| |
| |||||||
Log-Analyse und Auswertung: Verschlüsselungs Trojaner bitte OTL-log überprüfenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
29.04.2012, 12:51
| #1 |
| |  Verschlüsselungs Trojaner bitte OTL-log überprüfen Liebe Trojaner-Board-Helferinnen und Helfer, gestern wurde mir ein Laptop mit Windows 7 gebracht, der einen Verschlüsselungstrojaner auf dem klassischen Email-Weg eingefangen hat. Ich habe mehrere Virenscanner durchlaufen lassen, auch den Malwarebytes Anti-Malware, mit keinem Resultat. Dann hat Dr. Web CureIT dreimal den trojan.pws.panda.2128 gefunden und gelöscht, seitdem kann ich mich wieder ganz normal anmelden. Die verschlüsselten Dateien habe ich mit Avira Ransom File Unlocker entschlüsselt, alles scheint wieder in Ordnung zu sein, aber bevor ich den Laptop zurückgebe, könnte jemand bitte mein OTL-logfile anschauen, damit ich sicher sein kann, dass alles Böseartige weg ist? OTL.txt Code:
ATTFilter OTL logfile created on: 29.04.2012 13:31:55 - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\***\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 69,39% Memory free 6,99 Gb Paging File | 5,81 Gb Available in Paging File | 83,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 186,15 Gb Total Space | 125,02 Gb Free Space | 67,16% Space Free | Partition Type: NTFS Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 184,99 Gb Total Space | 177,90 Gb Free Space | 96,16% Space Free | Partition Type: NTFS Computer Name: KERSTIN***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.29 13:30:33 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.28 20:36:51 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2012.01.23 06:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010.11.29 20:54:58 | 000,505,264 | ---- | M] (REINER SCT) -- C:\Windows\System32\cjpcsc.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.05.25 19:16:16 | 000,619,008 | ---- | M] (Nikon Corporation) -- C:\Programme\Nikon\Nikon Message Center 2\NkMC2.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.09.03 16:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2009.08.21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2009.08.21 10:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2009.08.13 13:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe PRC - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFIWmxSvcs.exe PRC - [2009.08.05 15:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2009.07.30 00:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.07.30 00:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2008.09.26 14:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Programme\Camera Assistant Software for Toshiba\traybar.exe PRC - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe PRC - [2008.04.24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2007.11.21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2007.07.10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.04.21 17:58:00 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll MOD - [2012.04.11 17:00:10 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll MOD - [2012.04.11 16:59:23 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll MOD - [2012.04.11 16:59:12 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll MOD - [2012.03.28 20:36:51 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.02.17 16:47:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012.02.17 16:46:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012.02.17 16:46:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012.02.17 16:46:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2011.10.13 16:48:22 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.13 01:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.03.14 00:54:19 | 001,736,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3497.38831__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2010.03.14 00:54:19 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.03.14 00:54:19 | 000,339,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3497.38814__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.03.14 00:54:19 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.03.14 00:54:19 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3497.38880__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.03.14 00:54:19 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3497.38863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.03.14 00:54:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3497.38828__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.03.14 00:54:19 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.03.14 00:54:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3497.38823__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.03.14 00:54:18 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3497.38822__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.03.14 00:54:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.03.14 00:54:17 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.03.14 00:54:17 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010.03.14 00:54:17 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.03.14 00:54:17 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3497.38867__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.03.14 00:54:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010.03.14 00:54:15 | 000,950,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3497.38923__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010.03.14 00:54:15 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.03.14 00:54:15 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.03.14 00:54:15 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3497.38875__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.03.14 00:54:15 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010.03.14 00:54:15 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.03.14 00:54:15 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3497.38861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.03.14 00:54:15 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.03.14 00:54:15 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.03.14 00:54:15 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3497.38860__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.03.14 00:54:14 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.03.14 00:54:14 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010.03.14 00:54:14 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.03.14 00:54:14 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.03.14 00:54:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.03.14 00:54:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.03.14 00:54:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.03.14 00:54:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.03.14 00:54:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.03.14 00:54:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.03.14 00:54:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.03.14 00:54:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.03.14 00:54:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.03.14 00:54:13 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.03.14 00:54:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.03.14 00:54:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.03.14 00:54:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.03.14 00:54:11 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.03.14 00:54:11 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.03.14 00:54:11 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.03.14 00:54:11 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.03.14 00:54:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.03.14 00:54:11 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.03.14 00:54:11 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.03.14 00:54:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.03.14 00:54:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.03.14 00:54:10 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.03.14 00:54:10 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.03.14 00:54:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.03.14 00:54:10 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010.03.14 00:54:10 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.03.14 00:54:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.03.14 00:54:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.03.14 00:54:09 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3497.38894__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.03.14 00:54:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.03.14 00:54:09 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.03.14 00:54:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3497.38904__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.03.14 00:54:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.03.14 00:54:09 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.03.14 00:54:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.03.14 00:54:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.03.14 00:54:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.03.14 00:54:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.03.14 00:54:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.03.14 00:54:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.03.14 00:54:09 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3497.38810__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010.03.14 00:54:08 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3497.38827__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.03.14 00:54:08 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3497.38892__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.03.14 00:54:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3497.38813__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.03.14 00:54:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3497.38812__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.03.14 00:54:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.03.14 00:54:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.03.14 00:54:08 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.03.14 00:54:07 | 001,212,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3497.38819__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.03.14 00:54:07 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.03.14 00:54:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.03.14 00:54:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.03.14 00:54:06 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3497.38811__90ba9c70f846762e\APM.Server.dll MOD - [2010.03.14 00:54:06 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3497.38810__90ba9c70f846762e\AEM.Server.dll MOD - [2010.03.14 00:54:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.03.14 00:54:06 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3497.38893__90ba9c70f846762e\CCC.Implementation.dll MOD - [2009.07.29 16:35:38 | 000,014,648 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll MOD - [2009.07.16 16:27:48 | 000,052,536 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\Hotkey\FnZ.dll MOD - [2009.07.16 16:27:44 | 007,263,544 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll MOD - [2009.05.04 11:45:14 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009.03.12 20:08:04 | 000,049,152 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2006.10.07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ========== Win32 Services (SafeList) ========== SRV - [2012.04.21 17:58:00 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate) SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate) SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.29 20:54:58 | 000,505,264 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\System32\cjpcsc.exe -- (cjpcsc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.08.21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService) SRV - [2009.07.30 00:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv) SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi) SRV - [2007.11.21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.02.20 12:34:21 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.08 09:54:42 | 000,028,208 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb) DRV - [2009.09.21 11:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.30 18:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2009.07.30 13:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.22 10:30:54 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2009.07.14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2009.07.07 09:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2009.05.05 01:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2008.07.15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.02.27 19:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2007.10.17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.05.31 08:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE IE - HKLM\..\SearchScopes,DefaultScope = {4485F25B-48C5-415A-A407-FDC53D14C1AA} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{4485F25B-48C5-415A-A407-FDC53D14C1AA}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {4485F25B-48C5-415A-A407-FDC53D14C1AA} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4485F25B-48C5-415A-A407-FDC53D14C1AA}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE; IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7TSEE_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=DxJWcXub-MDkLtFJuFlEYPAzo0A?