| |
| |||||||
Log-Analyse und Auswertung: "weißer Bildschirm" TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.09.2012, 19:39
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  "weißer Bildschirm" Trojaner adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.09.2012, 19:53
| #17 |
 | "weißer Bildschirm" TrojanerCode:
ATTFilter # AdwCleaner v2.000 - Datei am 09/06/2012 um 20:50:13 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : Marianne - MARIANNE-TOSH
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Marianne\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\yflqc7zq.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\yflqc7zq.default\searchplugins\SweetIm.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\yflqc7zq.default\SweetPacksToolbarData
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\SweetIm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\Software\SweetIm
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v14.0.1 (de)
Profilname : default
Datei : C:\Users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\yflqc7zq.default\prefs.js
Gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&crg=3.02010003&q=");
Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1346847418054");
Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Gelöscht : user_pref("sweetim.toolbar.cargo", "3.02010003");
Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff_1_6.ht[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{61006CDD-D6AB-45EA-91D3-04578F0524CC}");
Gelöscht : user_pref("sweetim.toolbar.version", "1.6.0.3");
*************************
AdwCleaner[R1].txt - [7102 octets] - [04/09/2012 17:51:11]
AdwCleaner[S1].txt - [7732 octets] - [04/09/2012 20:44:51]
AdwCleaner[R2].txt - [10862 octets] - [06/09/2012 17:10:32]
AdwCleaner[S2].txt - [10855 octets] - [06/09/2012 20:50:13]
########## EOF - C:\AdwCleaner[S2].txt - [10916 octets] ##########
|
|
06.09.2012, 21:30
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "weißer Bildschirm" Trojaner Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
06.09.2012, 22:09
| #19 |
| | "weißer Bildschirm" Trojaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.09.2012 22:51:32 - Run 2 OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Marianne\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 59,86% Memory free 3,74 Gb Paging File | 2,49 Gb Available in Paging File | 66,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 74,92 Gb Free Space | 64,34% Space Free | Partition Type: NTFS Drive D: | 116,05 Gb Total Space | 109,30 Gb Free Space | 94,18% Space Free | Partition Type: NTFS Drive F: | 14,89 Gb Total Space | 10,63 Gb Free Space | 71,40% Space Free | Partition Type: FAT32 Computer Name: MARIANNE-TOSH | User Name: Marianne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.06 15:16:20 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe PRC - [2012.09.04 14:02:44 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.07.03 03:09:21 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.02 09:02:18 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.30 17:18:49 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.27 17:37:49 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe PRC - [2009.12.31 15:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Marianne\AppData\Roaming\T-Mobile Internet Manager\ouc.exe PRC - [2009.07.14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2009.01.13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2007.03.16 02:24:18 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbccoms.exe -- (lxbc_device) SRV - [2012.09.04 14:02:44 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6) SRV - [2012.09.04 12:44:43 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.19 10:39:49 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.07.03 03:09:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.02 09:02:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009.08.10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009.08.06 16:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2009.08.05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2009.08.03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV - [2009.07.14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2007.03.16 02:24:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbccoms.exe -- (lxbc_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.04 14:03:12 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.03 03:09:23 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.03 03:09:23 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.09.10 16:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.08.27 09:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.08.20 17:04:06 | 000,446,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B) DRV:64bit: - [2009.07.30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.30 18:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.07.24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2009.07.20 18:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2006.12.20 11:33:42 | 001,286,656 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USmSerial.sys -- (USmSerial) DRV:64bit: - [2006.12.13 11:20:06 | 000,045,568 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\utlamot.sys -- (UpperF) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4034016911-2851904811-2685300250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKU\S-1-5-21-4034016911-2851904811-2685300250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4034016911-2851904811-2685300250-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4034016911-2851904811-2685300250-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4034016911-2851904811-2685300250-1000\..\SearchScopes\{1B823051-7816-45B8-B00C-749B6D008A81}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-4034016911-2851904811-2685300250-1000\..\SearchScopes\{9FAFA24D-00DB-4328-ABD8-5B68C8368189}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-4034016911-2851904811-2685300250-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.6.20120119024823 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marianne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 10:39:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.22 11:15:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 10:39:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.22 11:15:13 | 000,000,000 | ---D | M] [2010.12.27 18:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\Extensions [2012.09.06 20:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\yflqc7zq.default\extensions [2012.06.22 11:22:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\yflqc7zq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.07.25 15:09:21 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\firefox\profiles\yflqc7zq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.22 22:58:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.07.19 10:39:49 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.06.25 19:46:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.25 19:46:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.25 19:46:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.25 19:46:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.25 19:46:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.25 19:46:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.09.02 18:17:45 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-4034016911-2851904811-2685300250-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [USmSerial] C:\Programme\Motorola\USmSerial\usm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4034016911-2851904811-2685300250-1000..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKU\S-1-5-21-4034016911-2851904811-2685300250-1000..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16000426-7BFF-4791-8357-D1E9766FAF02}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-4034016911-2851904811-2685300250-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-4034016911-2851904811-2685300250-1000 Winlogon: Shell - (C:\Users\Marianne\AppData\Roaming\msconfig.dat) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{18251d05-425d-11e0-ba8a-0026b6b7e187}\Shell - "" = AutoRun O33 - MountPoints2\{18251d05-425d-11e0-ba8a-0026b6b7e187}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{af64a9e3-9999-11df-b145-0026b6b7e187}\Shell - "" = AutoRun O33 - MountPoints2\{af64a9e3-9999-11df-b145-0026b6b7e187}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe O33 - MountPoints2\{bcafbdb8-128f-11e0-8248-705ab673e6b5}\Shell - "" = AutoRun O33 - MountPoints2\{bcafbdb8-128f-11e0-8248-705ab673e6b5}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e47f3586-11ce-11e0-b515-0026b6b7e187}\Shell - "" = AutoRun O33 - MountPoints2\{e47f3586-11ce-11e0-b515-0026b6b7e187}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e47f3594-11ce-11e0-b515-0026b6b7e187}\Shell - "" = AutoRun O33 - MountPoints2\{e47f3594-11ce-11e0-b515-0026b6b7e187}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e47f35a2-11ce-11e0-b515-0026b6b7e187}\Shell - "" = AutoRun O33 - MountPoints2\{e47f35a2-11ce-11e0-b515-0026b6b7e187}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e47f35b0-11ce-11e0-b515-0026b6b7e187}\Shell - "" = AutoRun O33 - MountPoints2\{e47f35b0-11ce-11e0-b515-0026b6b7e187}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: mcmscsvc - Service SafeBootMin:64bit: MCODS - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: mcmscsvc - Service SafeBootNet:64bit: MCODS - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{1DE4C716-4A8E-44BE-A053-EF43EEAE57F6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.06 15:16:17 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe [2012.09.05 14:05:45 | 000,000,000 | ---D | C] -- C:\Users\Marianne\Tracing [2012.09.04 14:03:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.09.04 14:03:12 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012.09.04 13:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.09.04 12:10:16 | 000,000,000 | ---D | C] -- C:\Users\Marianne\AppData\Roaming\Malwarebytes [2012.09.04 12:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.04 12:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.04 12:10:00 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.04 12:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.04 12:05:41 | 000,000,000 | ---D | C] -- C:\Users\Marianne\AppData\Local\Macromedia [2012.09.02 18:17:43 | 000,000,000 | ---D | C] -- C:\_OTL [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.06 22:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.06 20:59:24 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.06 20:59:24 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.06 20:51:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.06 20:51:32 | 1504,350,208 | -HS- | M] () -- C:\hiberfil.sys [2012.09.06 17:08:56 | 000,511,265 | ---- | M] () -- C:\Users\Marianne\Desktop\adwcleaner.exe [2012.09.06 15:16:20 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe [2012.09.05 14:04:59 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat [2012.09.04 14:03:12 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012.09.02 12:26:20 