32	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7772BF5F-938C-43EF-889E-00A5DF2B9880}\mpengine.dll
2013-02-18 23:12 . 2013-02-18 23:12	--------	d-----w-	c:\program files\CCleaner
2013-02-14 09:32 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 09:32 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 09:31 . 2013-01-09 01:04	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-14 09:31 . 2013-01-09 01:04	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-02-14 09:31 . 2013-01-08 21:56	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-02-14 09:31 . 2013-01-09 01:53	182816	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-02-14 09:31 . 2013-01-08 22:42	149528	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-02-14 09:31 . 2013-01-08 21:58	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-02-14 09:31 . 2013-01-09 01:09	304640	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-02-14 09:31 . 2013-01-08 22:00	194048	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
2013-02-14 09:21 . 2013-01-05 05:57	5500776	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-14 09:21 . 2013-01-05 05:02	3957608	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 09:21 . 2013-01-05 05:02	3902312	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 09:37 . 2011-03-06 08:28	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2011-03-02 12:28	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-06 22:18 . 2013-01-06 22:18	95184	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-06 22:18 . 2013-01-06 22:18	859072	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-01-06 22:18 . 2010-11-15 20:11	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-04 04:43 . 2013-02-14 09:17	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-27 12:21 . 2012-12-30 16:27	1329096	----a-w-	c:\windows\system32\dmwu.exe
2012-12-27 12:19 . 2012-12-30 16:27	35328	----a-w-	c:\windows\system32\ImHttpComm.dll
2012-12-19 14:53 . 2012-12-30 14:40	19632	----a-w-	c:\windows\system32\roboot64.exe
2012-12-16 16:52 . 2012-12-20 22:40	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-20 22:40	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-20 22:40	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-20 22:40	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-07 05:41 . 2013-01-09 20:01	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 05:35 . 2013-01-09 20:01	2745856	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 05:04 . 2013-01-09 20:01	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 04:57 . 2013-01-09 20:01	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 03:45 . 2013-01-09 20:01	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 03:45 . 2013-01-09 20:01	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 03:45 . 2013-01-09 20:01	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 03:45 . 2013-01-09 20:01	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 03:45 . 2013-01-09 20:01	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 03:45 . 2013-01-09 20:01	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 03:45 . 2013-01-09 20:01	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 03:45 . 2013-01-09 20:01	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 03:45 . 2013-01-09 20:01	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 03:45 . 2013-01-09 20:01	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 03:45 . 2013-01-09 20:01	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 03:45 . 2013-01-09 20:01	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 03:45 . 2013-01-09 20:01	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 03:45 . 2013-01-09 20:01	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 03:21 . 2013-01-09 20:01	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 20:01	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 20:01	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 03:21 . 2013-01-09 20:01	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 03:21 . 2013-01-09 20:01	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 03:21 . 2013-01-09 20:01	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 20:01	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 03:21 . 2013-01-09 20:01	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 20:01	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 03:21 . 2013-01-09 20:01	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 03:21 . 2013-01-09 20:01	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-12-07 03:21 . 2013-01-09 20:01	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 03:21 . 2013-01-09 20:01	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 03:21 . 2013-01-09 20:01	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-11-22 10:32 . 2013-01-09 20:01	801280	----a-w-	c:\windows\system32\usp10.dll
2012-11-22 09:33 . 2013-01-09 20:01	627712	----a-w-	c:\windows\SysWow64\usp10.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Spotify Web Helper"="c:\users\Michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-08 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-02 1234216]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-05 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-03 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2011-03-02 352976]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-05 203264]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2010-12-27 20592]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 25466938
*Deregistered* - 25466938
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-14 09:39	1607120	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-30 19:34]
.
2013-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-30 19:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\k96cb92k.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-19  20:10:32
ComboFix-quarantined-files.txt  2013-02-19 19:10
.
Vor Suchlauf: 11 Verzeichnis(se), 102.352.756.736 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 101.724.200.960 Bytes frei
.
- - End Of File - - E0C5A56460BBED0B1080004D2E905825
         
--- --- ---


es kam aber eine Meldung das es wegen einem Fehler nicht beendet werden konnte und das die sich später melden wollen..

Alt 19.02.2013, 20:28   #15
markusg
/// Malware-holic
 
incredibar als Startseite: besteht nun eine Trojanergefahr? - Standard

incredibar als Startseite: besteht nun eine Trojanergefahr?



hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu incredibar als Startseite: besteht nun eine Trojanergefahr?
ahnung, aktiv, anderer, angemeldet, forum, frage, gemeldet, hintergrund, laptop, neu, problem, programme, programmen, reich, runterladen, sache, seite, startseite, studium, testversion, troja, trojaner, trojanergefahr, version, wegbekomme



Ähnliche Themen: incredibar als Startseite: besteht nun eine Trojanergefahr?


  1. Grafikkarte im Desktop auf vollast, wenn eine Internet Verbindung besteht.
    Log-Analyse und Auswertung - 29.12.2013 (3)
  2. Hilfe Bitte. kein Internet über den Browser, obwohl eine Internet Verbindung besteht. ...
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (9)
  3. qvo6.com hindert mich mein Browser eine normale Startseite auzurufen
    Plagegeister aller Art und deren Bekämpfung - 29.09.2013 (1)
  4. möglicher Virusdownload. Trojanergefahr?
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (9)
  5. PC hängt sich auf, sobalt eine Internetverbindung besteht
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (1)
  6. Uninstallierbares "mystart.incredibar.com", Dateien nicht auffindbar, Bootdauer gestiegen und Eine-Seite-zurück-Funktion unter FF fehlerhaft
    Log-Analyse und Auswertung - 28.10.2012 (3)
  7. MY start incredibar entfernen durch Downloads auf Google startseite
    Log-Analyse und Auswertung - 13.10.2012 (2)
  8. my start incredibar lässt sich nicht als startseite entfernen
    Log-Analyse und Auswertung - 05.09.2012 (24)
  9. Es besteht ein Problem mit dem Sicherheitszertifikat der Website.
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (5)
  10. "Sie werden in Kürze abgemeldet" sobald eine Internetverbindung besteht
    Log-Analyse und Auswertung - 10.08.2010 (8)
  11. Internet geht nicht aber es besteht eine verbindung
    Alles rund um Windows - 22.02.2009 (0)
  12. DRINGENDE HILFE!, TrojanerGefahr =( | rundll.exe hat Problem festgestellt... (Vista)
    Log-Analyse und Auswertung - 27.09.2008 (1)
  13. Hjt-lock gemacht,problem besteht weiter! weiß einer noch eine Lösung
    Plagegeister aller Art und deren Bekämpfung - 26.06.2007 (5)
  14. Logfile ok? Oder besteht Handlungsbedarf?
    Log-Analyse und Auswertung - 08.04.2006 (4)
  15. Brasilianische Emails bei Hotmail mit Trojanergefahr
    Plagegeister aller Art und deren Bekämpfung - 22.03.2006 (1)
  16. besteht hier gefahr bei icq?
    Überwachung, Datenschutz und Spam - 10.01.2006 (2)
  17. Habe so eine lästige Startseite
    Log-Analyse und Auswertung - 01.12.2004 (3)

Zum Thema incredibar als Startseite: besteht nun eine Trojanergefahr? - Hallo Damen und Herren , ich bin neu hier und habe mich gerade hier angemeldet, da ich ein Problem mit meinem Laptop habe. Ich musste mir fürs Studium SPSS 20 - incredibar als Startseite: besteht nun eine Trojanergefahr?...
Archiv
Du betrachtest: incredibar als Startseite: besteht nun eine Trojanergefahr? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.