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.28 20:36:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.21 18:16:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.29 15:53:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.08 19:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.03.14 01:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.08 19:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.04.28 14:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\szp85g3h.default\extensions [2012.03.28 20:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.03.13 23:48:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.03.28 20:36:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.13 20:48:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.11.16 21:20:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.16 21:20:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.16 21:20:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.16 21:20:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.16 21:20:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.16 21:20:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E107494-A329-4CE0-BA88-CC363881EC4C}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{8e015357-c16e-11de-8326-001e33c4e2c3}\Shell - "" = AutoRun O33 - MountPoints2\{8e015357-c16e-11de-8326-001e33c4e2c3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{edc9fadb-2ee7-11df-a542-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{edc9fadb-2ee7-11df-a542-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.04.29 11:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.04.29 11:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.04.29 10:35:06 | 000,000,000 | ---D | C] -- C:\Users\***\DoctorWeb [2012.04.28 23:29:10 | 198,547,640 | ---- | C] (T-Online) -- C:\Users\***\Desktop\T-Online_6.0.exe [2012.04.28 23:09:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Avira-RansomFileUnlocker [2012.04.28 21:52:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.04.28 21:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.28 21:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.28 21:52:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.28 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.04.28 18:09:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qkueqfgbdo [2012.04.21 17:58:00 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.04.11 10:27:50 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.04.11 10:27:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.04.11 10:27:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.04.11 10:27:49 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.04.11 10:27:49 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.29 15:27:38 | 000,002,005 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2012.04.29 15:26:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.29 15:26:38 | 2816,864,256 | -HS- | M] () -- C:\hiberfil.sys [2012.04.29 13:38:41 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.04.29 13:34:41 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.29 13:34:41 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.29 13:33:03 | 000,672,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.29 13:33:03 | 000,630,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.29 13:33:03 | 000,138,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.29 13:33:03 | 000,113,542 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.29 13:32:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.29 11:10:13 | 000,010,214 | ---- | M] () -- C:\Users\***\Documents\H&M Kundennummer.eml [2012.04.29 11:10:13 | 000,001,622 | ---- | M] () -- C:\Users\***\Documents\Neues Passwort schlecker.eml [2012.04.28 23:56:23 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat [2012.04.28 23:29:23 | 000,000,268 | ---- | M] () -- C:\Users\***\AppData\Roaming\Audio Unit Effect [2012.04.28 23:29:23 | 000,000,268 | ---- | M] () -- C:\Users\***\AppData\Roaming\Audio [2012.04.28 23:29:18 | 002,195,352 | ---- | M] () -- C:\Users\***\Desktop\TeamViewerQS.exe [2012.04.28 23:29:17 | 198,547,640 | ---- | M] (T-Online) -- C:\Users\***\Desktop\T-Online_6.0.exe [2012.04.28 23:29:10 | 000,135,673 | ---- | M] () -- C:\Users\***\Desktop\Plakat - Foer de Katt - 2012.jpg [2012.04.28 23:29:10 | 000,000,048 | ---- | M] () -- C:\Users\***\Desktop\Google Maps.URL [2012.04.28 23:26:05 | 001,059,629 | ---- | M] () -- C:\Users\***\Documents\RN. Telekomm Andre Unfall.pdf [2012.04.28 23:26:05 | 000,815,000 | ---- | M] () -- C:\Users\***\Documents\Krankenhausbericht Roland Klinik.pdf [2012.04.28 23:26:05 | 000,558,304 | ---- | M] () -- C:\Users\***\Documents\Zahnbehandlungsschein.pdf [2012.04.28 23:26:05 | 000,111,550 | ---- | M] () -- C:\Users\***\Documents\Rechnung messerblock.pdf [2012.04.28 23:26:05 | 000,044,281 | ---- | M] () -- C:\Users\***\Documents\Rechnung M.Bremer.pdf [2012.04.28 23:26:04 | 000,052,752 | ---- | M] () -- C:\Users\***\Documents\Goldene Hochzeit.mcf [2012.04.28 23:26:04 | 000,008,023 | ---- | M] () -- C:\Users\***\Documents\29051 jemako rechnung.pdf [2012.04.28 21:06:18 | 000,000,407 | ---- | M] () -- C:\Users\***\Desktop\Decrypt.jar [2012.04.28 18:14:17 | 000,558,304 | ---- | M] () -- C:\Users\***\Documents\locked-Zahnbehandlungsschein.pdf.wwcj [2012.04.28 18:14:09 | 001,059,629 | ---- | M] () -- C:\Users\***\Documents\locked-RN. Telekomm Andre Unfall.pdf.nwpb [2012.04.28 18:14:05 | 000,111,550 | ---- | M] () -- C:\Users\***\Documents\locked-Rechnung messerblock.pdf.sowf [2012.04.28 18:14:05 | 000,044,281 | ---- | M] () -- C:\Users\***\Documents\locked-Rechnung M.Bremer.pdf.mwbg [2012.04.28 18:14:05 | 000,001,622 | ---- | M] () -- C:\Users\***\Documents\locked-Neues Passwort schlecker.eml.vdfm [2012.04.28 18:14:04 | 000,815,000 | ---- | M] () -- C:\Users\***\Documents\locked-Krankenhausbericht Roland Klinik.pdf.ewld [2012.04.28 18:13:57 | 000,052,752 | ---- | M] () -- C:\Users\***\Documents\locked-Goldene Hochzeit.mcf.ssfw [2012.04.28 18:13:57 | 000,010,214 | ---- | M] () -- C:\Users\***\Documents\locked-H&M Kundennummer.eml.cfdc [2012.04.28 18:13:53 | 198,547,640 | ---- | M] () -- C:\Users\***\Desktop\locked-T-Online_6.0.exe.lkhz [2012.04.28 18:13:53 | 002,195,352 | ---- | M] () -- C:\Users\***\Desktop\locked-TeamViewerQS.exe.zrnz [2012.04.28 18:13:53 | 000,008,023 | ---- | M] () -- C:\Users\***\Documents\locked-29051 jemako rechnung.pdf.fywc [2012.04.28 18:13:52 | 000,135,673 | ---- | M] () -- C:\Users\***\Desktop\locked-Plakat - Foer de Katt - 2012.jpg.arof [2012.04.28 18:13:51 | 000,000,048 | ---- | M] () -- C:\Users\***\Desktop\locked-Google Maps.URL.anrb [2012.04.28 18:13:07 | 000,000,268 | ---- | M] () -- C:\Users\***\AppData\Roaming\locked-Audio.ptxt [2012.04.28 18:13:07 | 000,000,268 | ---- | M] () -- C:\Users\***\AppData\Roaming\locked-Audio Unit Effect.dnrd [2012.04.28 18:11:01 | 000,000,012 | ---- | M] () -- C:\ProgramData\CMMs [2012.04.28 18:11:01 | 000,000,012 | ---- | M] () -- C:\ProgramData\Bundle [2012.04.28 18:11:01 | 000,000,012 | ---- | M] () -- C:\ProgramData\Brother [2012.04.28 18:10:58 | 000,000,268 | ---- | M] () -- C:\ProgramData\Automator [2012.04.28 18:10:58 | 000,000,268 | ---- | M] () -- C:\ProgramData\Automatic Filter [2012.04.28 18:10:58 | 000,000,268 | ---- | M] () -- C:\ProgramData\Authentication [2012.04.21 17:58:00 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.04.21 17:58:00 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.29 10:14:24 | 000,002,005 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2012.04.28 23:56:23 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat [2012.04.28 23:29:23 | 000,000,268 | ---- | C] () -- C:\Users\***\AppData\Roaming\Audio Unit Effect [2012.04.28 23:29:23 | 000,000,268 | ---- | C] () -- C:\Users\***\AppData\Roaming\Audio [2012.04.28 23:29:17 | 002,195,352 | ---- | C] () -- C:\Users\***\Desktop\TeamViewerQS.exe [2012.04.28 23:29:10 | 000,135,673 | ---- | C] () -- C:\Users\***\Desktop\Plakat - Foer de Katt - 2012.jpg [2012.04.28 23:29:10 | 000,000,048 | ---- | C] () -- C:\Users\***\Desktop\Google Maps.URL [2012.04.28 23:26:05 | 001,059,629 | ---- | C] () -- C:\Users\***\Documents\RN. Telekomm Andre Unfall.pdf [2012.04.28 23:26:05 | 000,815,000 | ---- | C] () -- C:\Users\***\Documents\Krankenhausbericht Roland Klinik.pdf [2012.04.28 23:26:05 | 000,558,304 | ---- | C] () -- C:\Users\***\Documents\Zahnbehandlungsschein.pdf [2012.04.28 23:26:05 | 000,111,550 | ---- | C] () -- C:\Users\***\Documents\Rechnung messerblock.pdf [2012.04.28 23:26:05 | 000,044,281 | ---- | C] () -- C:\Users\***\Documents\Rechnung M.Bremer.pdf [2012.04.28 23:26:05 | 000,001,622 | ---- | C] () -- C:\Users\***\Documents\Neues Passwort schlecker.eml [2012.04.28 23:26:04 | 000,052,752 | ---- | C] () -- C:\Users\***\Documents\Goldene Hochzeit.mcf [2012.04.28 23:26:04 | 000,010,214 | ---- | C] () -- C:\Users\***\Documents\H&M Kundennummer.eml [2012.04.28 23:26:04 | 000,008,023 | ---- | C] () -- C:\Users\***\Documents\29051 jemako rechnung.pdf [2012.04.28 22:53:13 | 000,000,407 | ---- | C] () -- C:\Users\***\Desktop\Decrypt.jar [2012.04.26 18:04:25 | 000,135,673 | ---- | C] () -- C:\Users\***\Desktop\locked-Plakat - Foer de Katt - 2012.jpg.arof [2012.04.21 17:58:03 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2011.08.14 20:13:19 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Applications [2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\Users\***\AppData\Roaming\locked-Audio.ptxt [2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\Users\***\AppData\Roaming\locked-Audio Unit Effect.dnrd [2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\ProgramData\Automator [2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\ProgramData\Automatic Filter [2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\ProgramData\Authentication [2011.08.14 20:13:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.08.14 20:13:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.08.14 20:13:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.08.14 20:13:19 | 000,000,012 | ---- | C] () -- C:\ProgramData\CMMs [2011.08.14 20:13:19 | 000,000,012 | ---- | C] () -- C:\ProgramData\Bundle [2011.08.14 20:13:19 | 000,000,012 | ---- | C] () -- C:\ProgramData\Brother [2010.12.05 14:10:29 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll [2010.12.05 14:10:29 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll [2010.12.05 13:45:28 | 000,000,787 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2010.06.18 20:08:25 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2010.12.16 17:13:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.04.28 23:30:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\myphotobook [2012.04.28 23:30:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon [2012.04.29 11:07:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qkueqfgbdo [2010.03.13 23:58:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft [2010.03.13 23:58:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online [2012.04.28 23:30:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.03.14 01:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.04.08 19:03:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2010.03.13 23:58:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba [2010.03.14 00:28:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch [2012.03.30 18:07:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 805 bytes -> C:\Users\***\Documents\Neues Passwort schlecker.eml:OECustomProperty @Alternate Data Stream - 805 bytes -> C:\Users\***\Documents\locked-Neues Passwort schlecker.eml.vdfm:OECustomProperty @Alternate Data Stream - 729 bytes -> C:\Users\***\Documents\locked-H&M Kundennummer.eml.cfdc:OECustomProperty @Alternate Data Stream - 729 bytes -> C:\Users\***\Documents\H&M Kundennummer.eml:OECustomProperty < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.04.2012 13:31:55 - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\***\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 69,39% Memory free
6,99 Gb Paging File | 5,81 Gb Available in Paging File | 83,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,15 Gb Total Space | 125,02 Gb Free Space | 67,16% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 184,99 Gb Total Space | 177,90 Gb Free Space | 96,16% Space Free | Partition Type: NTFS
Computer Name: KERSTIN***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11C8D604-381D-4C6F-94B8-0F0985251712}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{134EFFED-486E-41FE-9CEA-4B059838BA43}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe |
"{2FC48D04-40EF-4983-BA59-B613812EC7D0}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{33DA57ED-0B29-44B1-B9B8-EC437404F792}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3E4DD078-DAE4-44B3-B0B5-53261A2B776C}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{4BFB7EFA-E1DE-4373-B79C-70028E8330F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{70A79385-0211-4AE6-8FB7-C41DBFC356EB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{78117419-A588-4D00-A420-9E8B42FF0AEC}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0 s-edition\app\starmoney.exe |
"{799B75C7-71A7-45EC-B229-2A58B859F86E}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0 s-edition\app\starmoney.exe |
"{8C059C17-32B8-4C3F-9CEA-B0A0C37D3184}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9C917AF3-031E-4839-8E38-771B4C59A3E0}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe |
"{A66A2360-9A0C-40A1-8920-E07499CD520D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF86CE8E-F7EC-464D-9221-4DDDA162B71D}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{F34566CE-834E-4E0F-8D2C-8E633426FD46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{47879FA7-BC8F-4D7F-8057-86D0416579FA}" = StarMoney
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{52306338-9945-41A5-A021-25739C852B58}" = StarMoney
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B5A39926-319B-4F86-8447-E764CE92F229}" = StarMoney 8.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E8D82F42-EBD8-478C-917B-28F5BA6EAAAA}" = StarMoney
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F5E9D2B2-2906-4808-97AC-B17A456DFA5B}" = StarMoney 7.0 S-Edition
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"myphotobook" = myphotobook 3.6
"Picasa2" = Picasa 2
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Gruß nap Geändert von nap (29.04.2012 um 12:58 Uhr) |
|
29.04.2012, 15:46
| #2 |
| /// Malware-holic   | Verschlüsselungs Trojaner bitte OTL-log überprüfen hi,
__________________1. kommst du an die mail rann? wenn sie in einem mail programm ist, dieses öffnen, mail öffnen datei speichern unter, typ. .eml eine mail an: http://markusg.trojaner-board.de senden, dort die so eben gespeicherte datei anhängen. es ist wichtig, dass ich möglichst viele dieser mails bekomme, da dieser trojaner im moment um funktionen erweitert wird, müssen hersteller von av software da schnell reagieren können. kannst du außerdem das CureIT ergebniss posten?
