| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ch8l0.exe auf meinem PCWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.04.2012, 15:23
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  ch8l0.exe auf meinem PC Hm, so großartige Unterschiede sind da aber nicht Ich werd jetzt mir das neuere Log ansehen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.04.2012, 15:26
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ch8l0.exe auf meinem PC Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-346892345-2883233403-3222079558-1000..\Run: [NetworkIndicator] C:\Users\djtron\Desktop\NetworkIndicator.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{779a48ee-8dcb-11e0-b830-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{779a48ee-8dcb-11e0-b830-005056c00008}\Shell\AutoRun\command - "" = F:\.\autorun.exe
:Files
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Application Updater
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
13.04.2012, 18:36
| #18 |
 | ch8l0.exe auf meinem PC Hallo Arne,
__________________hat genau so funktioniert, wie Du geschrieben hast. Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\5.2\pdfforgeToolbarIE.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\5.2\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-346892345-2883233403-3222079558-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NetworkIndicator deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779a48ee-8dcb-11e0-b830-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{779a48ee-8dcb-11e0-b830-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779a48ee-8dcb-11e0-b830-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{779a48ee-8dcb-11e0-b830-005056c00008}\ not found.
File F:\.\autorun.exe not found.
========== FILES ==========
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Program Files (x86)\Application Updater folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: djtron
->Temp folder emptied: 990118465 bytes
->Temporary Internet Files folder emptied: 859651175 bytes
->Java cache emptied: 740313 bytes
->Flash cache emptied: 46323 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 185377193 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85230 bytes
RecycleBin emptied: 4921413233 bytes
Total Files Cleaned = 6.635,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: djtron
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04132012_192551
Files\Folders moved on Reboot...
C:\Users\djtron\AppData\Local\Temp\McAfeeLogs\UpdaterUI_TOSHIBAL670-170.log moved successfully.
C:\Users\djtron\AppData\Local\Temp\McAfeeLogs\UpdaterUI_TOSHIBAL670-170_error.log moved successfully.
C:\Users\djtron\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2148.log moved successfully.
Registry entries deleted on Reboot...
Auch wenn ich mich wiederhole: Danke ! Grüße DJTron |
|
15.04.2012, 15:00
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ch8l0.exe auf meinem PC Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.04.2012, 10:03
| #20 |
| | ch8l0.exe auf meinem PC Hallo Arne, hier das TDDSKiller-Log: Code:
ATTFilter 10:55:14.0550 4264 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
10:55:14.0847 4264 ============================================================
10:55:14.0847 4264 Current date / time: 2012/04/16 10:55:14.0847
10:55:14.0847 4264 SystemInfo:
10:55:14.0847 4264
10:55:14.0847 4264 OS Version: 6.1.7601 ServicePack: 1.0
10:55:14.0847 4264 Product type: Workstation
10:55:14.0847 4264 ComputerName: TOSHIBAL670-170
10:55:14.0847 4264 UserName: djtron
10:55:14.0847 4264 Windows directory: C:\Windows
10:55:14.0847 4264 System windows directory: C:\Windows
10:55:14.0847 4264 Running under WOW64
10:55:14.0847 4264 Processor architecture: Intel x64
10:55:14.0847 4264 Number of processors: 4
10:55:14.0847 4264 Page size: 0x1000
10:55:14.0847 4264 Boot type: Normal boot
10:55:14.0847 4264 ============================================================
10:55:15.0268 4264 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:55:15.0283 4264 \Device\Harddisk0\DR0:
10:55:15.0283 4264 MBR used
10:55:15.0283 4264 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000
10:55:15.0283 4264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000
10:55:15.0346 4264 Initialize success
10:55:15.0346 4264 ============================================================
10:55:55.0532 4120 ============================================================
10:55:55.0532 4120 Scan started
10:55:55.0532 4120 Mode: Manual; SigCheck; TDLFS;
10:55:55.0532 4120 ============================================================
10:55:56.0171 4120 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:55:56.0296 4120 1394ohci - ok
10:55:56.0436 4120 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:55:56.0483 4120 ACPI - ok
10:55:56.0624 4120 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:55:56.0733 4120 AcpiPmi - ok
10:55:56.0842 4120 AcrSch2Svc (bd2f775d230a9b55ab01cda4ea5ce729) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
10:55:56.0889 4120 AcrSch2Svc - ok
10:55:57.0014 4120 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:55:57.0045 4120 AdobeARMservice - ok
10:55:57.0232 4120 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:55:57.0263 4120 AdobeFlashPlayerUpdateSvc - ok
10:55:57.0435 4120 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:55:57.0482 4120 adp94xx - ok
10:55:57.0638 4120 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:55:57.0684 4120 adpahci - ok
10:55:57.0825 4120 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:55:57.0856 4120 adpu320 - ok
10:55:57.0965 4120 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:55:58.0199 4120 AeLookupSvc - ok
10:55:58.0355 4120 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
10:55:58.0464 4120 afcdp - ok
10:55:58.0714 4120 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
10:55:58.0870 4120 afcdpsrv - ok
10:55:58.0995 4120 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:55:59.0088 4120 AFD - ok
10:55:59.0229 4120 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:55:59.0260 4120 agp440 - ok
10:55:59.0338 4120 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:55:59.0432 4120 ALG - ok
10:55:59.0556 4120 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:55:59.0588 4120 aliide - ok
10:55:59.0728 4120 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:55:59.0759 4120 amdide - ok
10:55:59.0884 4120 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:55:59.0946 4120 AmdK8 - ok
10:56:00.0056 4120 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:56:00.0134 4120 AmdPPM - ok
10:56:00.0258 4120 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:56:00.0290 4120 amdsata - ok
10:56:00.0383 4120 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:56:00.0430 4120 amdsbs - ok
10:56:00.0570 4120 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:56:00.0602 4120 amdxata - ok
10:56:00.0711 4120 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:56:00.0914 4120 AppID - ok
10:56:01.0038 4120 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:56:01.0116 4120 AppIDSvc - ok
10:56:01.0226 4120 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:56:01.0304 4120 Appinfo - ok
10:56:01.0382 4120 Application Updater - ok
10:56:01.0506 4120 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
10:56:01.0569 4120 AppMgmt - ok
10:56:01.0694 4120 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:56:01.0725 4120 arc - ok
10:56:01.0865 4120 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:56:01.0896 4120 arcsas - ok
10:56:02.0021 4120 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:56:02.0115 4120 AsyncMac - ok
10:56:02.0240 4120 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:56:02.0271 4120 atapi - ok
10:56:02.0552 4120 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys
10:56:02.0817 4120 atikmdag - ok
10:56:02.0957 4120 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:56:03.0066 4120 AudioEndpointBuilder - ok
10:56:03.0113 4120 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:56:03.0191 4120 AudioSrv - ok
10:56:03.0332 4120 avmike (7099b812e2fea1cf3bcb63a10da37d90) C:\Program Files\FRITZ!Fernzugang\avmike.exe
10:56:03.0363 4120 avmike - ok
10:56:03.0472 4120 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:56:03.0581 4120 AxInstSV - ok
10:56:03.0690 4120 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:56:03.0768 4120 b06bdrv - ok
10:56:03.0909 4120 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:56:03.0987 4120 b57nd60a - ok
10:56:04.0190 4120 BCM43XX (5b5c36b2ec500462a715db6bcbaf5da7) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:56:04.0283 4120 BCM43XX - ok
10:56:04.0392 4120 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:56:04.0470 4120 BDESVC - ok
10:56:04.0595 4120 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:56:04.0673 4120 Beep - ok
10:56:04.0845 4120 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:56:04.0907 4120 BFE - ok
10:56:05.0032 4120 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:56:05.0141 4120 BITS - ok
10:56:05.0250 4120 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:56:05.0282 4120 blbdrive - ok
10:56:05.0438 4120 bmdrvr (7091e0ea045a50952c57eb309b9cea62) C:\Windows\syswow64\drivers\bmdrvr.sys
10:56:05.0469 4120 bmdrvr - ok
10:56:05.0594 4120 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:56:05.0640 4120 bowser - ok
10:56:05.0781 4120 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:56:05.0812 4120 BrFiltLo - ok