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.02 12:26:20 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.02 12:26:20 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.02 12:26:20 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.02 12:26:20 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.30 15:59:37 | 000,000,045 | ---- | M] () -- C:\Users\Marianne\AppData\Roaming\msconfig.ini [2012.08.20 14:29:17 | 000,343,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.06 17:08:48 | 000,511,265 | ---- | C] () -- C:\Users\Marianne\Desktop\adwcleaner.exe [2012.09.05 14:04:59 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2012.09.04 14:04:00 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.24 10:48:12 | 000,000,045 | ---- | C] () -- C:\Users\Marianne\AppData\Roaming\msconfig.ini [2011.02.17 17:28:12 | 000,000,289 | ---- | C] () -- C:\Windows\Lexstat.ini [2011.02.17 17:27:30 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcusb1.dll [2011.02.17 17:27:30 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpmui.dll [2011.02.17 17:27:30 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbcutil.dll [2011.02.17 17:27:30 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcinpa.dll [2011.02.17 17:27:30 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbciesc.dll [2011.02.17 17:27:30 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBCinst.dll [2011.02.17 17:27:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcserv.dll [2011.02.17 17:27:29 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbchbn3.dll [2011.02.17 17:27:29 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomc.dll [2011.02.17 17:27:29 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbclmpm.dll [2011.02.17 17:27:29 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccoms.exe [2011.02.17 17:27:29 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomm.dll [2011.02.17 17:27:29 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcih.exe [2011.02.17 17:27:29 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccfg.exe [2011.02.17 17:27:29 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcppls.exe [2011.02.17 17:27:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcprox.dll [2011.02.17 17:27:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpplc.dll [2010.07.27 19:56:29 | 000,000,017 | ---- | C] () -- C:\Users\Marianne\AppData\Local\resmon.resmoncfg [2010.06.15 22:06:04 | 000,001,672 | ---- | C] () -- C:\Users\Marianne\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2012.08.17 10:00:32 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\SmartSurfer [2010.12.27 17:37:47 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\T-Mobile [2010.12.27 17:41:30 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\T-Mobile Internet Manager [2010.06.15 22:06:46 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Template [2010.06.15 21:58:49 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Toshiba [2012.06.24 18:11:05 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\UDC Profiles [2012.08.17 10:00:43 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\WEBDE [2012.07.11 12:35:58 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.27 18:36:06 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Adobe [2010.12.30 20:03:42 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Avira [2010.06.19 20:04:00 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Google [2010.06.15 21:25:53 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Identities [2009.09.08 10:13:26 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Macromedia [2012.09.04 12:10:16 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Malwarebytes [2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Media Center Programs [2012.09.05 14:05:41 | 000,000,000 | --SD | M] -- C:\Users\Marianne\AppData\Roaming\Microsoft [2010.12.27 18:23:55 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Mozilla [2012.08.17 10:00:32 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\SmartSurfer [2010.12.27 17:37:47 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\T-Mobile [2010.12.27 17:41:30 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\T-Mobile Internet Manager [2010.06.15 22:06:46 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Template [2010.06.15 21:58:49 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Toshiba [2012.06.24 18:11:05 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\UDC Profiles [2012.08.17 10:00:43 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\WEBDE [2010.12.27 18:38:50 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.08.05 18:37:36 | 000,038,208 | ---- | M] () -- C:\Users\Marianne\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.01.07 15:35:18 | 001,007,616 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Marianne\AppData\Roaming\T-Mobile Internet Manager\LiveUpdate.exe [2009.12.31 15:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Marianne\AppData\Roaming\T-Mobile Internet Manager\ouc.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
07.09.2012, 10:46
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "weißer Bildschirm" Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
[2012.06.22 11:22:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\yflqc7zq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.07.25 15:09:21 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\firefox\profiles\yflqc7zq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4034016911-2851904811-2685300250-1000..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O20 - HKU\S-1-5-21-4034016911-2851904811-2685300250-1000 Winlogon: Shell - (C:\Users\Marianne\AppData\Roaming\msconfig.dat) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{18251d05-425d-11e0-ba8a-0026b6b7e187}\Shell - "" = AutoRun
O33 - MountPoints2\{18251d05-425d-11e0-ba8a-0026b6b7e187}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{af64a9e3-9999-11df-b145-0026b6b7e187}\Shell - "" = AutoRun
O33 - MountPoints2\{af64a9e3-9999-11df-b145-0026b6b7e187}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{bcafbdb8-128f-11e0-8248-705ab673e6b5}\Shell - "" = AutoRun
O33 - MountPoints2\{bcafbdb8-128f-11e0-8248-705ab673e6b5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e47f3586-11ce-11e0-b515-0026b6b7e187}\Shell - "" = AutoRun
O33 - MountPoints2\{e47f3586-11ce-11e0-b515-0026b6b7e187}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e47f3594-11ce-11e0-b515-0026b6b7e187}\Shell - "" = AutoRun
O33 - MountPoints2\{e47f3594-11ce-11e0-b515-0026b6b7e187}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e47f35a2-11ce-11e0-b515-0026b6b7e187}\Shell - "" = AutoRun
O33 - MountPoints2\{e47f35a2-11ce-11e0-b515-0026b6b7e187}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e47f35b0-11ce-11e0-b515-0026b6b7e187}\Shell - "" = AutoRun
O33 - MountPoints2\{e47f35b0-11ce-11e0-b515-0026b6b7e187}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
:Files
C:\Users\Marianne\Pictures\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.09.2012, 12:05
| #21 |
| | "weißer Bildschirm" TrojanerCode:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\yflqc7zq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\yflqc7zq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\yflqc7zq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\yflqc7zq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\yflqc7zq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\yflqc7zq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Marianne\AppData\Roaming\mozilla\firefox\profiles\yflqc7zq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4034016911-2851904811-2685300250-1000\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4034016911-2851904811-2685300250-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Marianne\AppData\Roaming\msconfig.dat deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18251d05-425d-11e0-ba8a-0026b6b7e187}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18251d05-425d-11e0-ba8a-0026b6b7e187}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18251d05-425d-11e0-ba8a-0026b6b7e187}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18251d05-425d-11e0-ba8a-0026b6b7e187}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af64a9e3-9999-11df-b145-0026b6b7e187}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af64a9e3-9999-11df-b145-0026b6b7e187}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af64a9e3-9999-11df-b145-0026b6b7e187}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af64a9e3-9999-11df-b145-0026b6b7e187}\ not found.
File F:\Windows\CHECK\DriveNavigator.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcafbdb8-128f-11e0-8248-705ab673e6b5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcafbdb8-128f-11e0-8248-705ab673e6b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcafbdb8-128f-11e0-8248-705ab673e6b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcafbdb8-128f-11e0-8248-705ab673e6b5}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e47f3586-11ce-11e0-b515-0026b6b7e187}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e47f3586-11ce-11e0-b515-0026b6b7e187}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e47f3586-11ce-11e0-b515-0026b6b7e187}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e47f3586-11ce-11e0-b515-0026b6b7e187}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e47f3594-11ce-11e0-b515-0026b6b7e187}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e47f3594-11ce-11e0-b515-0026b6b7e187}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e47f3594-11ce-11e0-b515-0026b6b7e187}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e47f3594-11ce-11e0-b515-0026b6b7e187}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e47f35a2-11ce-11e0-b515-0026b6b7e187}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e47f35a2-11ce-11e0-b515-0026b6b7e187}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e47f35a2-11ce-11e0-b515-0026b6b7e187}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e47f35a2-11ce-11e0-b515-0026b6b7e187}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e47f35b0-11ce-11e0-b515-0026b6b7e187}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e47f35b0-11ce-11e0-b515-0026b6b7e187}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e47f35b0-11ce-11e0-b515-0026b6b7e187}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e47f35b0-11ce-11e0-b515-0026b6b7e187}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
========== FILES ==========
File\Folder C:\Users\Marianne\Pictures\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Marianne\Desktop\cmd.bat deleted successfully.
C:\Users\Marianne\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Marianne
->Temp folder emptied: 122390087 bytes
->Temporary Internet Files folder emptied: 164471532 bytes
->Java cache emptied: 2177503 bytes
->FireFox cache emptied: 139426042 bytes
->Flash cache emptied: 42956 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 563449359 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045869 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 980,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Marianne
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.0 log created on 09072012_125340
Files\Folders moved on Reboot...