__________________ |
|
29.04.2012, 16:41
| #3 |
| | Verschlüsselungs Trojaner bitte OTL-log überprüfen Hi Markus,
__________________die Mail müsstest du inzwischen bekommen haben und hier ist der log von CureIT. Hab ich leider als csv gespeichert, ich hoffe, es sind keine Infos verlorengegangen. Code:
ATTFilter bccxotywbk.pre C:\Users\KERSTI~1\AppData\Local\Temp Trojan.PWS.Panda.2128 Gelöscht.
wktrykfffn.pre C:\Users\KERSTI~1\AppData\Local\Temp Trojan.PWS.Panda.2128 Gelöscht.
098419d54c558ff26ffe.exe c:\users\***\appdata\roaming\qkueqfgbdo Trojan.PWS.Panda.2128 Gelöscht.
nap Geändert von nap (29.04.2012 um 16:54 Uhr) |
|
29.04.2012, 16:46
| #4 |
| /// Malware-holic | Verschlüsselungs Trojaner bitte OTL-log überprüfen danke, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.04.2012, 17:32
| #5 |
| | Verschlüsselungs Trojaner bitte OTL-log überprüfen Hi Markus, danke! 5 threats gefunden, siehe: Code:
ATTFilter 18:22:29.0411 2448 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:22:29.0943 2448 ============================================================
18:22:29.0943 2448 Current date / time: 2012/04/29 18:22:29.0943
18:22:29.0943 2448 SystemInfo:
18:22:29.0943 2448
18:22:29.0943 2448 OS Version: 6.1.7601 ServicePack: 1.0
18:22:29.0943 2448 Product type: Workstation
18:22:29.0943 2448 ComputerName: KERSTIN***-PC
18:22:29.0944 2448 UserName: Kerstin ***
18:22:29.0944 2448 Windows directory: C:\Windows
18:22:29.0944 2448 System windows directory: C:\Windows
18:22:29.0944 2448 Processor architecture: Intel x86
18:22:29.0944 2448 Number of processors: 2
18:22:29.0944 2448 Page size: 0x1000
18:22:29.0944 2448 Boot type: Normal boot
18:22:29.0944 2448 ============================================================
18:22:32.0920 2448 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:22:32.0924 2448 Drive \Device\Harddisk1\DR1 - Size: 0x3F140000 (0.99 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:22:32.0925 2448 ============================================================
18:22:32.0925 2448 \Device\Harddisk0\DR0:
18:22:32.0925 2448 MBR partitions:
18:22:32.0925 2448 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1744D000
18:22:32.0925 2448 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1773B800, BlocksNum 0x171FD0B0
18:22:32.0925 2448 \Device\Harddisk1\DR1:
18:22:32.0927 2448 MBR partitions:
18:22:32.0927 2448 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1F8999
18:22:32.0927 2448 ============================================================
18:22:32.0952 2448 C: <-> \Device\Harddisk0\DR0\Partition0
18:22:33.0036 2448 E: <-> \Device\Harddisk0\DR0\Partition1
18:22:33.0037 2448 ============================================================
18:22:33.0038 2448 Initialize success
18:22:33.0038 2448 ============================================================
18:24:32.0473 2220 ============================================================
18:24:32.0473 2220 Scan started
18:24:32.0473 2220 Mode: Manual; SigCheck; TDLFS;
18:24:32.0473 2220 ============================================================
18:24:34.0407 2220 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:24:34.0563 2220 1394ohci - ok
18:24:34.0782 2220 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:24:35.0421 2220 ACDaemon - ok
18:24:35.0530 2220 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:24:35.0577 2220 ACPI - ok
18:24:35.0640 2220 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:24:35.0827 2220 AcpiPmi - ok
18:24:35.0967 2220 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:24:36.0045 2220 AdobeFlashPlayerUpdateSvc - ok
18:24:36.0170 2220 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:24:36.0279 2220 adp94xx - ok
18:24:36.0326 2220 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:24:36.0357 2220 adpahci - ok
18:24:36.0420 2220 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:24:36.0482 2220 adpu320 - ok
18:24:36.0513 2220 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:24:36.0654 2220 AeLookupSvc - ok
18:24:36.0778 2220 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:24:37.0090 2220 AFD - ok
18:24:37.0137 2220 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:24:37.0153 2220 agp440 - ok
18:24:37.0200 2220 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:24:37.0215 2220 aic78xx - ok
18:24:37.0278 2220 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:24:37.0402 2220 ALG - ok
18:24:37.0449 2220 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:24:37.0496 2220 aliide - ok
18:24:37.0558 2220 AMD External Events Utility (0bc6704f6fb4c63cdcb85401e8263a1b) C:\Windows\system32\atiesrxx.exe
18:24:37.0668 2220 AMD External Events Utility - ok
18:24:37.0699 2220 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:24:37.0730 2220 amdagp - ok
18:24:37.0777 2220 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:24:37.0808 2220 amdide - ok
18:24:37.0855 2220 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:24:37.0964 2220 AmdK8 - ok
18:24:38.0011 2220 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:24:38.0073 2220 AmdPPM - ok
18:24:38.0136 2220 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
18:24:38.0198 2220 amdsata - ok
18:24:38.0245 2220 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:24:38.0307 2220 amdsbs - ok
18:24:38.0323 2220 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
18:24:38.0338 2220 amdxata - ok
18:24:38.0479 2220 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:24:38.0526 2220 AntiVirSchedulerService - ok
18:24:38.0572 2220 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:24:38.0604 2220 AntiVirService - ok
18:24:38.0666 2220 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:24:38.0838 2220 AppID - ok
18:24:38.0884 2220 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:24:39.0025 2220 AppIDSvc - ok
18:24:39.0072 2220 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:24:39.0134 2220 Appinfo - ok
18:24:39.0243 2220 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:24:39.0290 2220 Apple Mobile Device - ok
18:24:39.0337 2220 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:24:39.0384 2220 arc - ok
18:24:39.0399 2220 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:24:39.0430 2220 arcsas - ok
18:24:39.0540 2220 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:24:39.0602 2220 aspnet_state - ok
18:24:39.0633 2220 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:24:39.0820 2220 AsyncMac - ok
18:24:39.0852 2220 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:24:39.0883 2220 atapi - ok
18:24:40.0054 2220 athr (ac4adac154563ab41cc79b0257bc685a) C:\Windows\system32\DRIVERS\athr.sys
18:24:40.0148 2220 athr - ok
18:24:40.0382 2220 atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\Windows\system32\DRIVERS\atikmdag.sys
18:24:40.0569 2220 atikmdag - ok
18:24:40.0756 2220 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:24:40.0819 2220 AtiPcie - ok
18:24:40.0912 2220 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:24:41.0006 2220 AudioEndpointBuilder - ok
18:24:41.0022 2220 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:24:41.0068 2220 Audiosrv - ok
18:24:41.0131 2220 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
18:24:41.0178 2220 avgntflt - ok
18:24:41.0256 2220 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
18:24:41.0302 2220 avipbb - ok
18:24:41.0349 2220 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:24:41.0396 2220 avkmgr - ok
18:24:41.0458 2220 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:24:41.0599 2220 AxInstSV - ok
18:24:41.0692 2220 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:24:41.0786 2220 b06bdrv - ok
18:24:41.0848 2220 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:24:41.0911 2220 b57nd60x - ok
18:24:41.0958 2220 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:24:42.0067 2220 BDESVC - ok
18:24:42.0098 2220 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:24:42.0145 2220 Beep - ok
18:24:42.0238 2220 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
18:24:42.0316 2220 BFE - ok
18:24:42.0363 2220 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:24:42.0457 2220 BITS - ok
18:24:42.0504 2220 bizVSerial (66f655b08eed3230e059d197c8a1969b) C:\Windows\system32\drivers\bizVSerialNT.sys
18:24:42.0550 2220 bizVSerial ( UnsignedFile.Multi.Generic ) - warning
18:24:42.0550 2220 bizVSerial - detected UnsignedFile.Multi.Generic (1)
18:24:42.0582 2220 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:24:42.0675 2220 blbdrive - ok
18:24:42.0894 2220 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:24:42.0940 2220 Bonjour Service - ok
18:24:42.0987 2220 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:24:43.0081 2220 bowser - ok
18:24:43.0112 2220 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:24:43.0237 2220 BrFiltLo - ok
18:24:43.0252 2220 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:24:43.0330 2220 BrFiltUp - ok
18:24:43.0424 2220 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:24:43.0518 2220 Browser - ok
18:24:43.0580 2220 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:24:43.0705 2220 Brserid - ok
18:24:43.0705 2220 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:24:43.0767 2220 BrSerWdm - ok
18:24:43.0783 2220 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:24:43.0814 2220 BrUsbMdm - ok
18:24:43.0845 2220 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:24:43.0892 2220 BrUsbSer - ok
18:24:43.0908 2220 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:24:43.0939 2220 BTHMODEM - ok
18:24:44.0001 2220 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:24:44.0157 2220 bthserv - ok
18:24:44.0204 2220 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:24:44.0313 2220 cdfs - ok
18:24:44.0376 2220 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:24:44.0469 2220 cdrom - ok
18:24:44.0532 2220 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:24:44.0625 2220 CertPropSvc - ok
18:24:44.0750 2220 cfWiMAXService (1f8a319d29394f9ce1b7ae020df2ebbf) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
18:24:44.0781 2220 cfWiMAXService - ok
18:24:44.0828 2220 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:24:44.0859 2220 circlass - ok
18:24:44.0984 2220 cjpcsc (7f6768f8ba1d3a17a67a0758d999325a) C:\Windows\system32\cjpcsc.exe
18:24:45.0015 2220 cjpcsc - ok
18:24:45.0062 2220 cjusb (46241991510a23dc759291918178fff9) C:\Windows\system32\DRIVERS\cjusb.sys
18:24:45.0093 2220 cjusb - ok
18:24:45.0140 2220 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:24:45.0187 2220 CLFS - ok
18:24:45.0280 2220 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:24:45.0358 2220 clr_optimization_v2.0.50727_32 - ok
18:24:45.0390 2220 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:24:45.0421 2220 CmBatt - ok
18:24:45.0452 2220 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:24:45.0483 2220 cmdide - ok
18:24:45.0514 2220 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:24:45.0592 2220 CNG - ok
18:24:45.0639 2220 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:24:45.0670 2220 Compbatt - ok
18:24:45.0702 2220 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:24:45.0748 2220 CompositeBus - ok
18:24:45.0764 2220 COMSysApp - ok
18:24:45.0873 2220 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:24:45.0920 2220 ConfigFree Service - ok
18:24:45.0967 2220 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:24:45.0982 2220 crcdisk - ok
18:24:46.0060 2220 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:24:46.0138 2220 CryptSvc - ok
18:24:46.0185 2220 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:24:46.0310 2220 DcomLaunch - ok
18:24:46.0357 2220 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:24:46.0435 2220 defragsvc - ok
18:24:46.0482 2220 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:24:46.0575 2220 DfsC - ok
18:24:46.0638 2220 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:24:46.0747 2220 Dhcp - ok
18:24:46.0762 2220 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:24:46.0856 2220 discache - ok
18:24:46.0934 2220 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:24:46.0996 2220 Disk - ok
18:24:47.0028 2220 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:24:47.0121 2220 Dnscache - ok
18:24:47.0168 2220 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:24:47.0246 2220 dot3svc - ok
18:24:47.0308 2220 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:24:47.0386 2220 DPS - ok
18:24:47.0433 2220 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:24:47.0480 2220 drmkaud - ok
18:24:47.0542 2220 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:24:47.0605 2220 DXGKrnl - ok