10:56:05.0921 4120 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:56:05.0952 4120 BrFiltUp - ok
10:56:06.0077 4120 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:56:06.0186 4120 Browser - ok
10:56:06.0296 4120 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:56:06.0389 4120 Brserid - ok
10:56:06.0514 4120 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:56:06.0561 4120 BrSerWdm - ok
10:56:06.0670 4120 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:56:06.0732 4120 BrUsbMdm - ok
10:56:06.0826 4120 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:56:06.0873 4120 BrUsbSer - ok
10:56:06.0998 4120 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:56:07.0044 4120 BTHMODEM - ok
10:56:07.0169 4120 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:56:07.0247 4120 bthserv - ok
10:56:07.0356 4120 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:56:07.0434 4120 cdfs - ok
10:56:07.0575 4120 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:56:07.0622 4120 cdrom - ok
10:56:07.0746 4120 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:56:07.0840 4120 CertPropSvc - ok
10:56:07.0965 4120 certsrv (dc716e2329403300b2477997581bbfd7) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
10:56:07.0996 4120 certsrv - ok
10:56:08.0136 4120 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
10:56:08.0168 4120 cfWiMAXService - ok
10:56:08.0277 4120 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:56:08.0324 4120 circlass - ok
10:56:08.0448 4120 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:56:08.0495 4120 CLFS - ok
10:56:08.0604 4120 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:56:08.0636 4120 clr_optimization_v2.0.50727_32 - ok
10:56:08.0745 4120 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:56:08.0760 4120 clr_optimization_v2.0.50727_64 - ok
10:56:08.0901 4120 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:56:08.0932 4120 clr_optimization_v4.0.30319_32 - ok
10:56:09.0057 4120 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:56:09.0088 4120 clr_optimization_v4.0.30319_64 - ok
10:56:09.0182 4120 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:56:09.0228 4120 CmBatt - ok
10:56:09.0338 4120 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:56:09.0369 4120 cmdide - ok
10:56:09.0509 4120 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:56:09.0572 4120 CNG - ok
10:56:09.0665 4120 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:56:09.0681 4120 Compbatt - ok
10:56:09.0821 4120 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:56:09.0868 4120 CompositeBus - ok
10:56:09.0946 4120 COMSysApp - ok
10:56:10.0071 4120 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
10:56:10.0102 4120 ConfigFree Service - ok
10:56:10.0211 4120 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:56:10.0242 4120 crcdisk - ok
10:56:10.0352 4120 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:56:10.0445 4120 CryptSvc - ok
10:56:10.0601 4120 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:56:10.0695 4120 CSC - ok
10:56:10.0820 4120 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
10:56:10.0913 4120 CscService - ok
10:56:11.0054 4120 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:56:11.0147 4120 DcomLaunch - ok
10:56:11.0256 4120 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:56:11.0319 4120 defragsvc - ok
10:56:11.0428 4120 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:56:11.0522 4120 DfsC - ok
10:56:11.0662 4120 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:56:11.0740 4120 Dhcp - ok
10:56:11.0849 4120 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:56:11.0927 4120 discache - ok
10:56:12.0036 4120 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:56:12.0068 4120 Disk - ok
10:56:12.0177 4120 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:56:12.0255 4120 Dnscache - ok
10:56:12.0364 4120 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:56:12.0442 4120 dot3svc - ok
10:56:12.0536 4120 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:56:12.0629 4120 DPS - ok
10:56:12.0738 4120 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:56:12.0785 4120 drmkaud - ok
10:56:12.0926 4120 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:56:12.0988 4120 DXGKrnl - ok
10:56:13.0082 4120 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:56:13.0160 4120 EapHost - ok
10:56:13.0331 4120 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:56:13.0456 4120 ebdrv - ok
10:56:13.0565 4120 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:56:13.0643 4120 EFS - ok
10:56:13.0784 4120 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:56:13.0862 4120 ehRecvr - ok
10:56:13.0971 4120 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:56:14.0033 4120 ehSched - ok
10:56:14.0142 4120 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:56:14.0189 4120 elxstor - ok
10:56:14.0298 4120 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:56:14.0345 4120 ErrDev - ok
10:56:14.0486 4120 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:56:14.0564 4120 EventSystem - ok
10:56:14.0673 4120 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:56:14.0766 4120 exfat - ok
10:56:14.0891 4120 EZSocketGOT (7922583c802203a54cdd47d9ecf028f2) C:\Windows\system32\drivers\EZSocketGOT.sys
10:56:14.0969 4120 EZSocketGOT - ok
10:56:15.0078 4120 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:56:15.0172 4120 fastfat - ok
10:56:15.0297 4120 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:56:15.0375 4120 Fax - ok
10:56:15.0484 4120 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:56:15.0515 4120 fdc - ok
10:56:15.0640 4120 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:56:15.0734 4120 fdPHost - ok
10:56:15.0827 4120 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:56:15.0890 4120 FDResPub - ok
10:56:15.0999 4120 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:56:16.0030 4120 FileInfo - ok
10:56:16.0124 4120 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:56:16.0186 4120 Filetrace - ok
10:56:16.0280 4120 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:56:16.0311 4120 flpydisk - ok
10:56:16.0436 4120 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:56:16.0467 4120 FltMgr - ok
10:56:16.0592 4120 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:56:16.0654 4120 FontCache - ok
10:56:16.0794 4120 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:56:16.0810 4120 FontCache3.0.0.0 - ok
10:56:16.0904 4120 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:56:16.0935 4120 FsDepends - ok
10:56:17.0060 4120 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:56:17.0091 4120 Fs_Rec - ok
10:56:17.0216 4120 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys
10:56:17.0247 4120 FTDIBUS - ok
10:56:17.0356 4120 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys
10:56:17.0387 4120 FTSER2K - ok
10:56:17.0512 4120 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:56:17.0543 4120 fvevol - ok
10:56:17.0668 4120 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:56:17.0699 4120 gagp30kx - ok
10:56:17.0808 4120 GameConsoleService (1a0b9d84beb3306f728bc3009d432f5c) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
10:56:17.0840 4120 GameConsoleService - ok
10:56:17.0964 4120 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:56:18.0058 4120 gpsvc - ok
10:56:18.0214 4120 GX Works2 Service (51177cbac5232f0209aaaf11ba763087) C:\Program Files (x86)\MELSOFT\GPPW2\GX Works2 Service.exe
10:56:18.0230 4120 GX Works2 Service ( UnsignedFile.Multi.Generic ) - warning
10:56:18.0230 4120 GX Works2 Service - detected UnsignedFile.Multi.Generic (1)
10:56:18.0370 4120 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
10:56:18.0386 4120 hcmon - ok
10:56:18.0495 4120 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:56:18.0542 4120 hcw85cir - ok
10:56:18.0666 4120 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:56:18.0713 4120 HdAudAddService - ok
10:56:18.0822 4120 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:56:18.0885 4120 HDAudBus - ok
10:56:18.0994 4120 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
10:56:19.0010 4120 HECIx64 - ok
10:56:19.0134 4120 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:56:19.0166 4120 HidBatt - ok
10:56:19.0290 4120 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:56:19.0337 4120 HidBth - ok
10:56:19.0462 4120 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:56:19.0493 4120 HidIr - ok
10:56:19.0587 4120 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:56:19.0665 4120 hidserv - ok
10:56:19.0790 4120 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:56:19.0836 4120 HidUsb - ok
10:56:19.0914 4120 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:56:19.0992 4120 hkmsvc - ok
10:56:20.0133 4120 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:56:20.0195 4120 HomeGroupListener - ok
10:56:20.0304 4120 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:56:20.0351 4120 HomeGroupProvider - ok
10:56:20.0476 4120 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:56:20.0507 4120 HpSAMD - ok
10:56:20.0648 4120 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:56:20.0757 4120 HTTP - ok
10:56:20.0882 4120 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:56:20.0897 4120 hwpolicy - ok
10:56:21.0006 4120 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:56:21.0038 4120 i8042prt - ok
10:56:21.0194 4120 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
10:56:21.0225 4120 iaStor - ok
10:56:21.0365 4120 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:56:21.0412 4120 iaStorV - ok