C:\Users\Marianne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
09.09.2012, 20:34
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "weißer Bildschirm" Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.09.2012, 12:52
| #23 |
| | "weißer Bildschirm" TrojanerCode:
ATTFilter 13:48:25.0790 3576 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:48:26.0055 3576 ============================================================
13:48:26.0055 3576 Current date / time: 2012/09/10 13:48:26.0055
13:48:26.0055 3576 SystemInfo:
13:48:26.0055 3576
13:48:26.0055 3576 OS Version: 6.1.7600 ServicePack: 0.0
13:48:26.0055 3576 Product type: Workstation
13:48:26.0055 3576 ComputerName: MARIANNE-TOSH
13:48:26.0055 3576 UserName: Marianne
13:48:26.0055 3576 Windows directory: C:\Windows
13:48:26.0055 3576 System windows directory: C:\Windows
13:48:26.0055 3576 Running under WOW64
13:48:26.0055 3576 Processor architecture: Intel x64
13:48:26.0055 3576 Number of processors: 2
13:48:26.0055 3576 Page size: 0x1000
13:48:26.0055 3576 Boot type: Normal boot
13:48:26.0055 3576 ============================================================
13:48:26.0601 3576 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:48:26.0616 3576 Drive \Device\Harddisk1\DR1 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:48:26.0616 3576 ============================================================
13:48:26.0616 3576 \Device\Harddisk0\DR0:
13:48:26.0616 3576 MBR partitions:
13:48:26.0616 3576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0xE8E2800
13:48:26.0616 3576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE9AB000, BlocksNum 0xE81A800
13:48:26.0616 3576 \Device\Harddisk1\DR1:
13:48:26.0616 3576 MBR partitions:
13:48:26.0616 3576 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DD2080
13:48:26.0616 3576 ============================================================
13:48:26.0663 3576 C: <-> \Device\Harddisk0\DR0\Partition1
13:48:26.0710 3576 D: <-> \Device\Harddisk0\DR0\Partition2
13:48:26.0710 3576 ============================================================
13:48:26.0710 3576 Initialize success
13:48:26.0710 3576 ============================================================
13:49:11.0139 3624 ============================================================
13:49:11.0139 3624 Scan started
13:49:11.0139 3624 Mode: Manual; SigCheck; TDLFS;
13:49:11.0139 3624 ============================================================
13:49:11.0997 3624 ================ Scan system memory ========================
13:49:11.0997 3624 System memory - ok
13:49:11.0997 3624 ================ Scan services =============================
13:49:12.0168 3624 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
13:49:12.0340 3624 1394ohci - ok
13:49:12.0356 3624 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
13:49:12.0387 3624 ACPI - ok
13:49:12.0418 3624 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
13:49:12.0527 3624 AcpiPmi - ok
13:49:12.0636 3624 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:49:12.0668 3624 AdobeFlashPlayerUpdateSvc - ok
13:49:12.0714 3624 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:49:12.0746 3624 adp94xx - ok
13:49:12.0777 3624 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:49:12.0792 3624 adpahci - ok
13:49:12.0824 3624 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:49:12.0839 3624 adpu320 - ok
13:49:12.0886 3624 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:49:13.0042 3624 AeLookupSvc - ok
13:49:13.0104 3624 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
13:49:13.0182 3624 AFD - ok
13:49:13.0214 3624 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
13:49:13.0245 3624 agp440 - ok
13:49:13.0292 3624 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:49:13.0370 3624 ALG - ok
13:49:13.0401 3624 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
13:49:13.0416 3624 aliide - ok
13:49:13.0448 3624 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
13:49:13.0448 3624 amdide - ok
13:49:13.0494 3624 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:49:13.0541 3624 AmdK8 - ok
13:49:13.0572 3624 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:49:13.0619 3624 AmdPPM - ok
13:49:13.0666 3624 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:49:13.0682 3624 amdsata - ok
13:49:13.0744 3624 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:49:13.0760 3624 amdsbs - ok
13:49:13.0806 3624 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:49:13.0822 3624 amdxata - ok
13:49:13.0916 3624 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:49:13.0947 3624 AntiVirSchedulerService - ok
13:49:13.0978 3624 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:49:13.0994 3624 AntiVirService - ok
13:49:14.0040 3624 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
13:49:14.0118 3624 AppID - ok
13:49:14.0150 3624 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:49:14.0228 3624 AppIDSvc - ok
13:49:14.0274 3624 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
13:49:14.0368 3624 Appinfo - ok
13:49:14.0399 3624 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:49:14.0430 3624 arc - ok
13:49:14.0477 3624 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:49:14.0493 3624 arcsas - ok
13:49:14.0524 3624 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:49:14.0586 3624 AsyncMac - ok
13:49:14.0618 3624 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
13:49:14.0633 3624 atapi - ok
13:49:14.0696 3624 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
13:49:14.0758 3624 athr - ok
13:49:14.0820 3624 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:49:14.0898 3624 AudioEndpointBuilder - ok
13:49:14.0914 3624 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:49:14.0961 3624 AudioSrv - ok
13:49:15.0008 3624 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:49:15.0039 3624 avgntflt - ok
13:49:15.0070 3624 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
13:49:15.0086 3624 avgtp - ok
13:49:15.0132 3624 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:49:15.0148 3624 avipbb - ok
13:49:15.0179 3624 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:49:15.0273 3624 AxInstSV - ok
13:49:15.0320 3624 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:49:15.0413 3624 b06bdrv - ok
13:49:15.0444 3624 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:49:15.0507 3624 b57nd60a - ok
13:49:15.0600 3624 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:49:15.0663 3624 BDESVC - ok
13:49:15.0694 3624 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:49:15.0788 3624 Beep - ok
13:49:15.0834 3624 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
13:49:15.0897 3624 BFE - ok
13:49:15.0944 3624 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
13:49:16.0022 3624 BITS - ok
13:49:16.0053 3624 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:49:16.0084 3624 blbdrive - ok
13:49:16.0131 3624 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:49:16.0193 3624 bowser - ok
13:49:16.0224 3624 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:49:16.0271 3624 BrFiltLo - ok
13:49:16.0302 3624 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:49:16.0318 3624 BrFiltUp - ok
13:49:16.0365 3624 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
13:49:16.0427 3624 Browser - ok
13:49:16.0474 3624 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:49:16.0568 3624 Brserid - ok
13:49:16.0599 3624 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:49:16.0630 3624 BrSerWdm - ok
13:49:16.0661 3624 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:49:16.0724 3624 BrUsbMdm - ok
13:49:16.0755 3624 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:49:16.0786 3624 BrUsbSer - ok
13:49:16.0802 3624 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:49:16.0817 3624 BTHMODEM - ok
13:49:16.0864 3624 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:49:16.0926 3624 bthserv - ok
13:49:16.0973 3624 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:49:17.0020 3624 cdfs - ok
13:49:17.0051 3624 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:49:17.0082 3624 cdrom - ok
13:49:17.0114 3624 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
13:49:17.0176 3624 CertPropSvc - ok
13:49:17.0270 3624 [ 837FF2D497880198C918E6954DBD170C ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
13:49:17.0285 3624 cfWiMAXService - ok
13:49:17.0332 3624 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:49:17.0379 3624 circlass - ok
13:49:17.0426 3624 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:49:17.0457 3624 CLFS - ok
13:49:17.0519 3624 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:49:17.0550 3624 clr_optimization_v2.0.50727_32 - ok
13:49:17.0582 3624 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:49:17.0597 3624 clr_optimization_v2.0.50727_64 - ok
13:49:17.0644 3624 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:49:17.0691 3624 clr_optimization_v4.0.30319_32 - ok
13:49:17.0722 3624 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:49:17.0738 3624 clr_optimization_v4.0.30319_64 - ok
13:49:17.0753 3624 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:49:17.0785 3624 CmBatt - ok
13:49:17.0831 3624 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
13:49:17.0831 3624 cmdide - ok
13:49:17.0909 3624 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
13:49:17.0972 3624 CNG - ok
13:49:18.0003 3624 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:49:18.0019 3624 Compbatt - ok