18:24:47.0652 2220 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:24:47.0714 2220 EapHost - ok
18:24:47.0886 2220 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:24:48.0010 2220 ebdrv - ok
18:24:48.0151 2220 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:24:48.0244 2220 EFS - ok
18:24:48.0354 2220 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
18:24:48.0447 2220 ehRecvr - ok
18:24:48.0478 2220 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:24:48.0588 2220 ehSched - ok
18:24:48.0712 2220 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:24:48.0790 2220 elxstor - ok
18:24:48.0822 2220 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:24:48.0900 2220 ErrDev - ok
18:24:49.0009 2220 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:24:49.0134 2220 EventSystem - ok
18:24:49.0180 2220 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:24:49.0305 2220 exfat - ok
18:24:49.0336 2220 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:24:49.0430 2220 fastfat - ok
18:24:49.0539 2220 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:24:49.0633 2220 Fax - ok
18:24:49.0680 2220 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:24:49.0758 2220 fdc - ok
18:24:49.0789 2220 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:24:49.0882 2220 fdPHost - ok
18:24:49.0945 2220 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:24:50.0038 2220 FDResPub - ok
18:24:50.0070 2220 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:24:50.0101 2220 FileInfo - ok
18:24:50.0132 2220 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:24:50.0179 2220 Filetrace - ok
18:24:50.0194 2220 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:24:50.0272 2220 flpydisk - ok
18:24:50.0319 2220 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:24:50.0350 2220 FltMgr - ok
18:24:50.0444 2220 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
18:24:50.0506 2220 FontCache - ok
18:24:50.0616 2220 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:24:50.0662 2220 FontCache3.0.0.0 - ok
18:24:50.0709 2220 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:24:50.0740 2220 FsDepends - ok
18:24:50.0787 2220 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
18:24:50.0834 2220 Fs_Rec - ok
18:24:50.0881 2220 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:24:50.0943 2220 fvevol - ok
18:24:50.0974 2220 FwLnk (0f76e205bdc60364f08a5949082771ca) C:\Windows\system32\DRIVERS\FwLnk.sys
18:24:51.0052 2220 FwLnk - ok
18:24:51.0099 2220 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:24:51.0146 2220 gagp30kx - ok
18:24:51.0177 2220 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:24:51.0193 2220 GEARAspiWDM - ok
18:24:51.0286 2220 GoogleDesktopManager-110309-193829 (f0187e45268e86aaaa932cbd9087bea8) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
18:24:51.0333 2220 GoogleDesktopManager-110309-193829 - ok
18:24:51.0427 2220 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:24:51.0505 2220 gpsvc - ok
18:24:51.0567 2220 gusvc (649f407a844dde2b97bc086af97d663b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:24:51.0598 2220 gusvc - ok
18:24:51.0630 2220 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:24:51.0708 2220 hcw85cir - ok
18:24:51.0786 2220 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:24:51.0895 2220 HdAudAddService - ok
18:24:51.0957 2220 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:24:52.0020 2220 HDAudBus - ok
18:24:52.0051 2220 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:24:52.0082 2220 HidBatt - ok
18:24:52.0098 2220 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:24:52.0160 2220 HidBth - ok
18:24:52.0191 2220 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:24:52.0238 2220 HidIr - ok
18:24:52.0269 2220 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:24:52.0363 2220 hidserv - ok
18:24:52.0425 2220 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:24:52.0456 2220 HidUsb - ok
18:24:52.0503 2220 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:24:52.0581 2220 hkmsvc - ok
18:24:52.0612 2220 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:24:52.0706 2220 HomeGroupListener - ok
18:24:52.0753 2220 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:24:52.0815 2220 HomeGroupProvider - ok
18:24:52.0862 2220 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:24:52.0878 2220 HpSAMD - ok
18:24:53.0002 2220 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:24:53.0112 2220 HSF_DPV - ok
18:24:53.0158 2220 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:24:53.0205 2220 HSXHWAZL - ok
18:24:53.0299 2220 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:24:53.0377 2220 HTTP - ok
18:24:53.0392 2220 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:24:53.0408 2220 hwpolicy - ok
18:24:53.0470 2220 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:24:53.0517 2220 i8042prt - ok
18:24:53.0580 2220 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
18:24:53.0626 2220 iaStorV - ok
18:24:53.0751 2220 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:24:53.0814 2220 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:24:53.0814 2220 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:24:53.0954 2220 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:24:54.0048 2220 idsvc - ok
18:24:54.0219 2220 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:24:54.0266 2220 iirsp - ok
18:24:54.0328 2220 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:24:54.0438 2220 IKEEXT - ok
18:24:54.0500 2220 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:24:54.0531 2220 intelide - ok
18:24:54.0562 2220 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:24:54.0640 2220 intelppm - ok
18:24:54.0687 2220 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:24:54.0796 2220 IPBusEnum - ok
18:24:54.0828 2220 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:24:54.0890 2220 IpFilterDriver - ok
18:24:54.0999 2220 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
18:24:55.0077 2220 iphlpsvc - ok
18:24:55.0140 2220 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:24:55.0202 2220 IPMIDRV - ok
18:24:55.0249 2220 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:24:55.0311 2220 IPNAT - ok
18:24:55.0639 2220 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
18:24:55.0686 2220 iPod Service - ok
18:24:55.0748 2220 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:24:55.0779 2220 IRENUM - ok
18:24:55.0826 2220 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:24:55.0888 2220 isapnp - ok
18:24:55.0935 2220 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:24:55.0982 2220 iScsiPrt - ok
18:24:56.0216 2220 jswpsapi (957135960e7533ea5c7ea0bfb34f8efd) C:\Program Files\Jumpstart\jswpsapi.exe
18:24:56.0403 2220 jswpsapi ( UnsignedFile.Multi.Generic ) - warning
18:24:56.0403 2220 jswpsapi - detected UnsignedFile.Multi.Generic (1)
18:24:56.0434 2220 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
18:24:56.0544 2220 jswpslwf - ok
18:24:56.0622 2220 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:24:56.0715 2220 kbdclass - ok
18:24:56.0778 2220 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:24:56.0824 2220 kbdhid - ok
18:24:56.0887 2220 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:24:56.0918 2220 KeyIso - ok
18:24:56.0980 2220 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:24:57.0012 2220 KSecDD - ok
18:24:57.0012 2220 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:24:57.0043 2220 KSecPkg - ok
18:24:57.0152 2220 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:24:57.0230 2220 KtmRm - ok
18:24:57.0308 2220 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
18:24:57.0355 2220 LanmanServer - ok
18:24:57.0417 2220 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:24:57.0480 2220 LanmanWorkstation - ok
18:24:57.0542 2220 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:24:57.0651 2220 lltdio - ok
18:24:57.0714 2220 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:24:57.0776 2220 lltdsvc - ok
18:24:57.0807 2220 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:24:57.0854 2220 lmhosts - ok
18:24:57.0932 2220 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:24:57.0994 2220 LSI_FC - ok
18:24:58.0041 2220 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:24:58.0072 2220 LSI_SAS - ok
18:24:58.0104 2220 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:24:58.0135 2220 LSI_SAS2 - ok
18:24:58.0150 2220 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:24:58.0166 2220 LSI_SCSI - ok
18:24:58.0197 2220 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:24:58.0228 2220 luafv - ok
18:24:58.0306 2220 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
18:24:58.0338 2220 MBAMProtector - ok
18:24:58.0494 2220 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:24:58.0525 2220 MBAMService - ok
18:24:58.0556 2220 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
18:24:58.0603 2220 Mcx2Svc - ok
18:24:58.0665 2220 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:24:58.0681 2220 mdmxsdk - ok
18:24:58.0743 2220 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:24:58.0759 2220 megasas - ok
18:24:58.0790 2220 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:24:58.0821 2220 MegaSR - ok
18:24:58.0915 2220 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:24:59.0071 2220 MMCSS - ok
18:24:59.0106 2220 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:24:59.0168 2220 Modem - ok
18:24:59.0215 2220 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:24:59.0293 2220 monitor - ok
18:24:59.0356 2220 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:24:59.0418 2220 mouclass - ok
18:24:59.0465 2220 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:24:59.0512 2220 mouhid - ok
18:24:59.0558 2220 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:24:59.0574 2220 mountmgr - ok
18:24:59.0621 2220 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:24:59.0652 2220 mpio - ok
18:24:59.0683 2220 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:24:59.0808 2220 mpsdrv - ok
18:24:59.0886 2220 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
18:24:59.0964 2220 MpsSvc - ok
18:25:00.0011 2220 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:25:00.0073 2220 MRxDAV - ok
18:25:00.0136 2220 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:25:00.0292 2220 mrxsmb - ok
18:25:00.0338 2220 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:25:00.0401 2220 mrxsmb10 - ok
18:25:00.0432 2220 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:25:00.0479 2220 mrxsmb20 - ok
18:25:00.0510 2220 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:25:00.0541 2220 msahci - ok
18:25:00.0588 2220 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:25:00.0635 2220 msdsm - ok
18:25:00.0666 2220 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:25:00.0728 2220 MSDTC - ok
18:25:00.0775 2220 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:25:00.0853 2220 Msfs - ok
18:25:00.0869 2220 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:25:00.0962 2220 mshidkmdf - ok
18:25:01.0025 2220 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:25:01.0072 2220 msisadrv - ok
18:25:01.0165 2220 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:25:01.0212 2220 MSiSCSI - ok
18:25:01.0228 2220 msiserver - ok
18:25:01.0290 2220 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:25:01.0415 2220 MSKSSRV - ok
18:25:01.0430 2220 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:25:01.0555 2220 MSPCLOCK - ok
18:25:01.0602 2220 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:25:01.0711 2220 MSPQM - ok
18:25:01.0742 2220 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:25:01.0789 2220 MsRPC - ok
18:25:01.0883 2220 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:25:01.0930 2220 mssmbios - ok
18:25:01.0976 2220 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:25:02.0023 2220 MSTEE - ok
18:25:02.0023 2220 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:25:02.0070 2220 MTConfig - ok
18:25:02.0086 2220 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:25:02.0117 2220 Mup - ok
18:25:02.0242 2220 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:25:02.0304 2220 napagent - ok
18:25:02.0366 2220 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:25:02.0398 2220 NativeWifiP - ok
18:25:02.0538 2220 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:25:02.0600 2220 NDIS - ok
18:25:02.0710 2220 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:25:02.0772 2220 NdisCap - ok
18:25:02.0803 2220 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:25:02.0866 2220 NdisTapi - ok