10:56:21.0521 4120 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:56:21.0568 4120 idsvc - ok
10:56:21.0911 4120 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:56:22.0286 4120 igfx - ok
10:56:22.0395 4120 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:56:22.0426 4120 iirsp - ok
10:56:22.0566 4120 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:56:22.0660 4120 IKEEXT - ok
10:56:22.0785 4120 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
10:56:22.0847 4120 Impcd - ok
10:56:23.0050 4120 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\Windows\system32\drivers\RTKVHD64.sys
10:56:23.0112 4120 IntcAzAudAddService - ok
10:56:23.0237 4120 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
10:56:23.0284 4120 IntcDAud - ok
10:56:23.0409 4120 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:56:23.0440 4120 intelide - ok
10:56:23.0549 4120 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:56:23.0580 4120 intelppm - ok
10:56:23.0674 4120 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:56:23.0768 4120 IPBusEnum - ok
10:56:23.0861 4120 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:56:23.0939 4120 IpFilterDriver - ok
10:56:24.0064 4120 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:56:24.0126 4120 iphlpsvc - ok
10:56:24.0251 4120 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:56:24.0298 4120 IPMIDRV - ok
10:56:24.0407 4120 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:56:24.0485 4120 IPNAT - ok
10:56:24.0594 4120 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:56:24.0657 4120 IRENUM - ok
10:56:24.0797 4120 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:56:24.0813 4120 isapnp - ok
10:56:24.0922 4120 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:56:24.0969 4120 iScsiPrt - ok
10:56:25.0094 4120 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:56:25.0125 4120 kbdclass - ok
10:56:25.0250 4120 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:56:25.0296 4120 kbdhid - ok
10:56:25.0406 4120 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:56:25.0437 4120 KeyIso - ok
10:56:25.0546 4120 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:56:25.0577 4120 KSecDD - ok
10:56:25.0702 4120 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:56:25.0733 4120 KSecPkg - ok
10:56:25.0827 4120 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:56:25.0905 4120 ksthunk - ok
10:56:26.0014 4120 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:56:26.0108 4120 KtmRm - ok
10:56:26.0232 4120 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:56:26.0326 4120 LanmanServer - ok
10:56:26.0435 4120 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:56:26.0529 4120 LanmanWorkstation - ok
10:56:26.0654 4120 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:56:26.0716 4120 lltdio - ok
10:56:26.0841 4120 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:56:26.0919 4120 lltdsvc - ok
10:56:27.0044 4120 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:56:27.0106 4120 lmhosts - ok
10:56:27.0184 4120 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:56:27.0231 4120 LMS ( UnsignedFile.Multi.Generic ) - warning
10:56:27.0231 4120 LMS - detected UnsignedFile.Multi.Generic (1)
10:56:27.0356 4120 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\Windows\system32\DRIVERS\LPCFilter.sys
10:56:27.0387 4120 LPCFilter - ok
10:56:27.0512 4120 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:56:27.0527 4120 LSI_FC - ok
10:56:27.0636 4120 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:56:27.0668 4120 LSI_SAS - ok
10:56:27.0792 4120 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:56:27.0824 4120 LSI_SAS2 - ok
10:56:27.0948 4120 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:56:27.0980 4120 LSI_SCSI - ok
10:56:28.0089 4120 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:56:28.0151 4120 luafv - ok
10:56:28.0229 4120 McAfeeFramework (062d80f13d762f7bc2f38430d60f5048) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
10:56:28.0260 4120 McAfeeFramework - ok
10:56:28.0370 4120 McShield (00315dc847778d65728197b63803b523) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
10:56:28.0401 4120 McShield - ok
10:56:28.0510 4120 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
10:56:28.0541 4120 McTaskManager - ok
10:56:28.0635 4120 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:56:28.0682 4120 Mcx2Svc - ok
10:56:28.0791 4120 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:56:28.0806 4120 megasas - ok
10:56:28.0931 4120 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:56:28.0962 4120 MegaSR - ok
10:56:29.0118 4120 MELSOFT Mediative Server - ok
10:56:29.0274 4120 mfeapfk (0d121a46e0148a3bc941fa3bb0269329) C:\Windows\system32\drivers\mfeapfk.sys
10:56:29.0290 4120 mfeapfk - ok
10:56:29.0415 4120 mfeavfk (93f251905c028809ffb49f95a63fcbc9) C:\Windows\system32\drivers\mfeavfk.sys
10:56:29.0446 4120 mfeavfk - ok
10:56:29.0571 4120 mfeavfk01 - ok
10:56:29.0696 4120 mfehidk (a282a937127ea7b15eb85559e59ae576) C:\Windows\system32\drivers\mfehidk.sys
10:56:29.0727 4120 mfehidk - ok
10:56:29.0852 4120 mferkdet (04d7e0e2a48730a1c535837f105e6352) C:\Windows\system32\drivers\mferkdet.sys
10:56:29.0883 4120 mferkdet - ok
10:56:29.0992 4120 mfevtp (45f1580c7c9f49a68b72ef2ccefef3a3) C:\Windows\system32\mfevtps.exe
10:56:30.0023 4120 mfevtp - ok
10:56:30.0148 4120 mfewfpk (325dd1031cfd71bd4d8afdb1faaf3bea) C:\Windows\system32\drivers\mfewfpk.sys
10:56:30.0179 4120 mfewfpk - ok
10:56:30.0288 4120 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:56:30.0398 4120 MMCSS - ok
10:56:30.0522 4120 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:56:30.0585 4120 Modem - ok
10:56:30.0694 4120 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:56:30.0741 4120 monitor - ok
10:56:30.0881 4120 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:56:30.0912 4120 mouclass - ok
10:56:31.0037 4120 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:56:31.0068 4120 mouhid - ok
10:56:31.0178 4120 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:56:31.0193 4120 mountmgr - ok
10:56:31.0334 4120 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:56:31.0365 4120 mpio - ok
10:56:31.0458 4120 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:56:31.0521 4120 mpsdrv - ok
10:56:31.0646 4120 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:56:31.0755 4120 MpsSvc - ok
10:56:31.0848 4120 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:56:31.0911 4120 MRxDAV - ok
10:56:32.0020 4120 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:56:32.0082 4120 mrxsmb - ok
10:56:32.0192 4120 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:56:32.0238 4120 mrxsmb10 - ok
10:56:32.0348 4120 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:56:32.0379 4120 mrxsmb20 - ok
10:56:32.0488 4120 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:56:32.0519 4120 msahci - ok
10:56:32.0628 4120 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:56:32.0675 4120 msdsm - ok
10:56:32.0784 4120 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:56:32.0816 4120 MSDTC - ok
10:56:32.0940 4120 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:56:33.0003 4120 Msfs - ok
10:56:33.0112 4120 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:56:33.0190 4120 mshidkmdf - ok
10:56:33.0299 4120 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:56:33.0315 4120 msisadrv - ok
10:56:33.0408 4120 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:56:33.0502 4120 MSiSCSI - ok
10:56:33.0580 4120 msiserver - ok
10:56:33.0689 4120 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:56:33.0783 4120 MSKSSRV - ok
10:56:33.0876 4120 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:56:33.0954 4120 MSPCLOCK - ok
10:56:34.0064 4120 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:56:34.0157 4120 MSPQM - ok
10:56:34.0266 4120 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:56:34.0313 4120 MsRPC - ok
10:56:34.0438 4120 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:56:34.0469 4120 mssmbios - ok
10:56:34.0578 4120 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:56:34.0656 4120 MSTEE - ok
10:56:34.0734 4120 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:56:34.0781 4120 MTConfig - ok
10:56:34.0890 4120 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:56:34.0922 4120 Mup - ok
10:56:35.0062 4120 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:56:35.0140 4120 napagent - ok
10:56:35.0265 4120 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:56:35.0327 4120 NativeWifiP - ok
10:56:35.0468 4120 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:56:35.0514 4120 NDIS - ok
10:56:35.0624 4120 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:56:35.0686 4120 NdisCap - ok
10:56:35.0811 4120 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:56:35.0889 4120 NdisTapi - ok
10:56:36.0014 4120 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:56:36.0092 4120 Ndisuio - ok
10:56:36.0201 4120 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:56:36.0279 4120 NdisWan - ok
10:56:36.0404 4120 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:56:36.0497 4120 NDProxy - ok
10:56:36.0622 4120 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:56:36.0669 4120 Nero BackItUp Scheduler 4.0 - ok
10:56:36.0778 4120 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:56:36.0856 4120 NetBIOS - ok
10:56:36.0996 4120 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:56:37.0074 4120 NetBT - ok