13:49:18.0050 3624 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:49:18.0097 3624 CompositeBus - ok
13:49:18.0112 3624 COMSysApp - ok
13:49:18.0159 3624 [ D252C53BCDFC199BBA55EEB10CDB266E ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
13:49:18.0159 3624 ConfigFree Gadget Service - ok
13:49:18.0206 3624 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
13:49:18.0221 3624 ConfigFree Service - ok
13:49:18.0237 3624 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:49:18.0268 3624 crcdisk - ok
13:49:18.0315 3624 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:49:18.0377 3624 CryptSvc - ok
13:49:18.0440 3624 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:49:18.0502 3624 DcomLaunch - ok
13:49:18.0549 3624 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:49:18.0611 3624 defragsvc - ok
13:49:18.0658 3624 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:49:18.0705 3624 DfsC - ok
13:49:18.0752 3624 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
13:49:18.0845 3624 Dhcp - ok
13:49:18.0877 3624 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:49:18.0939 3624 discache - ok
13:49:18.0986 3624 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:49:19.0001 3624 Disk - ok
13:49:19.0017 3624 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:49:19.0079 3624 Dnscache - ok
13:49:19.0142 3624 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
13:49:19.0204 3624 dot3svc - ok
13:49:19.0220 3624 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
13:49:19.0282 3624 DPS - ok
13:49:19.0313 3624 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:49:19.0345 3624 drmkaud - ok
13:49:19.0391 3624 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:49:19.0423 3624 DXGKrnl - ok
13:49:19.0469 3624 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:49:19.0516 3624 EapHost - ok
13:49:19.0610 3624 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:49:19.0719 3624 ebdrv - ok
13:49:19.0766 3624 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
13:49:19.0875 3624 EFS - ok
13:49:19.0953 3624 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:49:20.0015 3624 ehRecvr - ok
13:49:20.0047 3624 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:49:20.0109 3624 ehSched - ok
13:49:20.0171 3624 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:49:20.0203 3624 elxstor - ok
13:49:20.0218 3624 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
13:49:20.0249 3624 ErrDev - ok
13:49:20.0312 3624 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:49:20.0359 3624 EventSystem - ok
13:49:20.0405 3624 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:49:20.0468 3624 exfat - ok
13:49:20.0483 3624 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:49:20.0546 3624 fastfat - ok
13:49:20.0608 3624 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
13:49:20.0686 3624 Fax - ok
13:49:20.0717 3624 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:49:20.0764 3624 fdc - ok
13:49:20.0795 3624 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:49:20.0889 3624 fdPHost - ok
13:49:20.0905 3624 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:49:20.0951 3624 FDResPub - ok
13:49:20.0967 3624 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:49:20.0983 3624 FileInfo - ok
13:49:21.0014 3624 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:49:21.0061 3624 Filetrace - ok
13:49:21.0092 3624 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:49:21.0123 3624 flpydisk - ok
13:49:21.0139 3624 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:49:21.0170 3624 FltMgr - ok
13:49:21.0217 3624 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
13:49:21.0279 3624 FontCache - ok
13:49:21.0341 3624 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:49:21.0357 3624 FontCache3.0.0.0 - ok
13:49:21.0388 3624 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:49:21.0404 3624 FsDepends - ok
13:49:21.0451 3624 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:49:21.0466 3624 Fs_Rec - ok
13:49:21.0497 3624 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:49:21.0529 3624 fvevol - ok
13:49:21.0560 3624 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:49:21.0575 3624 gagp30kx - ok
13:49:21.0653 3624 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
13:49:21.0669 3624 GamesAppService - ok
13:49:21.0716 3624 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
13:49:21.0763 3624 gpsvc - ok
13:49:21.0809 3624 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:49:21.0841 3624 gusvc - ok
13:49:21.0872 3624 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:49:21.0981 3624 hcw85cir - ok
13:49:22.0012 3624 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:49:22.0075 3624 HdAudAddService - ok
13:49:22.0106 3624 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:49:22.0137 3624 HDAudBus - ok
13:49:22.0153 3624 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:49:22.0199 3624 HidBatt - ok
13:49:22.0231 3624 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:49:22.0262 3624 HidBth - ok
13:49:22.0293 3624 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:49:22.0309 3624 HidIr - ok
13:49:22.0340 3624 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:49:22.0418 3624 hidserv - ok
13:49:22.0449 3624 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:49:22.0480 3624 HidUsb - ok
13:49:22.0527 3624 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:49:22.0574 3624 hkmsvc - ok
13:49:22.0589 3624 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:49:22.0667 3624 HomeGroupListener - ok
13:49:22.0699 3624 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:49:22.0730 3624 HomeGroupProvider - ok
13:49:22.0777 3624 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
13:49:22.0808 3624 HpSAMD - ok
13:49:22.0839 3624 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:49:22.0901 3624 HTTP - ok
13:49:22.0964 3624 [ 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:49:23.0042 3624 hwdatacard - ok
13:49:23.0073 3624 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:49:23.0073 3624 hwpolicy - ok
13:49:23.0135 3624 [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
13:49:23.0182 3624 hwusbdev - ok
13:49:23.0213 3624 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:49:23.0229 3624 i8042prt - ok
13:49:23.0291 3624 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:49:23.0307 3624 iaStor - ok
13:49:23.0354 3624 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:49:23.0385 3624 iaStorV - ok
13:49:23.0447 3624 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:49:23.0479 3624 idsvc - ok
13:49:23.0681 3624 [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:49:23.0947 3624 igfx - ok
13:49:23.0978 3624 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:49:23.0993 3624 iirsp - ok
13:49:24.0040 3624 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
13:49:24.0103 3624 IKEEXT - ok
13:49:24.0181 3624 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:49:24.0227 3624 IntcAzAudAddService - ok
13:49:24.0259 3624 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
13:49:24.0274 3624 intelide - ok
13:49:24.0321 3624 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:49:24.0352 3624 intelppm - ok
13:49:24.0383 3624 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:49:24.0430 3624 IPBusEnum - ok
13:49:24.0461 3624 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:49:24.0508 3624 IpFilterDriver - ok
13:49:24.0571 3624 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:49:24.0649 3624 iphlpsvc - ok
13:49:24.0664 3624 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:49:24.0695 3624 IPMIDRV - ok
13:49:24.0727 3624 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:49:24.0773 3624 IPNAT - ok
13:49:24.0805 3624 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:49:24.0820 3624 IRENUM - ok
13:49:24.0851 3624 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
13:49:24.0867 3624 isapnp - ok
13:49:24.0883 3624 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:49:24.0914 3624 iScsiPrt - ok
13:49:24.0945 3624 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:49:24.0961 3624 kbdclass - ok
13:49:25.0007 3624 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:49:25.0039 3624 kbdhid - ok
13:49:25.0054 3624 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
13:49:25.0085 3624 KeyIso - ok
13:49:25.0132 3624 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:49:25.0148 3624 KSecDD - ok
13:49:25.0179 3624 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:49:25.0195 3624 KSecPkg - ok
13:49:25.0241 3624 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:49:25.0304 3624 ksthunk - ok
13:49:25.0335 3624 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:49:25.0397 3624 KtmRm - ok
13:49:25.0460 3624 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:49:25.0507 3624 LanmanServer - ok
13:49:25.0569 3624 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:49:25.0616 3624 LanmanWorkstation - ok
13:49:25.0647 3624 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:49:25.0725 3624 lltdio - ok
13:49:25.0756 3624 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:49:25.0803 3624 lltdsvc - ok
13:49:25.0850 3624 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:49:25.0897 3624 lmhosts - ok
13:49:25.0928 3624 [ 41E122F6D1448C94CC05196BC41D6BFB ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
13:49:25.0943 3624 LPCFilter - ok