18:25:02.0944 2220 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:25:03.0006 2220 Ndisuio - ok
18:25:03.0068 2220 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:25:03.0209 2220 NdisWan - ok
18:25:03.0271 2220 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:25:03.0380 2220 NDProxy - ok
18:25:03.0443 2220 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:25:03.0552 2220 NetBIOS - ok
18:25:03.0599 2220 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:25:03.0692 2220 NetBT - ok
18:25:03.0724 2220 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:25:03.0739 2220 Netlogon - ok
18:25:03.0802 2220 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:25:03.0864 2220 Netman - ok
18:25:03.0942 2220 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:25:04.0004 2220 netprofm - ok
18:25:04.0145 2220 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:25:04.0192 2220 NetTcpPortSharing - ok
18:25:04.0254 2220 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:25:04.0301 2220 nfrd960 - ok
18:25:04.0348 2220 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:25:04.0410 2220 NlaSvc - ok
18:25:04.0426 2220 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:25:04.0488 2220 Npfs - ok
18:25:04.0566 2220 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:25:04.0597 2220 nsi - ok
18:25:04.0644 2220 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:25:04.0800 2220 nsiproxy - ok
18:25:04.0940 2220 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
18:25:05.0065 2220 Ntfs - ok
18:25:05.0112 2220 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:25:05.0159 2220 Null - ok
18:25:05.0221 2220 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
18:25:05.0252 2220 nvraid - ok
18:25:05.0299 2220 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
18:25:05.0346 2220 nvstor - ok
18:25:05.0377 2220 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:25:05.0440 2220 nv_agp - ok
18:25:05.0689 2220 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:25:05.0720 2220 odserv - ok
18:25:05.0767 2220 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:25:05.0845 2220 ohci1394 - ok
18:25:05.0939 2220 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:25:06.0017 2220 ose - ok
18:25:06.0095 2220 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:25:06.0173 2220 p2pimsvc - ok
18:25:06.0251 2220 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:25:06.0282 2220 p2psvc - ok
18:25:06.0422 2220 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:25:06.0485 2220 Parport - ok
18:25:06.0532 2220 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:25:06.0578 2220 partmgr - ok
18:25:06.0610 2220 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:25:06.0656 2220 Parvdm - ok
18:25:06.0688 2220 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:25:06.0719 2220 PcaSvc - ok
18:25:06.0781 2220 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:25:06.0828 2220 pci - ok
18:25:06.0844 2220 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:25:06.0890 2220 pciide - ok
18:25:06.0984 2220 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:25:07.0015 2220 pcmcia - ok
18:25:07.0062 2220 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:25:07.0093 2220 pcw - ok
18:25:07.0140 2220 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:25:07.0234 2220 PEAUTH - ok
18:25:07.0483 2220 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:25:07.0686 2220 pla - ok
18:25:07.0967 2220 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:25:08.0029 2220 PlugPlay - ok
18:25:08.0076 2220 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:25:08.0154 2220 PNRPAutoReg - ok
18:25:08.0201 2220 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:25:08.0248 2220 PNRPsvc - ok
18:25:08.0294 2220 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:25:08.0372 2220 PolicyAgent - ok
18:25:08.0450 2220 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:25:08.0497 2220 Power - ok
18:25:08.0591 2220 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:25:08.0684 2220 PptpMiniport - ok
18:25:08.0716 2220 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:25:08.0825 2220 Processor - ok
18:25:08.0918 2220 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
18:25:08.0965 2220 ProfSvc - ok
18:25:09.0043 2220 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:25:09.0074 2220 ProtectedStorage - ok
18:25:09.0137 2220 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:25:09.0230 2220 Psched - ok
18:25:09.0293 2220 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
18:25:09.0324 2220 PxHelp20 - ok
18:25:09.0496 2220 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:25:09.0589 2220 ql2300 - ok
18:25:09.0854 2220 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:25:09.0886 2220 ql40xx - ok
18:25:09.0932 2220 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:25:10.0010 2220 QWAVE - ok
18:25:10.0042 2220 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:25:10.0073 2220 QWAVEdrv - ok
18:25:10.0088 2220 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:25:10.0135 2220 RasAcd - ok
18:25:10.0229 2220 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:25:10.0291 2220 RasAgileVpn - ok
18:25:10.0338 2220 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:25:10.0385 2220 RasAuto - ok
18:25:10.0416 2220 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:25:10.0494 2220 Rasl2tp - ok
18:25:10.0572 2220 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:25:10.0666 2220 RasMan - ok
18:25:10.0697 2220 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:25:10.0759 2220 RasPppoe - ok
18:25:10.0853 2220 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:25:10.0931 2220 RasSstp - ok
18:25:10.0993 2220 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:25:11.0071 2220 rdbss - ok
18:25:11.0102 2220 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:25:11.0165 2220 rdpbus - ok
18:25:11.0212 2220 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:25:11.0352 2220 RDPCDD - ok
18:25:11.0399 2220 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:25:11.0477 2220 RDPENCDD - ok
18:25:11.0508 2220 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:25:11.0555 2220 RDPREFMP - ok
18:25:11.0695 2220 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
18:25:11.0773 2220 RDPWD - ok
18:25:11.0882 2220 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:25:11.0929 2220 rdyboost - ok
18:25:12.0007 2220 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:25:12.0054 2220 RemoteAccess - ok
18:25:12.0101 2220 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:25:12.0179 2220 RemoteRegistry - ok
18:25:12.0226 2220 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:25:12.0272 2220 RpcEptMapper - ok
18:25:12.0319 2220 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:25:12.0366 2220 RpcLocator - ok
18:25:12.0428 2220 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:25:12.0475 2220 RpcSs - ok
18:25:12.0506 2220 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:25:12.0600 2220 rspndr - ok
18:25:12.0616 2220 RSUSBSTOR - ok
18:25:12.0740 2220 RTHDMIAzAudService (c853ae16ccf5033c0cba0855390f5c7f) C:\Windows\system32\drivers\RtHDMIV.sys
18:25:12.0834 2220 RTHDMIAzAudService - ok
18:25:12.0912 2220 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:25:13.0037 2220 RTL8169 - ok
18:25:13.0037 2220 RtsUIR - ok
18:25:13.0130 2220 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:25:13.0162 2220 SamSs - ok
18:25:13.0224 2220 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:25:13.0255 2220 sbp2port - ok
18:25:13.0302 2220 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:25:13.0411 2220 SCardSvr - ok
18:25:13.0427 2220 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:25:13.0489 2220 scfilter - ok
18:25:13.0567 2220 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:25:13.0645 2220 Schedule - ok
18:25:13.0708 2220 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:25:13.0723 2220 SCPolicySvc - ok
18:25:13.0786 2220 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:25:13.0879 2220 SDRSVC - ok
18:25:13.0926 2220 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:25:14.0035 2220 secdrv - ok
18:25:14.0098 2220 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:25:14.0160 2220 seclogon - ok
18:25:14.0191 2220 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:25:14.0238 2220 SENS - ok
18:25:14.0332 2220 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:25:14.0488 2220 SensrSvc - ok
18:25:14.0503 2220 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:25:14.0550 2220 Serenum - ok
18:25:14.0597 2220 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:25:14.0675 2220 Serial - ok
18:25:14.0737 2220 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:25:14.0831 2220 sermouse - ok
18:25:14.0909 2220 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:25:15.0049 2220 SessionEnv - ok
18:25:15.0080 2220 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:25:15.0158 2220 sffdisk - ok
18:25:15.0190 2220 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:25:15.0268 2220 sffp_mmc - ok
18:25:15.0314 2220 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:25:15.0361 2220 sffp_sd - ok
18:25:15.0392 2220 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:25:15.0424 2220 sfloppy - ok
18:25:15.0548 2220 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:25:15.0611 2220 SharedAccess - ok
18:25:15.0673 2220 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:25:15.0751 2220 ShellHWDetection - ok
18:25:15.0782 2220 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:25:15.0829 2220 sisagp - ok
18:25:15.0876 2220 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:25:15.0892 2220 SiSRaid2 - ok
18:25:15.0923 2220 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:25:15.0954 2220 SiSRaid4 - ok
18:25:16.0141 2220 SmartFaceVWatchSrv (8eb3988c74fd9d0e0934977e36b5f9e6) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
18:25:16.0172 2220 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
18:25:16.0172 2220 SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
18:25:16.0219 2220 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:25:16.0266 2220 Smb - ok
18:25:16.0313 2220 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:25:16.0344 2220 SNMPTRAP - ok
18:25:16.0375 2220 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:25:16.0406 2220 spldr - ok
18:25:16.0484 2220 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:25:16.0547 2220 Spooler - ok
18:25:16.0828 2220 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:25:17.0030 2220 sppsvc - ok
18:25:17.0233 2220 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:25:17.0296 2220 sppuinotify - ok
18:25:17.0420 2220 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:25:17.0545 2220 srv - ok
18:25:17.0717 2220 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:25:17.0810 2220 srv2 - ok
18:25:17.0857 2220 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:25:17.0873 2220 srvnet - ok
18:25:17.0920 2220 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:25:17.0998 2220 SSDPSRV - ok
18:25:18.0091 2220 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:25:18.0107 2220 ssmdrv - ok
18:25:18.0138 2220 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:25:18.0185 2220 SstpSvc - ok
18:25:18.0403 2220 StarMoney 7.0 OnlineUpdate (e8606bf6be3b7481d95f1dd2e4f3fcba) C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
18:25:18.0434 2220 StarMoney 7.0 OnlineUpdate - ok
18:25:18.0793 2220 StarMoney 8.0 OnlineUpdate (7e784dc5c7ce2c6f3c392ad320f5f2c0) C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
18:25:18.0824 2220 StarMoney 8.0 OnlineUpdate - ok
18:25:18.0887 2220 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:25:18.0918 2220 stexstor - ok
18:25:18.0980 2220 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:25:19.0027 2220 StiSvc - ok
18:25:19.0058 2220 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:25:19.0090 2220 swenum - ok
18:25:19.0199 2220 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:25:19.0261 2220 swprv - ok
18:25:19.0370 2220 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
18:25:19.0448 2220 SynTP - ok
18:25:19.0604 2220 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:25:19.0682 2220 SysMain - ok
18:25:19.0760 2220 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:25:19.0807 2220 TabletInputService - ok
18:25:19.0870 2220 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:25:19.0979 2220 TapiSrv - ok
18:25:20.0088 2220 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:25:20.0135 2220 TBS - ok