10:56:37.0199 4120 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:56:37.0215 4120 Netlogon - ok
10:56:37.0340 4120 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:56:37.0418 4120 Netman - ok
10:56:37.0527 4120 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:56:37.0620 4120 netprofm - ok
10:56:37.0714 4120 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:56:37.0745 4120 NetTcpPortSharing - ok
10:56:37.0854 4120 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:56:37.0886 4120 nfrd960 - ok
10:56:38.0026 4120 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:56:38.0120 4120 NlaSvc - ok
10:56:38.0244 4120 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:56:38.0291 4120 Npfs - ok
10:56:38.0385 4120 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:56:38.0463 4120 nsi - ok
10:56:38.0572 4120 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:56:38.0650 4120 nsiproxy - ok
10:56:38.0806 4120 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:56:38.0868 4120 Ntfs - ok
10:56:38.0962 4120 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:56:39.0040 4120 Null - ok
10:56:39.0180 4120 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:56:39.0212 4120 nvraid - ok
10:56:39.0305 4120 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:56:39.0336 4120 nvstor - ok
10:56:39.0446 4120 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:56:39.0477 4120 nv_agp - ok
10:56:39.0602 4120 NWIM (9ed2d6751813f5589710a8122cd227b2) C:\Windows\system32\DRIVERS\avmnwim.sys
10:56:39.0633 4120 NWIM - ok
10:56:39.0773 4120 nwtsrv (05965ed689dff62ed50f3ce86b758985) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
10:56:39.0804 4120 nwtsrv - ok
10:56:39.0929 4120 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:56:39.0976 4120 ohci1394 - ok
10:56:40.0054 4120 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:56:40.0085 4120 ose - ok
10:56:40.0288 4120 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:56:40.0475 4120 osppsvc - ok
10:56:40.0569 4120 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:56:40.0631 4120 p2pimsvc - ok
10:56:40.0725 4120 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:56:40.0772 4120 p2psvc - ok
10:56:40.0865 4120 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:56:40.0912 4120 Parport - ok
10:56:41.0006 4120 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:56:41.0037 4120 partmgr - ok
10:56:41.0130 4120 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:56:41.0193 4120 PcaSvc - ok
10:56:41.0318 4120 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:56:41.0349 4120 pci - ok
10:56:41.0489 4120 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:56:41.0520 4120 pciide - ok
10:56:41.0630 4120 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:56:41.0661 4120 pcmcia - ok
10:56:41.0739 4120 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:56:41.0754 4120 pcw - ok
10:56:41.0864 4120 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:56:41.0973 4120 PEAUTH - ok
10:56:42.0113 4120 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
10:56:42.0176 4120 PeerDistSvc - ok
10:56:42.0285 4120 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:56:42.0332 4120 PerfHost - ok
10:56:42.0441 4120 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
10:56:42.0456 4120 PGEffect - ok
10:56:42.0597 4120 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:56:42.0706 4120 pla - ok
10:56:42.0846 4120 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:56:42.0893 4120 PlugPlay - ok
10:56:42.0987 4120 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:56:43.0034 4120 PNRPAutoReg - ok
10:56:43.0127 4120 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:56:43.0174 4120 PNRPsvc - ok
10:56:43.0299 4120 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:56:43.0392 4120 PolicyAgent - ok
10:56:43.0470 4120 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:56:43.0533 4120 Power - ok
10:56:43.0673 4120 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:56:43.0751 4120 PptpMiniport - ok
10:56:43.0860 4120 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:56:43.0907 4120 Processor - ok
10:56:44.0001 4120 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:56:44.0079 4120 ProfSvc - ok
10:56:44.0172 4120 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:56:44.0204 4120 ProtectedStorage - ok
10:56:44.0344 4120 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:56:44.0422 4120 Psched - ok
10:56:44.0578 4120 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:56:44.0640 4120 ql2300 - ok
10:56:44.0750 4120 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:56:44.0781 4120 ql40xx - ok
10:56:44.0890 4120 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:56:44.0937 4120 QWAVE - ok
10:56:45.0030 4120 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:56:45.0077 4120 QWAVEdrv - ok
10:56:45.0186 4120 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:56:45.0264 4120 RasAcd - ok
10:56:45.0389 4120 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:56:45.0452 4120 RasAgileVpn - ok
10:56:45.0545 4120 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:56:45.0639 4120 RasAuto - ok
10:56:45.0764 4120 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:56:45.0842 4120 Rasl2tp - ok
10:56:45.0966 4120 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:56:46.0076 4120 RasMan - ok
10:56:46.0185 4120 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:56:46.0247 4120 RasPppoe - ok
10:56:46.0356 4120 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:56:46.0434 4120 RasSstp - ok
10:56:46.0559 4120 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:56:46.0622 4120 rdbss - ok
10:56:46.0715 4120 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:56:46.0762 4120 rdpbus - ok
10:56:46.0871 4120 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:56:46.0949 4120 RDPCDD - ok
10:56:47.0058 4120 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:56:47.0105 4120 RDPDR - ok
10:56:47.0230 4120 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:56:47.0292 4120 RDPENCDD - ok
10:56:47.0402 4120 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:56:47.0464 4120 RDPREFMP - ok
10:56:47.0573 4120 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:56:47.0682 4120 RDPWD - ok
10:56:47.0792 4120 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:56:47.0823 4120 rdyboost - ok
10:56:47.0932 4120 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:56:47.0994 4120 RemoteAccess - ok
10:56:48.0104 4120 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:56:48.0197 4120 RemoteRegistry - ok
10:56:48.0306 4120 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
10:56:48.0369 4120 ROOTMODEM - ok
10:56:48.0462 4120 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:56:48.0556 4120 RpcEptMapper - ok
10:56:48.0665 4120 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:56:48.0712 4120 RpcLocator - ok
10:56:48.0837 4120 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:56:48.0899 4120 RpcSs - ok
10:56:49.0008 4120 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:56:49.0086 4120 rspndr - ok
10:56:49.0211 4120 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
10:56:49.0242 4120 RSUSBSTOR - ok
10:56:49.0367 4120 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:56:49.0398 4120 RTL8167 - ok
10:56:49.0523 4120 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:56:49.0570 4120 s3cap - ok
10:56:49.0679 4120 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:56:49.0710 4120 SamSs - ok
10:56:49.0820 4120 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:56:49.0851 4120 sbp2port - ok
10:56:49.0944 4120 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:56:50.0022 4120 SCardSvr - ok
10:56:50.0132 4120 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:56:50.0225 4120 scfilter - ok
10:56:50.0366 4120 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:56:50.0459 4120 Schedule - ok
10:56:50.0553 4120 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:56:50.0631 4120 SCPolicySvc - ok
10:56:50.0740 4120 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:56:50.0787 4120 SDRSVC - ok
10:56:50.0896 4120 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:56:50.0927 4120 SeaPort - ok
10:56:51.0036 4120 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:56:51.0099 4120 secdrv - ok
10:56:51.0192 4120 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:56:51.0255 4120 seclogon - ok
10:56:51.0364 4120 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:56:51.0442 4120 SENS - ok
10:56:51.0536 4120 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:56:51.0614 4120 SensrSvc - ok
10:56:51.0707 4120 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:56:51.0738 4120 Serenum - ok
10:56:51.0848 4120 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:56:51.0910 4120 Serial - ok
10:56:52.0035 4120 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:56:52.0066 4120 sermouse - ok
10:56:52.0175 4120 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:56:52.0238 4120 SessionEnv - ok
10:56:52.0347 4120 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:56:52.0394 4120 sffdisk - ok
10:56:52.0503 4120 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:56:52.0565 4120 sffp_mmc - ok
10:56:52.0659 4120 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:56:52.0706 4120 sffp_sd - ok
10:56:52.0815 4120 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:56:52.0846 4120 sfloppy - ok
10:56:52.0955 4120 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:56:53.0064 4120 SharedAccess - ok