13:49:25.0975 3624 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:49:25.0990 3624 LSI_FC - ok
13:49:26.0006 3624 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:49:26.0021 3624 LSI_SAS - ok
13:49:26.0037 3624 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:49:26.0053 3624 LSI_SAS2 - ok
13:49:26.0099 3624 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:49:26.0115 3624 LSI_SCSI - ok
13:49:26.0131 3624 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:49:26.0193 3624 luafv - ok
13:49:26.0224 3624 lxbc_device - ok
13:49:26.0271 3624 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:49:26.0287 3624 MBAMProtector - ok
13:49:26.0349 3624 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:49:26.0380 3624 MBAMService - ok
13:49:26.0411 3624 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:49:26.0443 3624 Mcx2Svc - ok
13:49:26.0458 3624 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:49:26.0474 3624 megasas - ok
13:49:26.0505 3624 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:49:26.0521 3624 MegaSR - ok
13:49:26.0567 3624 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:49:26.0614 3624 MMCSS - ok
13:49:26.0645 3624 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:49:26.0692 3624 Modem - ok
13:49:26.0723 3624 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:49:26.0755 3624 monitor - ok
13:49:26.0770 3624 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:49:26.0786 3624 mouclass - ok
13:49:26.0801 3624 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:49:26.0833 3624 mouhid - ok
13:49:26.0864 3624 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:49:26.0879 3624 mountmgr - ok
13:49:26.0942 3624 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:49:26.0957 3624 MozillaMaintenance - ok
13:49:26.0989 3624 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
13:49:27.0020 3624 mpio - ok
13:49:27.0051 3624 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:49:27.0082 3624 mpsdrv - ok
13:49:27.0145 3624 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:49:27.0207 3624 MpsSvc - ok
13:49:27.0238 3624 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:49:27.0269 3624 MRxDAV - ok
13:49:27.0316 3624 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:49:27.0347 3624 mrxsmb - ok
13:49:27.0394 3624 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:49:27.0457 3624 mrxsmb10 - ok
13:49:27.0488 3624 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:49:27.0535 3624 mrxsmb20 - ok
13:49:27.0581 3624 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
13:49:27.0597 3624 msahci - ok
13:49:27.0613 3624 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
13:49:27.0628 3624 msdsm - ok
13:49:27.0675 3624 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:49:27.0706 3624 MSDTC - ok
13:49:27.0737 3624 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:49:27.0784 3624 Msfs - ok
13:49:27.0815 3624 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:49:27.0878 3624 mshidkmdf - ok
13:49:27.0893 3624 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
13:49:27.0909 3624 msisadrv - ok
13:49:27.0956 3624 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:49:28.0018 3624 MSiSCSI - ok
13:49:28.0018 3624 msiserver - ok
13:49:28.0049 3624 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:49:28.0096 3624 MSKSSRV - ok
13:49:28.0127 3624 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:49:28.0174 3624 MSPCLOCK - ok
13:49:28.0205 3624 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:49:28.0268 3624 MSPQM - ok
13:49:28.0299 3624 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:49:28.0315 3624 MsRPC - ok
13:49:28.0330 3624 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:49:28.0346 3624 mssmbios - ok
13:49:28.0393 3624 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:49:28.0439 3624 MSTEE - ok
13:49:28.0455 3624 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:49:28.0486 3624 MTConfig - ok
13:49:28.0517 3624 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:49:28.0533 3624 Mup - ok
13:49:28.0564 3624 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
13:49:28.0611 3624 napagent - ok
13:49:28.0673 3624 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:49:28.0720 3624 NativeWifiP - ok
13:49:28.0751 3624 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:49:28.0783 3624 NDIS - ok
13:49:28.0829 3624 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:49:28.0876 3624 NdisCap - ok
13:49:28.0907 3624 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:49:28.0954 3624 NdisTapi - ok
13:49:28.0954 3624 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:49:29.0017 3624 Ndisuio - ok
13:49:29.0032 3624 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:49:29.0079 3624 NdisWan - ok
13:49:29.0095 3624 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:49:29.0141 3624 NDProxy - ok
13:49:29.0173 3624 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:49:29.0251 3624 NetBIOS - ok
13:49:29.0266 3624 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:49:29.0313 3624 NetBT - ok
13:49:29.0344 3624 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
13:49:29.0360 3624 Netlogon - ok
13:49:29.0391 3624 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:49:29.0438 3624 Netman - ok
13:49:29.0469 3624 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:49:29.0516 3624 netprofm - ok
13:49:29.0547 3624 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:49:29.0563 3624 NetTcpPortSharing - ok
13:49:29.0609 3624 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:49:29.0625 3624 nfrd960 - ok
13:49:29.0656 3624 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:49:29.0719 3624 NlaSvc - ok
13:49:29.0750 3624 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:49:29.0797 3624 Npfs - ok
13:49:29.0812 3624 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:49:29.0859 3624 nsi - ok
13:49:29.0890 3624 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:49:29.0937 3624 nsiproxy - ok
13:49:29.0999 3624 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:49:30.0046 3624 Ntfs - ok
13:49:30.0093 3624 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:49:30.0124 3624 Null - ok
13:49:30.0171 3624 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:49:30.0187 3624 nvraid - ok
13:49:30.0233 3624 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:49:30.0249 3624 nvstor - ok
13:49:30.0280 3624 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
13:49:30.0296 3624 nv_agp - ok
13:49:30.0374 3624 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:49:30.0405 3624 odserv - ok
13:49:30.0436 3624 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:49:30.0483 3624 ohci1394 - ok
13:49:30.0545 3624 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:49:30.0561 3624 ose - ok
13:49:30.0592 3624 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:49:30.0655 3624 p2pimsvc - ok
13:49:30.0701 3624 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:49:30.0733 3624 p2psvc - ok
13:49:30.0764 3624 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:49:30.0779 3624 Parport - ok
13:49:30.0811 3624 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:49:30.0842 3624 partmgr - ok
13:49:30.0873 3624 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:49:30.0904 3624 PcaSvc - ok
13:49:30.0935 3624 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
13:49:30.0951 3624 pci - ok
13:49:30.0967 3624 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
13:49:30.0982 3624 pciide - ok
13:49:30.0998 3624 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:49:31.0013 3624 pcmcia - ok
13:49:31.0045 3624 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:49:31.0076 3624 pcw - ok
13:49:31.0107 3624 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:49:31.0169 3624 PEAUTH - ok
13:49:31.0232 3624 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:49:31.0263 3624 PerfHost - ok
13:49:31.0341 3624 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
13:49:31.0357 3624 PGEffect - ok
13:49:31.0419 3624 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
13:49:31.0497 3624 pla - ok
13:49:31.0544 3624 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:49:31.0622 3624 PlugPlay - ok
13:49:31.0653 3624 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:49:31.0684 3624 PNRPAutoReg - ok
13:49:31.0715 3624 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:49:31.0747 3624 PNRPsvc - ok
13:49:31.0778 3624 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:49:31.0840 3624 PolicyAgent - ok
13:49:31.0871 3624 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:49:31.0934 3624 Power - ok
13:49:31.0965 3624 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:49:32.0012 3624 PptpMiniport - ok
13:49:32.0027 3624 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:49:32.0059 3624 Processor - ok
13:49:32.0105 3624 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
13:49:32.0168 3624 ProfSvc - ok
13:49:32.0183 3624 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:49:32.0199 3624 ProtectedStorage - ok
13:49:32.0230 3624 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:49:32.0277 3624 Psched - ok
13:49:32.0324 3624 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:49:32.0371 3624 ql2300 - ok
13:49:32.0402 3624 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:49:32.0417 3624 ql40xx - ok
13:49:32.0449 3624 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:49:32.0480 3624 QWAVE - ok