18:25:20.0322 2220 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:25:20.0494 2220 Tcpip - ok
18:25:20.0525 2220 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:25:20.0556 2220 TCPIP6 - ok
18:25:20.0618 2220 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:25:20.0728 2220 tcpipreg - ok
18:25:20.0774 2220 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:25:20.0790 2220 tdcmdpst - ok
18:25:20.0899 2220 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:25:20.0977 2220 TDPIPE - ok
18:25:21.0149 2220 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:25:21.0227 2220 TDTCP - ok
18:25:21.0258 2220 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:25:21.0305 2220 tdx - ok
18:25:21.0352 2220 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:25:21.0414 2220 TermDD - ok
18:25:21.0508 2220 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:25:21.0586 2220 TermService - ok
18:25:21.0664 2220 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:25:21.0742 2220 Themes - ok
18:25:21.0804 2220 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:25:21.0866 2220 THREADORDER - ok
18:25:21.0913 2220 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
18:25:21.0929 2220 TODDSrv - ok
18:25:22.0038 2220 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
18:25:22.0069 2220 TomTomHOMEService - ok
18:25:22.0366 2220 TosCoSrv (66c35016e01746715f8f606a9f081bf9) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
18:25:22.0381 2220 TosCoSrv - ok
18:25:22.0631 2220 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\Windows\system32\DRIVERS\tos_sps32.sys
18:25:22.0678 2220 tos_sps32 - ok
18:25:22.0740 2220 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:25:22.0834 2220 TrkWks - ok
18:25:23.0036 2220 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:25:23.0208 2220 TrustedInstaller - ok
18:25:23.0270 2220 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:25:23.0317 2220 tssecsrv - ok
18:25:23.0458 2220 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:25:23.0598 2220 TsUsbFlt - ok
18:25:23.0676 2220 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:25:23.0754 2220 tunnel - ok
18:25:23.0801 2220 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:25:23.0816 2220 TVALZ - ok
18:25:23.0848 2220 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:25:23.0879 2220 uagp35 - ok
18:25:23.0941 2220 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:25:24.0019 2220 udfs - ok
18:25:24.0128 2220 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:25:24.0222 2220 UI0Detect - ok
18:25:24.0487 2220 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:25:24.0550 2220 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
18:25:24.0550 2220 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
18:25:24.0628 2220 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:25:24.0659 2220 uliagpkx - ok
18:25:24.0706 2220 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:25:24.0752 2220 umbus - ok
18:25:24.0768 2220 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:25:24.0784 2220 UmPass - ok
18:25:24.0862 2220 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:25:24.0986 2220 upnphost - ok
18:25:25.0049 2220 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:25:25.0127 2220 USBAAPL - ok
18:25:25.0174 2220 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
18:25:25.0252 2220 usbccgp - ok
18:25:25.0267 2220 USBCCID - ok
18:25:25.0314 2220 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:25:25.0392 2220 usbcir - ok
18:25:25.0423 2220 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
18:25:25.0470 2220 usbehci - ok
18:25:25.0518 2220 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
18:25:25.0565 2220 usbhub - ok
18:25:25.0596 2220 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
18:25:25.0643 2220 usbohci - ok
18:25:25.0689 2220 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:25:25.0721 2220 usbprint - ok
18:25:25.0752 2220 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:25:25.0783 2220 usbscan - ok
18:25:25.0845 2220 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:25:25.0908 2220 USBSTOR - ok
18:25:25.0939 2220 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
18:25:26.0095 2220 usbuhci - ok
18:25:26.0157 2220 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
18:25:26.0235 2220 usbvideo - ok
18:25:26.0282 2220 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
18:25:26.0329 2220 UVCFTR - ok
18:25:26.0391 2220 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:25:26.0423 2220 UxSms - ok
18:25:26.0454 2220 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:25:26.0469 2220 VaultSvc - ok
18:25:26.0563 2220 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:25:26.0625 2220 vdrvroot - ok
18:25:26.0719 2220 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:25:26.0828 2220 vds - ok
18:25:26.0906 2220 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:25:26.0984 2220 vga - ok
18:25:27.0031 2220 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:25:27.0125 2220 VgaSave - ok
18:25:27.0187 2220 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:25:27.0218 2220 vhdmp - ok
18:25:27.0249 2220 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:25:27.0281 2220 viaagp - ok
18:25:27.0312 2220 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:25:27.0374 2220 ViaC7 - ok
18:25:27.0421 2220 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:25:27.0452 2220 viaide - ok
18:25:27.0483 2220 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:25:27.0499 2220 volmgr - ok
18:25:27.0577 2220 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:25:27.0624 2220 volmgrx - ok
18:25:27.0671 2220 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:25:27.0733 2220 volsnap - ok
18:25:27.0795 2220 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:25:27.0858 2220 vsmraid - ok
18:25:27.0967 2220 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:25:28.0061 2220 VSS - ok
18:25:28.0107 2220 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:25:28.0154 2220 vwifibus - ok
18:25:28.0185 2220 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:25:28.0248 2220 vwififlt - ok
18:25:28.0357 2220 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:25:28.0419 2220 W32Time - ok
18:25:28.0466 2220 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:25:28.0513 2220 WacomPen - ok
18:25:28.0575 2220 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:25:28.0653 2220 WANARP - ok
18:25:28.0669 2220 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:25:28.0685 2220 Wanarpv6 - ok
18:25:28.0778 2220 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:25:28.0903 2220 wbengine - ok
18:25:28.0997 2220 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:25:29.0059 2220 WbioSrvc - ok
18:25:29.0106 2220 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:25:29.0168 2220 wcncsvc - ok
18:25:29.0199 2220 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:25:29.0277 2220 WcsPlugInService - ok
18:25:29.0355 2220 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:25:29.0387 2220 Wd - ok
18:25:29.0496 2220 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:25:29.0527 2220 Wdf01000 - ok
18:25:29.0574 2220 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:25:29.0730 2220 WdiServiceHost - ok
18:25:29.0745 2220 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:25:29.0761 2220 WdiSystemHost - ok
18:25:29.0839 2220 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:25:29.0933 2220 WebClient - ok
18:25:30.0011 2220 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:25:30.0057 2220 Wecsvc - ok
18:25:30.0073 2220 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:25:30.0151 2220 wercplsupport - ok
18:25:30.0213 2220 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:25:30.0276 2220 WerSvc - ok
18:25:30.0369 2220 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:25:30.0416 2220 WfpLwf - ok
18:25:30.0432 2220 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:25:30.0463 2220 WIMMount - ok
18:25:30.0572 2220 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:25:30.0681 2220 winachsf - ok
18:25:30.0822 2220 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:25:31.0196 2220 WinDefend - ok
18:25:31.0227 2220 WinHttpAutoProxySvc - ok
18:25:31.0524 2220 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:25:31.0602 2220 Winmgmt - ok
18:25:32.0085 2220 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:25:32.0148 2220 WinRM - ok
18:25:32.0241 2220 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:25:32.0335 2220 WinUsb - ok
18:25:32.0491 2220 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:25:32.0647 2220 Wlansvc - ok
18:25:32.0694 2220 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:25:32.0756 2220 WmiAcpi - ok
18:25:32.0912 2220 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:25:32.0975 2220 wmiApSrv - ok
18:25:33.0162 2220 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:25:33.0209 2220 WMPNetworkSvc - ok
18:25:33.0240 2220 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:25:33.0318 2220 WPCSvc - ok
18:25:33.0365 2220 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:25:33.0411 2220 WPDBusEnum - ok
18:25:33.0536 2220 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:25:33.0614 2220 ws2ifsl - ok
18:25:33.0723 2220 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
18:25:33.0755 2220 wscsvc - ok
18:25:33.0770 2220 WSearch - ok
18:25:33.0926 2220 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
18:25:34.0035 2220 wuauserv - ok
18:25:34.0550 2220 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:25:34.0659 2220 WudfPf - ok
18:25:34.0769 2220 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:25:34.0847 2220 WUDFRd - ok
18:25:34.0956 2220 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:25:35.0003 2220 wudfsvc - ok
18:25:35.0127 2220 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:25:35.0205 2220 WwanSvc - ok
18:25:35.0237 2220 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
18:25:35.0299 2220 XAudio - ok
18:25:35.0315 2220 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
18:25:35.0346 2220 XAudioService - ok
18:25:35.0424 2220 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:25:35.0751 2220 \Device\Harddisk0\DR0 - ok
18:25:35.0767 2220 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:25:35.0907 2220 \Device\Harddisk1\DR1 - ok
18:25:35.0939 2220 Boot (0x1200) (8ffb76cc5ffd56f16ca5ea595b849d39) \Device\Harddisk0\DR0\Partition0
18:25:35.0939 2220 \Device\Harddisk0\DR0\Partition0 - ok
18:25:35.0970 2220 Boot (0x1200) (b6fa7e703d790ca126c41836ac0e9cbd) \Device\Harddisk0\DR0\Partition1
18:25:35.0970 2220 \Device\Harddisk0\DR0\Partition1 - ok
18:25:35.0985 2220 Boot (0x1200) (f1a724a2bd5124507a328eddf4aab056) \Device\Harddisk1\DR1\Partition0
18:25:35.0985 2220 \Device\Harddisk1\DR1\Partition0 - ok
18:25:35.0985 2220 ============================================================
18:25:35.0985 2220 Scan finished
18:25:35.0985 2220 ============================================================
18:25:36.0017 2224 Detected object count: 5
18:25:36.0017 2224 Actual detected object count: 5
18:26:02.0506 2224 bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0506 2224 bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:02.0522 2224 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0522 2224 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:02.0522 2224 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0522 2224 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:02.0522 2224 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0522 2224 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:02.0522 2224 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0522 2224 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
30.04.2012, 19:01
| #6 | |
| /// Malware-holic | Verschlüsselungs Trojaner bitte OTL-log überprüfen hi Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Verschlüsselungs Trojaner bitte OTL-log überprüfen |
|
30.04.2012, 22:40
| #7 |
| | Verschlüsselungs Trojaner bitte OTL-log überprüfen Hi Markus, danke danke. Hier die Log-Datei von combofix Code:
ATTFilter ComboFix 12-04-31.02 - Kerstin *** 30.04.2012 23:23:31.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3582.2506 [GMT 2:00]
ausgeführt von:: c:\users\Kerstin ***\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kerstin ***\Favorites\locked-Fussballcup - Dein kostenloser online Fussball Manager!.url.libb
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-28 bis 2012-04-30 ))))))))))))))))))))))))))))))
.