10:56:53.0174 4120 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:56:53.0252 4120 ShellHWDetection - ok
10:56:53.0376 4120 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:56:53.0392 4120 SiSRaid2 - ok
10:56:53.0501 4120 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:56:53.0517 4120 SiSRaid4 - ok
10:56:53.0642 4120 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:56:53.0720 4120 Smb - ok
10:56:53.0876 4120 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
10:56:53.0922 4120 snapman - ok
10:56:54.0032 4120 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:56:54.0047 4120 SNMPTRAP - ok
10:56:54.0141 4120 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:56:54.0172 4120 spldr - ok
10:56:54.0297 4120 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:56:54.0375 4120 Spooler - ok
10:56:54.0562 4120 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:56:54.0718 4120 sppsvc - ok
10:56:54.0827 4120 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:56:54.0905 4120 sppuinotify - ok
10:56:55.0030 4120 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:56:55.0092 4120 srv - ok
10:56:55.0217 4120 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:56:55.0264 4120 srv2 - ok
10:56:55.0389 4120 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:56:55.0436 4120 srvnet - ok
10:56:55.0529 4120 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:56:55.0623 4120 SSDPSRV - ok
10:56:55.0716 4120 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:56:55.0779 4120 SstpSvc - ok
10:56:55.0888 4120 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:56:55.0919 4120 stexstor - ok
10:56:56.0044 4120 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:56:56.0106 4120 stisvc - ok
10:56:56.0247 4120 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:56:56.0278 4120 storflt - ok
10:56:56.0372 4120 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
10:56:56.0418 4120 StorSvc - ok
10:56:56.0559 4120 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:56:56.0590 4120 storvsc - ok
10:56:56.0715 4120 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:56:56.0730 4120 swenum - ok
10:56:56.0855 4120 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:56:56.0949 4120 swprv - ok
10:56:57.0074 4120 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
10:56:57.0105 4120 SynTP - ok
10:56:57.0261 4120 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:56:57.0339 4120 SysMain - ok
10:56:57.0448 4120 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:56:57.0495 4120 TabletInputService - ok
10:56:57.0604 4120 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:56:57.0682 4120 TapiSrv - ok
10:56:57.0776 4120 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:56:57.0854 4120 TBS - ok
10:56:58.0041 4120 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:56:58.0119 4120 Tcpip - ok
10:56:58.0290 4120 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:56:58.0353 4120 TCPIP6 - ok
10:56:58.0462 4120 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:56:58.0524 4120 tcpipreg - ok
10:56:58.0649 4120 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
10:56:58.0680 4120 tdcmdpst - ok
10:56:58.0774 4120 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:56:58.0821 4120 TDPIPE - ok
10:56:58.0977 4120 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
10:56:59.0024 4120 tdrpman273 - ok
10:56:59.0133 4120 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:56:59.0180 4120 TDTCP - ok
10:56:59.0320 4120 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:56:59.0398 4120 tdx - ok
10:56:59.0492 4120 TemproMonitoringService (1b43fdbfe5a98f6b3d90595c6b2e5277) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
10:56:59.0507 4120 TemproMonitoringService - ok
10:56:59.0632 4120 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:56:59.0663 4120 TermDD - ok
10:56:59.0788 4120 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:56:59.0866 4120 TermService - ok
10:56:59.0960 4120 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:57:00.0022 4120 Themes - ok
10:57:00.0131 4120 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:57:00.0194 4120 THREADORDER - ok
10:57:00.0334 4120 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
10:57:00.0365 4120 timounter - ok
10:57:00.0459 4120 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
10:57:00.0490 4120 TMachInfo - ok
10:57:00.0599 4120 tmnsusbser (f6131b247594f605eb98dcec7116552f) C:\Windows\system32\DRIVERS\tmnsusbser.sys
10:57:00.0646 4120 tmnsusbser - ok
10:57:00.0786 4120 tmusbnet (e559d1603db054a11336d195f752b04e) C:\Windows\system32\DRIVERS\tmusbnet.sys
10:57:00.0833 4120 tmusbnet - ok
10:57:00.0942 4120 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
10:57:00.0974 4120 TODDSrv - ok
10:57:01.0067 4120 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
10:57:01.0114 4120 TosCoSrv - ok
10:57:01.0208 4120 TOSHIBA Bluetooth Service (895f6972480306cb2a2a246991e34c68) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
10:57:01.0239 4120 TOSHIBA Bluetooth Service - ok
10:57:01.0348 4120 TOSHIBA eco Utility Service (2ab7a4697462edb0c9dfafc529746ba9) C:\Program Files\TOSHIBA\TECO\TecoService.exe
10:57:01.0379 4120 TOSHIBA eco Utility Service - ok
10:57:01.0426 4120 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
10:57:01.0457 4120 TOSHIBA HDD SSD Alert Service - ok
10:57:01.0566 4120 toshidpt (755e5ca34d6186fc0e1430cd47e6e97c) C:\Windows\system32\drivers\Toshidpt.sys
10:57:01.0582 4120 toshidpt - ok
10:57:01.0707 4120 tosporte (8021f63311797085949fa387f7c83583) C:\Windows\system32\DRIVERS\tosporte.sys
10:57:01.0722 4120 tosporte - ok
10:57:01.0847 4120 tosrfbd (1b09357180034639e62cf745e77ac66e) C:\Windows\system32\DRIVERS\tosrfbd.sys
10:57:01.0878 4120 tosrfbd - ok
10:57:01.0988 4120 tosrfbnp (62512b5277d88600f8bd4b7aec43569d) C:\Windows\system32\Drivers\tosrfbnp.sys
10:57:02.0019 4120 tosrfbnp - ok
10:57:02.0159 4120 Tosrfcom (c523a9186c39d65cc9adebb2e1b93ccd) C:\Windows\system32\Drivers\tosrfcom.sys
10:57:02.0190 4120 Tosrfcom - ok
10:57:02.0300 4120 tosrfec (11699d47b3491d86249c168496d55c92) C:\Windows\system32\DRIVERS\tosrfec.sys
10:57:02.0331 4120 tosrfec - ok
10:57:02.0456 4120 Tosrfhid (451b8c1815c6cc39650af916c2a382cd) C:\Windows\system32\DRIVERS\Tosrfhid.sys
10:57:02.0487 4120 Tosrfhid - ok
10:57:02.0596 4120 tosrfnds (b6fdc3c76ffe9c5171eea9c37ea367c2) C:\Windows\system32\DRIVERS\tosrfnds.sys
10:57:02.0612 4120 tosrfnds - ok
10:57:02.0736 4120 TosRfSnd (e1e045240c1184fa6628f3c7e7ff85d8) C:\Windows\system32\drivers\tosrfsnd.sys
10:57:02.0768 4120 TosRfSnd - ok
10:57:02.0892 4120 Tosrfusb (de44a2a2459d0504f146e599f4bd2074) C:\Windows\system32\DRIVERS\tosrfusb.sys
10:57:02.0908 4120 Tosrfusb - ok
10:57:03.0017 4120 TPCHSrv (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
10:57:03.0064 4120 TPCHSrv - ok
10:57:03.0142 4120 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:57:03.0236 4120 TrkWks - ok
10:57:03.0329 4120 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:57:03.0407 4120 TrustedInstaller - ok
10:57:03.0516 4120 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:57:03.0579 4120 tssecsrv - ok
10:57:03.0704 4120 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:57:03.0750 4120 TsUsbFlt - ok
10:57:03.0875 4120 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:57:03.0969 4120 tunnel - ok
10:57:04.0062 4120 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
10:57:04.0078 4120 TVALZ - ok
10:57:04.0203 4120 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
10:57:04.0218 4120 TVALZFL - ok
10:57:04.0312 4120 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:57:04.0343 4120 uagp35 - ok
10:57:04.0452 4120 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:57:04.0530 4120 udfs - ok
10:57:04.0640 4120 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:57:04.0702 4120 UI0Detect - ok
10:57:04.0827 4120 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:57:04.0858 4120 uliagpkx - ok
10:57:04.0952 4120 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:57:04.0998 4120 umbus - ok
10:57:05.0123 4120 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:57:05.0154 4120 UmPass - ok
10:57:05.0295 4120 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
10:57:05.0342 4120 UmRdpService - ok
10:57:05.0529 4120 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:57:05.0607 4120 UNS ( UnsignedFile.Multi.Generic ) - warning
10:57:05.0607 4120 UNS - detected UnsignedFile.Multi.Generic (1)
10:57:05.0700 4120 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:57:05.0778 4120 upnphost - ok
10:57:05.0888 4120 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:57:05.0950 4120 usbccgp - ok
10:57:06.0075 4120 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:57:06.0106 4120 usbcir - ok
10:57:06.0215 4120 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:57:06.0262 4120 usbehci - ok
10:57:06.0387 4120 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:57:06.0449 4120 usbhub - ok
10:57:06.0543 4120 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:57:06.0590 4120 usbohci - ok
10:57:06.0699 4120 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:57:06.0761 4120 usbprint - ok
10:57:06.0886 4120 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:57:06.0933 4120 USBSTOR - ok
10:57:07.0026 4120 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:57:07.0058 4120 usbuhci - ok
10:57:07.0182 4120 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:57:07.0245 4120 usbvideo - ok