13:49:32.0495 3624 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:49:32.0527 3624 QWAVEdrv - ok
13:49:32.0558 3624 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:49:32.0636 3624 RasAcd - ok
13:49:32.0667 3624 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:49:32.0729 3624 RasAgileVpn - ok
13:49:32.0745 3624 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:49:32.0823 3624 RasAuto - ok
13:49:32.0854 3624 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:49:32.0901 3624 Rasl2tp - ok
13:49:32.0948 3624 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
13:49:33.0010 3624 RasMan - ok
13:49:33.0041 3624 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:49:33.0088 3624 RasPppoe - ok
13:49:33.0104 3624 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:49:33.0151 3624 RasSstp - ok
13:49:33.0182 3624 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:49:33.0275 3624 rdbss - ok
13:49:33.0291 3624 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:49:33.0307 3624 rdpbus - ok
13:49:33.0353 3624 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:49:33.0385 3624 RDPCDD - ok
13:49:33.0400 3624 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:49:33.0447 3624 RDPENCDD - ok
13:49:33.0463 3624 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:49:33.0509 3624 RDPREFMP - ok
13:49:33.0541 3624 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:49:33.0619 3624 RDPWD - ok
13:49:33.0650 3624 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:49:33.0665 3624 rdyboost - ok
13:49:33.0697 3624 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:49:33.0743 3624 RemoteAccess - ok
13:49:33.0775 3624 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:49:33.0821 3624 RemoteRegistry - ok
13:49:33.0837 3624 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:49:33.0899 3624 RpcEptMapper - ok
13:49:33.0931 3624 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:49:33.0977 3624 RpcLocator - ok
13:49:34.0009 3624 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
13:49:34.0055 3624 RpcSs - ok
13:49:34.0087 3624 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:49:34.0149 3624 rspndr - ok
13:49:34.0211 3624 [ 8C22F21C924413D4E109995F748E18BB ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
13:49:34.0258 3624 RSUSBSTOR - ok
13:49:34.0305 3624 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:49:34.0367 3624 RTL8167 - ok
13:49:34.0414 3624 [ A36805E60282B1753C28001269D725E7 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
13:49:34.0461 3624 RTL8187B - ok
13:49:34.0461 3624 RtsUIR - ok
13:49:34.0477 3624 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
13:49:34.0492 3624 SamSs - ok
13:49:34.0539 3624 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
13:49:34.0555 3624 sbp2port - ok
13:49:34.0586 3624 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:49:34.0633 3624 SCardSvr - ok
13:49:34.0664 3624 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:49:34.0711 3624 scfilter - ok
13:49:34.0773 3624 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
13:49:34.0804 3624 Schedule - ok
13:49:34.0835 3624 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:49:34.0867 3624 SCPolicySvc - ok
13:49:34.0898 3624 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:49:34.0960 3624 SDRSVC - ok
13:49:35.0007 3624 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:49:35.0085 3624 secdrv - ok
13:49:35.0101 3624 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
13:49:35.0163 3624 seclogon - ok
13:49:35.0179 3624 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:49:35.0225 3624 SENS - ok
13:49:35.0257 3624 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:49:35.0319 3624 SensrSvc - ok
13:49:35.0350 3624 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:49:35.0366 3624 Serenum - ok
13:49:35.0397 3624 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:49:35.0428 3624 Serial - ok
13:49:35.0444 3624 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:49:35.0459 3624 sermouse - ok
13:49:35.0491 3624 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
13:49:35.0537 3624 SessionEnv - ok
13:49:35.0537 3624 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
13:49:35.0569 3624 sffdisk - ok
13:49:35.0615 3624 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:49:35.0647 3624 sffp_mmc - ok
13:49:35.0647 3624 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
13:49:35.0678 3624 sffp_sd - ok
13:49:35.0678 3624 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:49:35.0709 3624 sfloppy - ok
13:49:35.0756 3624 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:49:35.0818 3624 SharedAccess - ok
13:49:35.0849 3624 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:49:35.0881 3624 ShellHWDetection - ok
13:49:35.0912 3624 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:49:35.0927 3624 SiSRaid2 - ok
13:49:35.0959 3624 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:49:35.0974 3624 SiSRaid4 - ok
13:49:36.0005 3624 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:49:36.0083 3624 Smb - ok
13:49:36.0130 3624 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:49:36.0146 3624 SNMPTRAP - ok
13:49:36.0161 3624 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:49:36.0177 3624 spldr - ok
13:49:36.0239 3624 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
13:49:36.0302 3624 Spooler - ok
13:49:36.0411 3624 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
13:49:36.0520 3624 sppsvc - ok
13:49:36.0536 3624 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:49:36.0583 3624 sppuinotify - ok
13:49:36.0629 3624 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:49:36.0661 3624 srv - ok
13:49:36.0692 3624 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:49:36.0723 3624 srv2 - ok
13:49:36.0754 3624 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:49:36.0801 3624 srvnet - ok
13:49:36.0848 3624 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:49:36.0926 3624 SSDPSRV - ok
13:49:36.0926 3624 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:49:36.0973 3624 SstpSvc - ok
13:49:37.0004 3624 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:49:37.0019 3624 stexstor - ok
13:49:37.0066 3624 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
13:49:37.0113 3624 stisvc - ok
13:49:37.0129 3624 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:49:37.0144 3624 swenum - ok
13:49:37.0191 3624 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:49:37.0238 3624 swprv - ok
13:49:37.0316 3624 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:49:37.0347 3624 SynTP - ok
13:49:37.0425 3624 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
13:49:37.0487 3624 SysMain - ok
13:49:37.0503 3624 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:49:37.0534 3624 TabletInputService - ok
13:49:37.0565 3624 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
13:49:37.0612 3624 TapiSrv - ok
13:49:37.0643 3624 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:49:37.0690 3624 TBS - ok
13:49:37.0784 3624 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:49:37.0846 3624 Tcpip - ok
13:49:37.0909 3624 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:49:37.0940 3624 TCPIP6 - ok
13:49:37.0987 3624 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:49:38.0018 3624 tcpipreg - ok
13:49:38.0096 3624 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
13:49:38.0111 3624 tdcmdpst - ok
13:49:38.0143 3624 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:49:38.0189 3624 TDPIPE - ok
13:49:38.0236 3624 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:49:38.0283 3624 TDTCP - ok
13:49:38.0314 3624 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:49:38.0377 3624 tdx - ok
13:49:38.0439 3624 [ 63B4F544664DC5154FDA4213E2AF09D0 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
13:49:38.0455 3624 TemproMonitoringService - ok
13:49:38.0486 3624 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:49:38.0486 3624 TermDD - ok
13:49:38.0533 3624 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
13:49:38.0595 3624 TermService - ok
13:49:38.0611 3624 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:49:38.0642 3624 Themes - ok
13:49:38.0657 3624 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:49:38.0689 3624 THREADORDER - ok
13:49:38.0767 3624 [ 32577B987AE5401038451BB392CB8D89 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
13:49:38.0782 3624 TMachInfo - ok
13:49:38.0813 3624 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
13:49:38.0829 3624 TODDSrv - ok
13:49:38.0923 3624 [ 4DB8C79BCEA76063B83B13410366A1F7 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
13:49:38.0954 3624 TosCoSrv - ok
13:49:39.0016 3624 [ DD58E1250F604CBBADDA04575E5E2376 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
13:49:39.0032 3624 TOSHIBA HDD SSD Alert Service - ok
13:49:39.0094 3624 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys
13:49:39.0110 3624 tos_sps64 - ok
13:49:39.0141 3624 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:49:39.0188 3624 TrkWks - ok
13:49:39.0235 3624 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:49:39.0266 3624 TrustedInstaller - ok
13:49:39.0297 3624 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:49:39.0344 3624 tssecsrv - ok
13:49:39.0391 3624 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:49:39.0437 3624 tunnel - ok
13:49:39.0500 3624 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:49:39.0515 3624 TVALZ - ok