.
2012-04-30 21:31 . 2012-04-30 21:32 -------- d-----w- c:\users\Kerstin ***\AppData\Local\temp
2012-04-30 21:31 . 2012-04-30 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-29 17:06 . 2012-04-29 17:06 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-29 09:18 . 2012-04-29 09:18 -------- d-----w- c:\program files\Microsoft
2012-04-29 08:35 . 2012-04-29 08:35 -------- d-----w- c:\users\Kerstin ***\DoctorWeb
2012-04-28 22:07 . 2012-04-28 22:07 1233160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-28 21:30 . 2012-04-28 21:30 57344 ----a-w- c:\users\Kerstin ***\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-04-28 19:52 . 2012-04-28 19:52 -------- d-----w- c:\users\Kerstin ***\AppData\Roaming\Malwarebytes
2012-04-28 19:52 . 2012-04-28 19:52 -------- d-----w- c:\programdata\Malwarebytes
2012-04-28 19:52 . 2012-04-28 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-28 19:52 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-28 17:30 . 2012-04-29 01:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF524EF6-4EE3-4B37-B5A4-2990F255F68F}\offreg.dll
2012-04-28 16:09 . 2012-04-29 09:07 -------- d-----w- c:\users\Kerstin ***\AppData\Roaming\Qkueqfgbdo
2012-04-28 09:48 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF524EF6-4EE3-4B37-B5A4-2990F255F68F}\mpengine.dll
2012-04-21 15:58 . 2012-04-21 15:58 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 11:09 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 11:09 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 11:09 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 11:09 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 17:06 . 2010-12-10 21:34 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-21 15:58 . 2011-05-17 18:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2009-10-11 08:43 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 10:34 . 2011-10-16 18:09 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-17 05:34 . 2012-03-15 20:07 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-15 20:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-15 20:07 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-15 20:08 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54 . 2012-03-15 20:08 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-28 18:36 . 2011-06-29 16:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-11-15 15:42 . 2009-11-15 15:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-15 30192]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Kerstin ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 253088]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2010-02-08 28208]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-15 30192]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2007-05-31 14949]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [2010-11-29 505264]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-02-23 690352]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 39505073
*Deregistered* - 39505073
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 15:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Kerstin ***\AppData\Roaming\Mozilla\Firefox\Profiles\szp85g3h.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-30 23:34:36
ComboFix-quarantined-files.txt 2012-04-30 21:34
.
Vor Suchlauf: 6 Verzeichnis(se), 135.442.599.936 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 135.696.564.224 Bytes frei
.
- - End Of File - - FA17FB747BA9812BDA7AE43D671274C2
nap |
|
01.05.2012, 10:57
| #8 |
| /// Malware-holic | Verschlüsselungs Trojaner bitte OTL-log überprüfen läuft alles wie gewünscht? wenn ja: lade den CCleaner standard: CCleaner Download - CCleaner 3.18.1707 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.05.2012, 11:29
| #9 |
| | Verschlüsselungs Trojaner bitte OTL-log überprüfen Hallo, funktioniert soweit alles, wie gewünscht. Die Liste müsste ich mit dem Besitzer des Laptops durchgehen, aber auf den ersten Blick sehe ich nichts, was mir verdächtig vorkommt. Ich werde sie aber bitten, die unnötigen Programme zu löschen. Schönen 1.Mai noch :-) Gruß nap Code:
ATTFilter Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 12.03.2010 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 20.04.2012 6,00MB 11.2.202.233 Adobe Flash Player 9 ActiveX Adobe Systems Incorporated 12.03.2010 9 Adobe Reader 8.1.2 - Deutsch Adobe Systems Incorporated 06.10.2008 99,6MB 8.1.2 Apple Application Support Apple Inc. 31.01.2012 61,2MB 2.1.6 Apple Mobile Device Support Apple Inc. 31.01.2012 24,1MB 4.0.0.97 Apple Software Update Apple Inc. 22.08.2011 2,38MB 2.1.3.127 ArcSoft Panorama Maker 5 ArcSoft 02.10.2011 5.0.1.71 Atheros Driver Installation Program Atheros 12.03.2010 5.0 Atheros Wi-Fi Protected Setup Library Atheros 08.10.2009 ATI Catalyst Install Manager ATI Technologies, Inc. 12.03.2010 13,8MB 3.0.732.0 Avira Free Antivirus Avira 19.02.2012 104,4MB 12.0.0.898 Bonjour Apple Inc. 11.10.2011 1,06MB 3.0.0.10 Camera Assistant Software for Toshiba Chicony Electronics Co.,Ltd. 08.10.2009 1.7.231.1126L Canon MP Navigator EX 1.0 12.03.2010 Canon MP520 series 12.03.2010 Canon My Printer 12.03.2010 Canon Utilities Easy-PhotoPrint EX 12.03.2010 Canon Utilities Solution Menu 12.03.2010 CCleaner Piriform 30.04.2012 3.18 CD/DVD Drive Acoustic Silencer TOSHIBA 06.10.2008 2.02.03 Compatibility Pack für 2007 Office System Microsoft Corporation 28.03.2012 215MB 12.0.6612.1000 cyberJack Base Components REINER SCT 04.12.2010 6.9.8 DHTML Editing Component Microsoft Corporation 10.10.2009 0,45MB 6.02.0001 DVD MovieFactory for TOSHIBA Ulead Systems, Inc. 12.03.2010 5.51 Google Desktop Google 12.03.2010 5.9.0911.03589 HDAUDIO Soft Data Fax Modem with SmartCP Conexant 12.03.2010 7.70.00.50 iTunes Apple Inc. 31.01.2012 169,7MB 10.5.3.3 Java(TM) 6 Update 3 Sun Microsystems, Inc. 06.10.2008 168,1MB 1.6.0.30 Java(TM) 6 Update 32 Oracle 28.04.2012 95,7MB 6.0.320 Java(TM) 6 Update 7 Sun Microsystems, Inc. 09.10.2009 136,2MB 1.6.0.70 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 27.04.2012 18,0MB 1.61.0.1400 Microsoft .NET Framework 1.1 12.03.2010 Microsoft .NET Framework 1.1 German Language Pack 11.10.2009 Microsoft Office File Validation Add-In Microsoft Corporation 16.09.2011 7,95MB 14.0.5130.5003 Microsoft Office Home and Student 2007 Microsoft Corporation 28.03.2012 12.0.6612.1000 Microsoft Office Live Add-in 1.5 Microsoft Corporation 28.04.2012 0,50MB 2.0.4024.1 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 28.03.2012 107,9MB 12.0.6612.1000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 10.10.2009 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 0,29MB 8.0.59193 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 11.10.2009 0,19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 12.04.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 30.04.2010 0,61MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 15.06.2011 0,23MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 09.10.2009 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 14.12.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 0,59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 16.10.2011 12,3MB 10.0.40219 Microsoft Works Microsoft Corporation 10.04.2012 1.044MB 9.7.0621 MobileMe Control Panel Apple Inc. 23.05.2011 12,0MB 3.1.6.0 Mozilla Firefox 11.0 (x86 de) Mozilla 27.03.2012 37,5MB 11.0 Mozilla Thunderbird 11.0.1 (x86 de) Mozilla 03.04.2012 38,9MB 11.0.1 MSXML 4.0 SP2 (KB941833) Microsoft Corporation 06.10.2008 1,28MB 4.20.9849.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.10.2009 1,29MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 30.11.2009 1,35MB 4.20.9876.0 myphotobook 3.6 myphotobook 12.03.2010 3.6 NetWaiting BVRP Software, Inc 08.10.2009 2.5.52 Nikon Message Center 2 Nikon 13.08.2011 5,20MB 2.0.1 OpenOffice.org Installer 1.0 Sun Microsystems 09.10.2009 2,39MB 1.0.9221 Picasa 2 Google, Inc. 12.03.2010 2.0 Picture Control Utility Nikon 13.08.2011 19,6MB 1.2.2 QuickTime Apple Inc. 27.12.2010 73,7MB 7.69.80.9 Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 06.10.2008 1.00.0000 Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 13.03.2010 6.1.7600.30101 Safari Apple Inc. 31.01.2012 43,3MB 5.34.52.7 SCHLECKER Foto Digital Service 12.03.2010 StarMoney 7.0 S-Edition Star Finanz GmbH 04.12.2010 7.0 StarMoney 8.0 Star Finanz GmbH 02.07.2011 8.0 Synaptics Pointing Device Driver Synaptics 12.03.2010 10.1.8.0 T-Online WLAN-Access Finder 12.03.2010 TomTom HOME 2.8.3.2499 TomTom 29.02.2012 2.8.3.2499 TomTom HOME Visual Studio Merge Modules TomTom International B.V. 07.04.2011 1,88MB 1.0.2 TOSHIBA Assist TOSHIBA 06.10.2008 2.01.04 TOSHIBA Benutzerhandbücher TOSHIBA 08.10.2009 7.40 TOSHIBA ConfigFree TOSHIBA Corporation 12.03.2010 72,5MB 8.0.23 TOSHIBA Disc Creator TOSHIBA Corporation 12.03.2010 9,73MB 2.1.0.1 TOSHIBA DVD PLAYER TOSHIBA Corporation 12.03.2010 2.50.0.11-AU TOSHIBA Extended Tiles for Windows Mobility Center Toshiba 06.10.2008 1,25MB 1.01.00 TOSHIBA Face Recognition TOSHIBA Corporation 08.10.2009 51,5MB 2.0.17.32 TOSHIBA Hardware Setup TOSHIBA Corporation 13.03.2010 2.00.11 Toshiba Online Product Information TOSHIBA 06.10.2008 1.00.0012 TOSHIBA Recovery Disc Creator TOSHIBA 06.10.2008 2,54MB 2.0.0.1b TOSHIBA Supervisor Password TOSHIBA Corporation 13.03.2010 2.00.10 TOSHIBA Value Added Package TOSHIBA Corporation 12.03.2010 88,7MB 1.2.28 TRDCReminder TOSHIBA 06.10.2008 0,36MB 1.00.0015 TRORDCLauncher TOSHIBA 06.10.2008 0,71MB 1.0.0.1 ViewNX 2 Nikon 13.08.2011 64,4MB 2.1.2 Windows Media Encoder 9-Reihe 12.03.2010 |