10:57:07.0354 4120 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
10:57:07.0401 4120 usb_rndisx - ok
10:57:07.0479 4120 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:57:07.0588 4120 UxSms - ok
10:57:07.0697 4120 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:57:07.0713 4120 VaultSvc - ok
10:57:07.0822 4120 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:57:07.0853 4120 vdrvroot - ok
10:57:07.0947 4120 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:57:08.0040 4120 vds - ok
10:57:08.0165 4120 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:57:08.0196 4120 vga - ok
10:57:08.0321 4120 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:57:08.0399 4120 VgaSave - ok
10:57:08.0540 4120 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:57:08.0571 4120 vhdmp - ok
10:57:08.0680 4120 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:57:08.0711 4120 viaide - ok
10:57:08.0805 4120 VMAuthdService (16073f2bc424558ebd277a15188d329e) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
10:57:08.0836 4120 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
10:57:08.0836 4120 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
10:57:08.0976 4120 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:57:09.0008 4120 vmbus - ok
10:57:09.0148 4120 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:57:09.0195 4120 VMBusHID - ok
10:57:09.0320 4120 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
10:57:09.0351 4120 vmci - ok
10:57:09.0460 4120 vmkbd (3a717d3e29c107351347b478a9d0043f) C:\Windows\system32\drivers\VMkbd.sys
10:57:09.0491 4120 vmkbd - ok
10:57:09.0600 4120 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
10:57:09.0616 4120 VMnetAdapter - ok
10:57:09.0741 4120 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
10:57:09.0756 4120 VMnetBridge - ok
10:57:09.0850 4120 VMnetDHCP - ok
10:57:09.0975 4120 VMnetuserif (b6a3766c3e99fb1f6663c6b4b7c3f3a1) C:\Windows\system32\drivers\vmnetuserif.sys
10:57:09.0990 4120 VMnetuserif - ok
10:57:10.0115 4120 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
10:57:10.0146 4120 vmusb - ok
10:57:10.0287 4120 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
10:57:10.0334 4120 VMUSBArbService - ok
10:57:10.0427 4120 VMware NAT Service - ok
10:57:10.0552 4120 vmware-converter-agent (75bc28f58c95b90dffa5367310bc82eb) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
10:57:10.0583 4120 vmware-converter-agent - ok
10:57:10.0630 4120 vmware-converter-server (3b7ff15f4f50d3aa3983a3d41fbe2835) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
10:57:10.0661 4120 vmware-converter-server - ok
10:57:10.0677 4120 vmware-converter-worker (3b7ff15f4f50d3aa3983a3d41fbe2835) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
10:57:10.0692 4120 vmware-converter-worker - ok
10:57:10.0802 4120 vmx86 (e53cad9b1fa901ca2046501ee88f9cef) C:\Windows\system32\drivers\vmx86.sys
10:57:10.0817 4120 vmx86 - ok
10:57:10.0958 4120 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:57:10.0989 4120 volmgr - ok
10:57:11.0098 4120 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:57:11.0129 4120 volmgrx - ok
10:57:11.0254 4120 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:57:11.0301 4120 volsnap - ok
10:57:11.0426 4120 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:57:11.0457 4120 vsmraid - ok
10:57:11.0597 4120 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:57:11.0675 4120 VSS - ok
10:57:11.0800 4120 vstor2-mntapi10-shared (65efaec68fa234f36880533a79d7b1c1) C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
10:57:11.0831 4120 vstor2-mntapi10-shared - ok
10:57:11.0925 4120 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:57:11.0987 4120 vwifibus - ok
10:57:12.0096 4120 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:57:12.0128 4120 vwififlt - ok
10:57:12.0252 4120 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:57:12.0284 4120 vwifimp - ok
10:57:12.0377 4120 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:57:12.0455 4120 W32Time - ok
10:57:12.0549 4120 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:57:12.0596 4120 WacomPen - ok
10:57:12.0720 4120 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:57:12.0783 4120 WANARP - ok
10:57:12.0830 4120 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:57:12.0908 4120 Wanarpv6 - ok
10:57:13.0048 4120 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:57:13.0110 4120 wbengine - ok
10:57:13.0204 4120 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:57:13.0251 4120 WbioSrvc - ok
10:57:13.0376 4120 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:57:13.0422 4120 wcncsvc - ok
10:57:13.0532 4120 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:57:13.0563 4120 WcsPlugInService - ok
10:57:13.0672 4120 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:57:13.0688 4120 Wd - ok
10:57:13.0812 4120 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:57:13.0859 4120 Wdf01000 - ok
10:57:13.0953 4120 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:57:14.0046 4120 WdiServiceHost - ok
10:57:14.0078 4120 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:57:14.0109 4120 WdiSystemHost - ok
10:57:14.0218 4120 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:57:14.0296 4120 WebClient - ok
10:57:14.0390 4120 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:57:14.0499 4120 Wecsvc - ok
10:57:14.0592 4120 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:57:14.0670 4120 wercplsupport - ok
10:57:14.0764 4120 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:57:14.0858 4120 WerSvc - ok
10:57:14.0967 4120 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:57:15.0029 4120 WfpLwf - ok
10:57:15.0123 4120 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:57:15.0154 4120 WIMMount - ok
10:57:15.0185 4120 WinDefend - ok
10:57:15.0201 4120 WinHttpAutoProxySvc - ok
10:57:15.0341 4120 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:57:15.0404 4120 Winmgmt - ok
10:57:15.0560 4120 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:57:15.0653 4120 WinRM - ok
10:57:15.0794 4120 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:57:15.0840 4120 WinUsb - ok
10:57:15.0950 4120 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:57:16.0012 4120 Wlansvc - ok
10:57:16.0152 4120 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:57:16.0215 4120 wlidsvc - ok
10:57:16.0324 4120 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:57:16.0386 4120 WmiAcpi - ok
10:57:16.0527 4120 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:57:16.0574 4120 wmiApSrv - ok
10:57:16.0636 4120 WMPNetworkSvc - ok
10:57:16.0745 4120 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:57:16.0776 4120 WPCSvc - ok
10:57:16.0901 4120 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:57:16.0948 4120 WPDBusEnum - ok
10:57:17.0042 4120 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:57:17.0104 4120 ws2ifsl - ok
10:57:17.0198 4120 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:57:17.0260 4120 wscsvc - ok
10:57:17.0338 4120 WSearch - ok
10:57:17.0525 4120 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:57:17.0666 4120 wuauserv - ok
10:57:17.0790 4120 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:57:17.0853 4120 WudfPf - ok
10:57:17.0978 4120 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:57:18.0071 4120 WUDFRd - ok
10:57:18.0165 4120 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:57:18.0227 4120 wudfsvc - ok
10:57:18.0321 4120 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:57:18.0368 4120 WwanSvc - ok
10:57:18.0446 4120 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:57:19.0366 4120 \Device\Harddisk0\DR0 - ok
10:57:19.0397 4120 Boot (0x1200) (576a3460a85b01d3211252fd06f02252) \Device\Harddisk0\DR0\Partition0
10:57:19.0397 4120 \Device\Harddisk0\DR0\Partition0 - ok
10:57:19.0428 4120 Boot (0x1200) (3531aa88f814658aea3eb14669e125f9) \Device\Harddisk0\DR0\Partition1
10:57:19.0428 4120 \Device\Harddisk0\DR0\Partition1 - ok
10:57:19.0428 4120 ============================================================
10:57:19.0428 4120 Scan finished
10:57:19.0428 4120 ============================================================
10:57:19.0444 2344 Detected object count: 4
10:57:19.0444 2344 Actual detected object count: 4
10:58:00.0987 2344 GX Works2 Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:00.0987 2344 GX Works2 Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:58:00.0987 2344 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:00.0987 2344 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:58:00.0987 2344 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:00.0987 2344 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:58:00.0987 2344 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:00.0987 2344 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
DJTron |
|
16.04.2012, 11:43
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ch8l0.exe auf meinem PC Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> ch8l0.exe auf meinem PC |
|
16.04.2012, 15:15
| #22 |
| | ch8l0.exe auf meinem PC Hallo Arne, hier das nächste Log-File: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-04-16.01 - djtron 16.04.2012 14:55:39.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3891.2239 [GMT 2:00]
ausgeführt von:: c:\users\djtron\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\djtron\AppData\Local\Temp\{5EF3C548-FF63-444D-B117-B139A08CDCA9}\fpb.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-16 bis 2012-04-16 ))))))))))))))))))))))))))))))
.
.