13:49:39.0531 3624 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:49:39.0547 3624 uagp35 - ok
13:49:39.0593 3624 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:49:39.0640 3624 udfs - ok
13:49:39.0671 3624 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:49:39.0718 3624 UI0Detect - ok
13:49:39.0749 3624 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
13:49:39.0765 3624 uliagpkx - ok
13:49:39.0812 3624 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:49:39.0843 3624 umbus - ok
13:49:39.0874 3624 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:49:39.0890 3624 UmPass - ok
13:49:39.0921 3624 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:49:39.0968 3624 upnphost - ok
13:49:39.0999 3624 [ 2DD6660F56876F00AB56588DFBDDDEE6 ] UpperF C:\Windows\system32\DRIVERS\utlamot.sys
13:49:40.0046 3624 UpperF - ok
13:49:40.0077 3624 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:49:40.0139 3624 usbccgp - ok
13:49:40.0139 3624 USBCCID - ok
13:49:40.0186 3624 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
13:49:40.0233 3624 usbcir - ok
13:49:40.0264 3624 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:49:40.0264 3624 usbehci - ok
13:49:40.0311 3624 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:49:40.0327 3624 usbhub - ok
13:49:40.0373 3624 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:49:40.0405 3624 usbohci - ok
13:49:40.0451 3624 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:49:40.0498 3624 usbprint - ok
13:49:40.0529 3624 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:49:40.0545 3624 USBSTOR - ok
13:49:40.0576 3624 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:49:40.0592 3624 usbuhci - ok
13:49:40.0623 3624 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:49:40.0717 3624 usbvideo - ok
13:49:40.0779 3624 [ 3A3FD4EDFB5E56B29BA840DF9482398D ] USmSerial C:\Windows\system32\DRIVERS\USmSerial.sys
13:49:40.0810 3624 USmSerial - ok
13:49:40.0841 3624 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:49:40.0873 3624 UxSms - ok
13:49:40.0904 3624 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
13:49:40.0919 3624 VaultSvc - ok
13:49:40.0966 3624 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
13:49:40.0982 3624 vdrvroot - ok
13:49:41.0013 3624 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
13:49:41.0060 3624 vds - ok
13:49:41.0091 3624 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:49:41.0107 3624 vga - ok
13:49:41.0138 3624 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:49:41.0185 3624 VgaSave - ok
13:49:41.0216 3624 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
13:49:41.0231 3624 vhdmp - ok
13:49:41.0263 3624 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
13:49:41.0278 3624 viaide - ok
13:49:41.0294 3624 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
13:49:41.0309 3624 volmgr - ok
13:49:41.0325 3624 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:49:41.0341 3624 volmgrx - ok
13:49:41.0387 3624 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
13:49:41.0403 3624 volsnap - ok
13:49:41.0434 3624 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:49:41.0450 3624 vsmraid - ok
13:49:41.0512 3624 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
13:49:41.0575 3624 VSS - ok
13:49:41.0653 3624 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
13:49:41.0684 3624 vToolbarUpdater12.2.6 - ok
13:49:41.0715 3624 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:49:41.0731 3624 vwifibus - ok
13:49:41.0762 3624 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:49:41.0793 3624 vwififlt - ok
13:49:41.0840 3624 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:49:41.0871 3624 vwifimp - ok
13:49:41.0902 3624 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:49:41.0965 3624 W32Time - ok
13:49:42.0011 3624 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:49:42.0027 3624 WacomPen - ok
13:49:42.0058 3624 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:49:42.0105 3624 WANARP - ok
13:49:42.0105 3624 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:49:42.0152 3624 Wanarpv6 - ok
13:49:42.0214 3624 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
13:49:42.0292 3624 wbengine - ok
13:49:42.0323 3624 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:49:42.0339 3624 WbioSrvc - ok
13:49:42.0386 3624 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:49:42.0417 3624 wcncsvc - ok
13:49:42.0448 3624 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:49:42.0511 3624 WcsPlugInService - ok
13:49:42.0526 3624 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:49:42.0542 3624 Wd - ok
13:49:42.0573 3624 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:49:42.0604 3624 Wdf01000 - ok
13:49:42.0620 3624 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:49:42.0667 3624 WdiServiceHost - ok
13:49:42.0667 3624 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:49:42.0698 3624 WdiSystemHost - ok
13:49:42.0729 3624 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
13:49:42.0760 3624 WebClient - ok
13:49:42.0791 3624 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:49:42.0854 3624 Wecsvc - ok
13:49:42.0869 3624 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:49:42.0916 3624 wercplsupport - ok
13:49:42.0963 3624 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:49:43.0025 3624 WerSvc - ok
13:49:43.0057 3624 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:49:43.0088 3624 WfpLwf - ok
13:49:43.0119 3624 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:49:43.0135 3624 WIMMount - ok
13:49:43.0150 3624 WinDefend - ok
13:49:43.0150 3624 WinHttpAutoProxySvc - ok
13:49:43.0197 3624 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:49:43.0259 3624 Winmgmt - ok
13:49:43.0337 3624 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
13:49:43.0431 3624 WinRM - ok
13:49:43.0509 3624 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:49:43.0556 3624 WinUsb - ok
13:49:43.0603 3624 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:49:43.0665 3624 Wlansvc - ok
13:49:43.0681 3624 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:49:43.0712 3624 WmiAcpi - ok
13:49:43.0743 3624 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:49:43.0774 3624 wmiApSrv - ok
13:49:43.0805 3624 WMPNetworkSvc - ok
13:49:43.0821 3624 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:49:43.0852 3624 WPCSvc - ok
13:49:43.0868 3624 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:49:43.0946 3624 WPDBusEnum - ok
13:49:43.0977 3624 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:49:44.0039 3624 ws2ifsl - ok
13:49:44.0055 3624 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
13:49:44.0133 3624 wscsvc - ok
13:49:44.0133 3624 WSearch - ok
13:49:44.0242 3624 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:49:44.0305 3624 wuauserv - ok
13:49:44.0320 3624 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:49:44.0367 3624 WudfPf - ok
13:49:44.0383 3624 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:49:44.0429 3624 WUDFRd - ok
13:49:44.0445 3624 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:49:44.0507 3624 wudfsvc - ok
13:49:44.0539 3624 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:49:44.0570 3624 WwanSvc - ok
13:49:44.0601 3624 ================ Scan global ===============================
13:49:44.0632 3624 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:49:44.0679 3624 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
13:49:44.0679 3624 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
13:49:44.0710 3624 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:49:44.0726 3624 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:49:44.0741 3624 [Global] - ok
13:49:44.0741 3624 ================ Scan MBR ==================================
13:49:44.0741 3624 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:49:45.0771 3624 \Device\Harddisk0\DR0 - ok
13:49:45.0771 3624 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:49:45.0880 3624 \Device\Harddisk1\DR1 - ok
13:49:45.0880 3624 ================ Scan VBR ==================================
13:49:45.0911 3624 [ 79B6B9B7568D1DAB90C1C9F9ED1B6D98 ] \Device\Harddisk0\DR0\Partition1
13:49:45.0927 3624 \Device\Harddisk0\DR0\Partition1 - ok
13:49:45.0943 3624 [ 0A312E7D3BF82F12210B8FD40A8B5835 ] \Device\Harddisk0\DR0\Partition2
13:49:45.0943 3624 \Device\Harddisk0\DR0\Partition2 - ok
13:49:45.0943 3624 [ A6C8D822F1128C0C0517BC97B073761F ] \Device\Harddisk1\DR1\Partition1
13:49:45.0958 3624 \Device\Harddisk1\DR1\Partition1 - ok
13:49:45.0958 3624 ============================================================
13:49:45.0958 3624 Scan finished
13:49:45.0958 3624 ============================================================
13:49:45.0974 4036 Detected object count: 0
13:49:45.0974 4036 Actual detected object count: 0
|
|
10.09.2012, 16:30
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "weißer Bildschirm" Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.09.2012, 19:57
| #25 |
| | "weißer Bildschirm" Trojaner [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-09-10.04 - Marianne 10.09.2012 20:23:18.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.1913.928 [GMT 2:00]
ausgeführt von:: c:\users\Marianne\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marianne\AppData\Roaming\msconfig.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-10 bis 2012-09-10 ))))))))))))))))))))))))))))))
.
.