|
01.05.2012, 11:31
| #10 |
| /// Malware-holic | Verschlüsselungs Trojaner bitte OTL-log überprüfen dann geh die liste doch bitte mit dem besitzer durch.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.05.2012, 18:03
| #11 |
| | Verschlüsselungs Trojaner bitte OTL-log überprüfen Hi Markus, nun hat die Besitzerin die Liste kommentiert. Bitte schön: Code:
ATTFilter Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 12.03.2010 unnötig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 20.04.2012 6,00MB 11.2.202.233 notwendig Adobe Flash Player 9 ActiveX Adobe Systems Incorporated 12.03.2010 9 notwendig Adobe Reader 8.1.2 - Deutsch Adobe Systems Incorporated 06.10.2008 99,6MB 8.1.2 notwendig Apple Application Support Apple Inc. 31.01.2012 61,2MB 2.1.6 unnötig Apple Mobile Device Support Apple Inc. 31.01.2012 24,1MB 4.0.0.97 unnötig Apple Software Update Apple Inc. 22.08.2011 2,38MB 2.1.3.127 unnötig ArcSoft Panorama Maker 5 ArcSoft 02.10.2011 5.0.1.71 notwendig Atheros Driver Installation Program Atheros 12.03.2010 5.0 nicht bekannt Atheros Wi-Fi Protected Setup Library Atheros 08.10.2009 nicht bekannt ATI Catalyst Install Manager ATI Technologies, Inc. 12.03.2010 13,8MB 3.0.732.0 nicht bekannt Avira Free Antivirus Avira 19.02.2012 104,4MB 12.0.0.898 notwendig Bonjour Apple Inc. 11.10.2011 1,06MB 3.0.0.10 nicht nötig Camera Assistant Software for Toshiba Chicony Electronics Co.,Ltd. 08.10.2009 1.7.231.1126L notwendig Canon MP Navigator EX 1.0 12.03.2010 notwendig Canon MP520 series 12.03.2010 notwendig Canon My Printer 12.03.2010 notwendig Canon Utilities Easy-PhotoPrint EX 12.03.2010 notwendig Canon Utilities Solution Menu 12.03.2010 notwendig CCleaner Piriform 30.04.2012 3.18 notwendig CD/DVD Drive Acoustic Silencer TOSHIBA 06.10.2008 2.02.03 nicht bekannt Compatibility Pack für 2007 Office System Microsoft Corporation 28.03.2012 215MB 12.0.6612.1000 nicht bekannt cyberJack Base Components REINER SCT 04.12.2010 6.9.8 notwendig DHTML Editing Component Microsoft Corporation 10.10.2009 0,45MB 6.02.0001 nicht bekannt DVD MovieFactory for TOSHIBA Ulead Systems, Inc. 12.03.2010 5.51 nicht bekannt Google Desktop Google 12.03.2010 5.9.0911.03589 unnötig HDAUDIO Soft Data Fax Modem with SmartCP Conexant 12.03.2010 7.70.00.50 nicht bekannt iTunes Apple Inc. 31.01.2012 169,7MB 10.5.3.3 notwendig Java(TM) 6 Update 3 Sun Microsystems, Inc. 06.10.2008 168,1MB 1.6.0.30 notwendig Java(TM) 6 Update 32 Oracle 28.04.2012 95,7MB 6.0.320 notwendig Java(TM) 6 Update 7 Sun Microsystems, Inc. 09.10.2009 136,2MB 1.6.0.70 notwendig Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 27.04.2012 18,0MB 1.61.0.1400 notwendig Microsoft .NET Framework 1.1 12.03.2010 nicht bekannt Microsoft .NET Framework 1.1 German Language Pack 11.10.2009 nicht bekannt Microsoft Office File Validation Add-In Microsoft Corporation 16.09.2011 7,95MB 14.0.5130.5003 nicht bekannt Microsoft Office Home and Student 2007 Microsoft Corporation 28.03.2012 12.0.6612.1000 notwendig Microsoft Office Live Add-in 1.5 Microsoft Corporation 28.04.2012 0,50MB 2.0.4024.1 nicht bekannt Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 28.03.2012 107,9MB 12.0.6612.1000 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 10.10.2009 0,25MB 8.0.50727.4053 nicht bekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 0,29MB 8.0.59193 nicht bekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 11.10.2009 0,19MB 9.0.30729.4148 nicht bekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 12.04.2011 0,58MB 9.0.30729.5570 nicht bekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 30.04.2010 0,61MB 9.0.21022 nicht bekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 15.06.2011 0,23MB 9.0.30729 nicht bekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 09.10.2009 0,58MB 9.0.30729 nicht bekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 14.12.2010 0,58MB 9.0.30729.4148 nicht bekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 0,59MB 9.0.30729.6161 nicht bekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 16.10.2011 12,3MB 10.0.40219 nicht bekannt Microsoft Works Microsoft Corporation 10.04.2012 1.044MB 9.7.0621 nicht bekannt MobileMe Control Panel Apple Inc. 23.05.2011 12,0MB 3.1.6.0 nicht bekannt Mozilla Firefox 11.0 (x86 de) Mozilla 27.03.2012 37,5MB 11.0 notwendig Mozilla Thunderbird 11.0.1 (x86 de) Mozilla 03.04.2012 38,9MB 11.0.1 notwendig MSXML 4.0 SP2 (KB941833) Microsoft Corporation 06.10.2008 1,28MB 4.20.9849.0 nicht bekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.10.2009 1,29MB 4.20.9870.0 nicht bekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 30.11.2009 1,35MB 4.20.9876.0 nicht bekannt myphotobook 3.6 myphotobook 12.03.2010 3.6 unnötig NetWaiting BVRP Software, Inc 08.10.2009 2.5.52 nicht bekannt Nikon Message Center 2 Nikon 13.08.2011 5,20MB 2.0.1 ok OpenOffice.org Installer 1.0 Sun Microsystems 09.10.2009 2,39MB 1.0.9221 nicht bekannt Picasa 2 Google, Inc. 12.03.2010 2.0 nicht bekannt Picture Control Utility Nikon 13.08.2011 19,6MB 1.2.2 ok QuickTime Apple Inc. 27.12.2010 73,7MB 7.69.80.9 nicht bekannt Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 06.10.2008 1.00.0000 nicht bekannt Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 13.03.2010 6.1.7600.30101 nicht bekannt Safari Apple Inc. 31.01.2012 43,3MB 5.34.52.7 nicht bekannt SCHLECKER Foto Digital Service 12.03.2010 ok StarMoney 7.0 S-Edition Star Finanz GmbH 04.12.2010 7.0 ok StarMoney 8.0 Star Finanz GmbH 02.07.2011 8.0 Synaptics Pointing Device Driver Synaptics 12.03.2010 10.1.8.0 nicht bekannt T-Online WLAN-Access Finder 12.03.2010 ok TomTom HOME 2.8.3.2499 TomTom 29.02.2012 2.8.3.2499 ok TomTom HOME Visual Studio Merge Modules TomTom International B.V. 07.04.2011 1,88MB 1.0.2 ok TOSHIBA Assist TOSHIBA 06.10.2008 2.01.04 ok TOSHIBA Benutzerhandbücher TOSHIBA 08.10.2009 7.40 ok TOSHIBA ConfigFree TOSHIBA Corporation 12.03.2010 72,5MB 8.0.23 ok TOSHIBA Disc Creator TOSHIBA Corporation 12.03.2010 9,73MB 2.1.0.1 nicht bekannt TOSHIBA DVD PLAYER TOSHIBA Corporation 12.03.2010 2.50.0.11-AU nicht bekannt TOSHIBA Extended Tiles for Windows Mobility Center Toshiba 06.10.2008 1,25MB 1.01.00 nicht bekannt TOSHIBA Face Recognition TOSHIBA Corporation 08.10.2009 51,5MB 2.0.17.32 nicht bekannt TOSHIBA Hardware Setup TOSHIBA Corporation 13.03.2010 2.00.11 nicht bekannt Toshiba Online Product Information TOSHIBA 06.10.2008 1.00.0012 nicht bekannt TOSHIBA Recovery Disc Creator TOSHIBA 06.10.2008 2,54MB 2.0.0.1b nicht bekannt TOSHIBA Supervisor Password TOSHIBA Corporation 13.03.2010 2.00.10 nicht bekannt TOSHIBA Value Added Package TOSHIBA Corporation 12.03.2010 88,7MB 1.2.28 nicht bekannt TRDCReminder TOSHIBA 06.10.2008 0,36MB 1.00.0015 nicht bekannt TRORDCLauncher TOSHIBA 06.10.2008 0,71MB 1.0.0.1 nicht bekannt ViewNX 2 Nikon 13.08.2011 64,4MB 2.1.2 nicht bekannt Windows Media Encoder 9-Reihe 12.03.2010 nicht bekannt nap |
|
04.05.2012, 18:09
| #12 |
| /// Malware-holic | Verschlüsselungs Trojaner bitte OTL-log überprüfen deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: DVD MovieFactory Google Desktop Java(TM) 6 Update 3 Java(TM) 6 Update 7 myphotobook OpenOffice Picasa Safari öffne CCleaner analysieren CCleaner starten, pc neustarten testen wie der pc läuft.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.05.2012, 20:58
| #13 |
| | Verschlüsselungs Trojaner bitte OTL-log überprüfen Hi, vielen Dank für deine Tipps und Einschätzung, ich habe alles nach der Anleitung durchgeführt und einige Programme getestet, läuft soweit alles wunschgemäß. Eine Frage hab ich noch, in welchem der vorherigen Schritte haben wir eigentlich den Trojaner entfernt? Noch mal Danke!  Gruß nap |
|
05.05.2012, 15:34
| #14 |
| /// Malware-holic | Verschlüsselungs Trojaner bitte OTL-log überprüfen mit otl. pc absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html aus der passage xp: - automatische updates. - datenausführungsverhinderung für alle prozesse. - dienste konfigurieren. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie Download - Sandboxie 3.68 anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.05.2012, 20:07
| #15 |
| | Verschlüsselungs Trojaner bitte OTL-log überprüfen Hi Markus, tausend Dank noch mal für Deine Hilfe. Ich habe deine Empfehlungen der Besitzerin weitergegeben, und auch die Nummer Eures Spendenkontos ;-) Ich werde an einem Wochenende noch mal zu ihr hinfahren und die Sicherungsmechanismen durchchecken, auf jeden Fall sichert sie Ihre Daten schon seit längerer Zeit auf eine externe Platte, zumindest das ist schon mal sicher! Liebe Grüße nap Geändert von nap (12.05.2012 um 20:14 Uhr) |
|
| Themen zu Verschlüsselungs Trojaner bitte OTL-log überprüfen |
| adobe, alternate, antivir, autorun, avg, avira, bho, bonjour, branding, canon, defender, desktop, error, firefox, flash player, format, home, install.exe, installation, intranet, kunde, locker, microsoft office word, mozilla, office 2007, plug-in, realtek, registry, rundll, scan, searchscopes, security, senden, software, starmoney, trojaner, usb 2.0, version=1.0, visual studio, wallpapers, windows |
Hybrid-Darstellung