2012-04-16 13:09 . 2012-04-16 13:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 17:25 . 2012-04-13 17:25 -------- d-----w- C:\_OTL
2012-04-12 06:17 . 2012-04-12 06:17 -------- d-----w- c:\program files (x86)\ESET
2012-04-11 08:44 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-11 08:40 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 08:40 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 08:40 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 08:40 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 08:40 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 08:40 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 08:40 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-08 17:44 . 2012-04-08 17:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-08 17:44 . 2012-04-08 17:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-08 17:44 . 2012-04-08 17:44 -------- d-----w- c:\program files (x86)\Java
2012-04-08 11:06 . 2012-04-08 11:06 -------- d-----w- c:\users\djtron\AppData\Roaming\Malwarebytes
2012-04-08 11:06 . 2012-04-08 11:06 -------- d-----w- c:\programdata\Malwarebytes
2012-04-08 11:06 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-08 11:06 . 2012-04-15 09:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-05 17:02 . 2012-04-11 09:19 -------- d-----w- c:\program files (x86)\pdfforge Toolbar
2012-04-02 12:55 . 2012-04-16 12:38 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-02 12:36 . 2012-04-16 12:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 12:39 . 2011-05-31 09:27 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 06:38 . 2012-03-14 07:51 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 07:51 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 07:51 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 07:51 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-15 07:06 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 07:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-15 07:07 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-01 09:54 . 2012-02-01 09:54 29184 ----a-r- c:\users\djtron\AppData\Roaming\Microsoft\Installer\{7991AB01-2DD4-4D24-9C79-23A00472DEE2}\IconA7C606DF.exe
2012-01-25 06:38 . 2012-03-14 07:51 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 07:51 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 07:51 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-08-15 420312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-22 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2571032]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-22 5587832]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\djtron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Network Indicator.lnk - c:\program files (x86)\NetworkIndicator\NetworkIndicator.exe [2011-12-22 344064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-2-24 2721120]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 GX Works2 Service;GX Works2 Service;c:\program files (x86)\MELSOFT\GPPW2\GX Works2 Service.exe [2011-12-19 61440]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 253088]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
R3 tmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCTTomato;c:\windows\system32\DRIVERS\tmnsusbser.sys [x]
R3 tmusbnet;Wireless Data Device driver for usb ethernet adapter;c:\windows\system32\DRIVERS\tmusbnet.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-09-30 3246040]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe [2011-10-31 336248]
S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe [2011-10-31 143736]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 MELSOFT Mediative Server;MELSOFT Mediative Server;c:\program files (x86)\MELSOFT\MSF\Common\MMS\MMSserve.exe SERVICE [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [2011-10-31 189304]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-19 423536]
S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-19 423536]
S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-19 423536]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 EZSocketGOT;EZSocketGOT;c:\windows\system32\drivers\EZSocketGOT.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 33577921
*Deregistered* - 33577921
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 12:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-09 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-09 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-09 410648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-01 391232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 10.0.0.7 8.8.8.8 10.0.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-SearchSettings - c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-16 15:45:44
ComboFix-quarantined-files.txt 2012-04-16 13:45
.
Vor Suchlauf: 10 Verzeichnis(se), 54.459.428.864 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 56.804.397.056 Bytes frei
.
- - End Of File - - 0E631FD2224FE378575696C0D64E3689
Grüße DJTron |
|
16.04.2012, 15:28
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ch8l0.exe auf meinem PC Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr", dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.04.2012, 08:27
| #24 |
| | ch8l0.exe auf meinem PC Hi Arne, das Programm ist beim ersten Scan ausgestiegen (siehe Bild im Anhang). Habe dann gemäß den Anweisungen einen Scan ausgeführt, hier das Log-File dazu: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-17 09:00:28
-----------------------------
09:00:28.007 OS Version: Windows x64 6.1.7601 Service Pack 1
09:00:28.007 Number of processors: 4 586 0x2502
09:00:28.007 ComputerName: TOSHIBAL670-170 UserName: djtron
09:00:28.756 Initialize success
09:00:32.672 AVAST engine defs: 12041601
09:00:53.560 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:00:53.560 Disk 0 Vendor: TOSHIBA_ GC00 Size: 305245MB BusType: 3
09:00:53.607 Disk 0 MBR read successfully
09:00:53.607 Disk 0 MBR scan
09:00:53.623 Disk 0 Windows 7 default MBR code
09:00:53.623 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
09:00:53.654 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152622 MB offset 821248
09:00:53.685 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 152222 MB offset 313391104
09:00:53.732 Disk 0 scanning C:\Windows\system32\drivers
09:01:10.252 Service scanning
09:02:10.016 Modules scanning
09:02:10.031 Disk 0 trace - called modules:
09:02:10.063 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:02:10.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a5a060]
09:02:10.094 3 CLASSPNP.SYS[fffff8800183b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a1e050]
09:02:10.109 Scan finished successfully
09:07:20.488 Disk 0 MBR has been saved successfully to "C:\Users\djtron\Desktop\MBR.dat"
09:07:20.503 The log file has been saved successfully to "C:\Users\djtron\Desktop\aswMBR.txt"
DJTron |
|
17.04.2012, 11:56
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ch8l0.exe auf meinem PC Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2012, 10:33
| #26 |
| | ch8l0.exe auf meinem PC Hat etwas gedauert... Hier Malwarebytes-Protokoll: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.15.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 djtron :: TOSHIBAL670-170 [Administrator] 18.04.2012 07:43:36 mbam-log-2012-04-18 (07-43-36).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 471392 Laufzeit: 1 Stunde(n), 19 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/18/2012 at 11:18 AM
Application Version : 5.0.1146
Core Rules Database Version : 8472
Trace Rules Database Version: 6284
Scan type : Complete Scan
Total Scan Time : 01:40:48
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 751
Memory threats detected : 0
Registry items scanned : 67934
Registry threats detected : 0
File items scanned : 74271
File threats detected : 77
Adware.Tracking Cookie
C:\Users\djtron\AppData\Roaming\Microsoft\Windows\Cookies\6R005QWB.txt [ /amazon-adsystem.com ]
C:\Users\djtron\AppData\Roaming\Microsoft\Windows\Cookies\QWPSVR9X.txt [ /track.effiliation.com ]
C:\Users\djtron\AppData\Roaming\Microsoft\Windows\Cookies\BDJRC6AC.txt [ /2o7.net ]
C:\Users\djtron\AppData\Roaming\Microsoft\Windows\Cookies\8AFZMDA9.txt [ /microsoftsto.112.2o7.net ]
C:\Users\djtron\AppData\Roaming\Microsoft\Windows\Cookies\QB6155C3.txt [ /apmebf.com ]
C:\Users\djtron\AppData\Roaming\Microsoft\Windows\Cookies\BRN4CS29.txt [ /doubleclick.net ]
C:\Users\djtron\AppData\Roaming\Microsoft\Windows\Cookies\L7SGU7QQ.txt [ /zanox.com ]
C:\Users\djtron\AppData\Roaming\Microsoft\Windows\Cookies\1BEQAIVX.txt [ /unitymedia.de ]
C:\Users\djtron\AppData\Roaming\Microsoft\Windows\Cookies\SE46UXDN.txt [ /tracking.quisma.com ]
C:\Users\djtron\AppData\Roaming\Microsoft\Windows\Cookies\TE7RWC5W.txt [ /track.effiliation.com ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZYPQOGVG.txt [ Cookie:djtron@ad4.adfarm1.adition.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\O1FGLWY9.txt [ Cookie:djtron@hightraffic.hugoboss.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\TW8N7HFM.txt [ Cookie:djtron@ad.yieldmanager.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\OWJ1JR4O.txt [ Cookie:djtron@collective-media.net/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\P59YC9BL.txt [ Cookie:djtron@aimfar.solution.weborama.fr/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\YBCPY3YR.txt [ Cookie:djtron@ww251.smartadserver.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\A8TN8ECH.txt [ Cookie:djtron@adtech.de/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\IU0F5L6R.txt [ Cookie:djtron@tracking.mindshare.de/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\KW5OE091.txt [ Cookie:djtron@amazon-adsystem.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\OIRBE2BK.txt [ Cookie:djtron@ad.zanox.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\6MIN2M9C.txt [ Cookie:djtron@im.banner.t-online.de/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\G8RJXJ4A.txt [ Cookie:djtron@microsoftsto.112.2o7.net/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\V5Z3SGFQ.txt [ Cookie:djtron@apmebf.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\NWDZQRL3.txt [ Cookie:djtron@zanox-affiliate.de/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXJ2QL17.txt [ Cookie:djtron@interclick.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\69DHVUTA.txt [ Cookie:djtron@eaeacom.112.2o7.net/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\HWRRZHVW.txt [ Cookie:djtron@doubleclick.net/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\8PRWLG99.txt [ Cookie:djtron@doubleclick.net/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\8BKY7P35.txt [ Cookie:djtron@webmasterplan.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\JPBVL74Z.txt [ Cookie:djtron@traffictrack.de/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\1TAO8BEG.txt [ Cookie:djtron@media6degrees.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\LL4GU3CA.txt [ Cookie:djtron@revsci.net/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\H05VJFWB.txt [ Cookie:djtron@adfarm1.adition.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\A1YK5OM7.txt [ Cookie:djtron@weborama.fr/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\N2IXIJPT.txt [ Cookie:djtron@counter.hitslink.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\DQ5ES8GA.txt [ Cookie:djtron@deutschepostag.112.2o7.net/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\O12QNCP4.txt [ Cookie:djtron@eset.122.2o7.net/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\LU3OC9MS.txt [ Cookie:djtron@stats.canalblog.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\EVLMXF32.txt [ Cookie:djtron@www.unitymedia.de/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\J1VREA0Q.txt [ Cookie:djtron@atdmt.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\CP9SITLX.txt [ Cookie:djtron@realmedia.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\MFZ9N7LU.txt [ Cookie:djtron@zanox.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\NPV144QU.txt [ Cookie:djtron@accounts.google.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\5RVYCVM0.txt [ Cookie:djtron@webmasterplan.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\0AUS3WYQ.txt [ Cookie:djtron@www.active-tracking.de/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\73I607RK.txt [ Cookie:djtron@invitemedia.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\UD1K03J2.txt [ Cookie:djtron@tribalfusion.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\1IYB5MJ6.txt [ Cookie:djtron@ru4.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\8LAN2P62.txt [ Cookie:djtron@unitymedia.de/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\TSLCVT9Z.txt [ Cookie:djtron@tracking.quisma.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\LTUXFL5P.txt [ Cookie:djtron@dyntracker.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\BOG8DZBM.txt [ Cookie:djtron@adx.chip.de/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\HDY3JI2T.txt [ Cookie:djtron@mediaplex.com/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\6XHLCE4B.txt [ Cookie:djtron@fastclick.net/ ]
C:\USERS\djtron\AppData\Roaming\Microsoft\Windows\Cookies\Low\AU8EOXVX.txt [ Cookie:djtron@casalemedia.com/ ]
C:\USERS\djtron\Cookies\6R005QWB.txt [ Cookie:djtron@amazon-adsystem.com/ ]
C:\USERS\djtron\Cookies\QWPSVR9X.txt [ Cookie:djtron@track.effiliation.com/servlet/ ]
C:\USERS\djtron\Cookies\BDJRC6AC.txt [ Cookie:djtron@2o7.net/ ]
C:\USERS\djtron\Cookies\8AFZMDA9.txt [ Cookie:djtron@microsoftsto.112.2o7.net/ ]
C:\USERS\djtron\Cookies\QB6155C3.txt [ Cookie:djtron@apmebf.com/ ]
C:\USERS\djtron\Cookies\BRN4CS29.txt [ Cookie:djtron@doubleclick.net/ ]
C:\USERS\djtron\Cookies\L7SGU7QQ.txt [ Cookie:djtron@zanox.com/ ]
C:\USERS\djtron\Cookies\1BEQAIVX.txt [ Cookie:djtron@unitymedia.de/ ]
C:\USERS\djtron\Cookies\SE46UXDN.txt [ Cookie:djtron@tracking.quisma.com/ ]
C:\USERS\djtron\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\djtron@ADCENTRICONLINE[1].TXT [ /ADCENTRICONLINE ]
C:\USERS\djtron\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\djtron@ADS.TRAVELAUDIENCE[2].TXT [ /ADS.TRAVELAUDIENCE ]
C:\USERS\djtron\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\djtron@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\djtron\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\djtron@EYEWONDER[2].TXT [ /EYEWONDER ]
C:\USERS\djtron\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\djtron@OPODO.122.2O7[1].TXT [ /OPODO.122.2O7 ]
C:\USERS\djtron\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\djtron@SALES.LIVEPERSON[1].TXT [ /SALES.LIVEPERSON ]
C:\USERS\djtron\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\djtron@TRACK.EFFILIATION[1].TXT [ /TRACK.EFFILIATION ]
C:\USERS\djtron\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\djtron@WWW.ZANOX-AFFILIATE[2].TXT [ /WWW.ZANOX-AFFILIATE ]
Trojan.Agent/Gen-FakeAlert
D:\LINKSTATION\SOFTWARE MACHINE\GT WORKS 2.96A\GTWORKS_V2_2.96A_ENGLISH_CD1\GDEVLIB\SAMPLE\VC\PROGRAM\GTDEVMONSAMPLE.EXE
D:\LINKSTATION\SOFTWARE MACHINE\GT WORKS 3\GT WORKS3 1.37 ENGLISH\GDEVLIB\SAMPLE\VC\PROGRAM\GTDEVMONSAMPLE.EXE
D:\LINKSTATION\SOFTWARE MACHINE\GT WORKS 3\GT WORKS3 1.40 ENGLISH\GDEVLIB\SAMPLE\VC\PROGRAM\GTDEVMONSAMPLE.EXE
D:\LINKSTATION\SOFTWARE MACHINE\IQ WORKS\IQ WORKS V1.21\DISK5\GDEVLIB\SAMPLE\VC\PROGRAM\GTDEVMONSAMPLE.EXE
D:\LINKSTATION\SOFTWARE MACHINE\IQ WORKS\IQ_WORKS_1.28\IQ WORKS 1.28 ENGLISH\DISK5\GDEVLIB\SAMPLE\VC\PROGRAM\GTDEVMONSAMPLE.EXE
Danke & Grüße DJTron Geändert von djtron (18.04.2012 um 10:45 Uhr) |
|
18.04.2012, 12:58
| #27 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ch8l0.exe auf meinem PCZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2012, 14:24
| #28 |
| | ch8l0.exe auf meinem PC Das ist Software zum programmieren von SPSen usw. |
|
18.04.2012, 20:36
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ch8l0.exe auf meinem PC Dann sind das Fehlalarme, dachte ich mir schon, bei exotischerer Software neigt SUPERAntiSpyware schnell mal zu Schnellschüssen  Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2012, 09:58
| #30 |
| | ch8l0.exe auf meinem PC Hallo Arne, dass waren eine ganze Menge Schritte. Was Eset gefunden hatte, wurde das mit OTL “abgestellt“? Dieses Spigot wegen dem PDF-Drucker habe ich noch an einem weiteren PC gefunden. Es gibt über die herkömmliche Softwaredeinstallationsroutine die Möglichkeit, diese zu entfernen. Weißt Du, ob das genügt? Deine Empfehlungen kann ich gut nachvollziehen. I.d.R. habe ich es bisher so gemacht, dass ich den Internet-Explorer im Mode „InPrivate-Browsen starten“ nutzte. Ich ging davon aus, dass hier nichts auf dem Rechner verbleibt? Was die Erkennbarkeit anbelangt, sind die Rechnerkonfigurationen wohl ebenfalls sehr Hilfreich für die Identifikation, wenn keine Cookies da sind. Zumal die IP-Adresse i.d.R. räumlich stark begrenzt. Jetzt habe ich noch die neue DesInfect drüber laufen lassen. Keine Funde. Natürlich stellt sich die Frage, ob sich Malware vielleicht erfolgreich versteckt, wenn das „normale“ Betriebssystem nicht läuft. Diese DesInfect ist nebenbei eine gute Möglichkeit des Surfens. Aber in der Regel nutze ich einen Browser mehrfach am Tag, so dass es sehr umständlich wäre, jedes Mal neu zu booten. Wie sieht es eigentlich damit aus, den Internetexplorer in einer virtuellen Maschine laufen zu lassen? Hast Du da Erfahrungswerte, inwieweit sich Malware darüber hinwegsetzt und das „Muttersystem“ infiltriert. Ich wäre Dir dankbar, wenn Du mir noch ein paar Zeilen zu meinen Fragen oben schreiben kannst. Vielen Dank nochmal für die Anleitung und Unterstützung beim säubern meines PCs. Ich habe viel dazugelernt und meine anfängliche unangebrachte Skepsis gegenüber dem Trojaner-Board hat sich total gewandelt. Grüße DJTron |
|
| Themen zu ch8l0.exe auf meinem PC |
| acrobat update, appdata, bildschirm, cache, datei, dateisystem, device driver, durchgeführt, dvd, erkennen, fehlgeschlagen, forum, heuristiks/extra, heuristiks/shuriken, installiert, java, malwarebytes, notebook, notification, pdfforge toolbar, pferd, plug-in, plötzlich, programm, scan, schaltet, starten, taskmanager, trojanisches, trojanisches pferd, ubuntu, virenscan |
Linear-Darstellung