2012-09-10 11:45 . 2012-09-10 11:45 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-07 09:13 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3740774F-DA18-4D9F-96A4-478CFA720DBB}\mpengine.dll
2012-09-05 12:05 . 2012-09-06 13:06 -------- d-----w- c:\users\Marianne\Tracing
2012-09-04 12:04 . 2012-09-04 10:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-04 12:03 . 2012-09-04 12:03 -------- d-----w- c:\windows\system32\Macromed
2012-09-04 12:03 . 2012-09-04 12:03 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-09-04 11:35 . 2012-09-04 11:35 -------- d-----w- c:\program files (x86)\ESET
2012-09-04 10:10 . 2012-09-04 10:10 -------- d-----w- c:\users\Marianne\AppData\Roaming\Malwarebytes
2012-09-04 10:10 . 2012-09-04 10:10 -------- d-----w- c:\programdata\Malwarebytes
2012-09-04 10:10 . 2012-09-04 10:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-04 10:10 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 10:05 . 2012-09-04 10:05 -------- d-----w- c:\users\Marianne\AppData\Local\Macromedia
2012-09-02 16:17 . 2012-09-02 10:26 -------- d-----w- C:\_OTL
2012-08-20 00:03 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-20 00:03 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe
2012-08-20 00:03 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-20 00:03 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-20 00:03 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-20 00:03 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-20 00:03 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-20 00:03 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll
2012-08-20 00:03 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-20 00:03 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-20 00:03 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-08-20 00:03 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 10:44 . 2012-03-02 13:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 04:51 . 2012-06-24 13:46 95232 ----a-w- c:\windows\system32\pdfcmon.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"DataCardMonitor"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-12-27 253952]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-30 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 UpperF;Motorola SM56 USB Data Fax Modem 2;c:\windows\system32\DRIVERS\utlamot.sys [2006-12-13 45568]
R3 USmSerial;Motorola SM56 USB Data Fax Modem;c:\windows\system32\DRIVERS\USmSerial.sys [2006-12-20 1286656]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-02 136360]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-16 566704]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-08-20 446976]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 10:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
"USmSerial"="c:\program files\Motorola\USmSerial\usm56hlpr.exe" [2006-12-13 830464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\yflqc7zq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Zylom Games Player Plugin - c:\program files (x86)\Zylom Games\UninstallPlugin.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\users\Marianne\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-10 20:54:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-10 18:54
.
Vor Suchlauf: 13 Verzeichnis(se), 82.332.303.360 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 81.532.104.704 Bytes frei
.
- - End Of File - - 102340D5E957D8495F8EA023E04AC79D
|
|
10.09.2012, 21:33
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "weißer Bildschirm" Trojaner Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.09.2012, 19:27
| #27 |
| | "weißer Bildschirm" Trojaner Der Scan mit GMER hat funktioniert, allerdings wird mir da kein Log angezeigt. Auch die Copy Funktion funktioniert nicht. Am Ende des Scans kommt eine Fehlermeldung, das keine System Modifikationen gefunden wurden. Naja dann hier erstmal der Log vom OSAM Scan. Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-11 20:30:04
-----------------------------
20:30:04.796 OS Version: Windows x64 6.1.7600
20:30:04.796 Number of processors: 2 586 0x170A
20:30:04.796 ComputerName: MARIANNE-TOSH UserName: Marianne
20:30:05.342 Initialize success
20:31:55.021 AVAST engine defs: 12091100
20:32:36.049 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:32:36.049 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
20:32:36.080 Disk 0 MBR read successfully
20:32:36.080 Disk 0 MBR scan
20:32:36.096 Disk 0 Windows 7 default MBR code
20:32:36.096 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
20:32:36.142 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 119237 MB offset 821248
20:32:36.174 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 118837 MB offset 245018624
20:32:36.205 Disk 0 scanning C:\Windows\system32\drivers
20:32:46.704 Service scanning
20:33:30.883 Modules scanning
20:33:30.883 Disk 0 trace - called modules:
20:33:30.914 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:33:30.930 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800311d060]
20:33:30.930 3 CLASSPNP.SYS[fffff8800180d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800216e050]
20:33:30.945 Scan finished successfully
20:34:23.829 Disk 0 MBR has been saved successfully to "C:\Users\Marianne\Desktop\MBR.dat"
20:34:23.845 The log file has been saved successfully to "C:\Users\Marianne\Desktop\aswMBR.txt"
|
|
11.09.2012, 23:17
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "weißer Bildschirm" Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2012, 19:32
| #29 |
| | "weißer Bildschirm" TrojanerCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.07.13 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Marianne :: MARIANNE-TOSH [Administrator] Schutz: Deaktiviert 12.09.2012 13:39:44 mbam-log-2012-09-12 (13-39-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 343569 Laufzeit: 1 Stunde(n), 33 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/12/2012 at 03:06 PM
Application Version : 5.5.1016
Core Rules Database Version : 9212
Trace Rules Database Version: 7024
Scan type : Complete Scan
Total Scan Time : 01:25:24
Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User
Memory items scanned : 624
Memory threats detected : 0
Registry items scanned : 65648
Registry threats detected : 0
File items scanned : 45509
File threats detected : 157
Adware.Tracking Cookie
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\M7YNK28I.txt [ /media.gan-online.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\SZHGSLZV.txt [ /adfarm1.adition.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\KZPYEE2O.txt [ /invitemedia.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\OZWG6DUK.txt [ /mediaplex.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\3EJ155S3.txt [ /ad.yieldmanager.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\0MN30HFO.txt [ /fastclick.net ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\W168S0PO.txt [ /ad.zanox.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\PK7YA1Q7.txt [ /adbrite.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\5218WOGA.txt [ /dyntracker.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\8WB5Y8TV.txt [ /ad.360yield.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\3WYJQKDR.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\9QB8YH2N.txt [ /apmebf.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\OLPBY0LN.txt [ /www.zanox-affiliate.de ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\1QW91OHA.txt [ /zanox.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\EFWS6R0Q.txt [ /smartadserver.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\S9NZZ3MN.txt [ /lucidmedia.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\NNYLJU1X.txt [ /media6degrees.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\IR3OCJ10.txt [ /collective-media.net ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\2RBBXLAP.txt [ /atdmt.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\AEF82YTU.txt [ /zanox-affiliate.de ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\XG50JS4O.txt [ /casalemedia.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\9IZ4UPMF.txt [ /ru4.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\E90R00KC.txt [ /tracking.quisma.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\CE6GRXUS.txt [ /ads.intergi.com ]
C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Cookies\C9GE82WS.txt [ /doubleclick.net ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@overture[2].txt [ Cookie:marianne@overture.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@www.bdsmfaces[3].txt [ Cookie:marianne@www.bdsmfaces.com/scj/cgi/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2RKL6XUC.txt [ Cookie:marianne@de.sitestat.com/is24/is24/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@www.bdsmplaypen[1].txt [ Cookie:marianne@www.bdsmplaypen.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@bdsmplaypen[2].txt [ Cookie:marianne@bdsmplaypen.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\WOI30PQQ.txt [ Cookie:marianne@adform.net/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@zedo[2].txt [ Cookie:marianne@zedo.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\C9V6BILZ.txt [ Cookie:marianne@ad3.adfarm1.adition.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SSHWBACI.txt [ Cookie:marianne@revsci.net/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\F1I6M3F1.txt [ Cookie:marianne@adfarm1.adition.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\GISB19NU.txt [ Cookie:marianne@invitemedia.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@mediabrandsww[1].txt [ Cookie:marianne@mediabrandsww.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\210W9YF3.txt [ Cookie:marianne@mediaplex.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\BRVFV14N.txt [ Cookie:marianne@serving-sys.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\56MTRLO0.txt [ Cookie:marianne@ad.yieldmanager.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@adbrite[2].txt [ Cookie:marianne@adbrite.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\DPJ2RPJK.txt [ Cookie:marianne@tribalfusion.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z0O1UF4L.txt [ Cookie:marianne@track.adform.net/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@traffictrack[2].txt [ Cookie:marianne@traffictrack.de/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@keyword-advertising.web[2].txt [ Cookie:marianne@keyword-advertising.web.de/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\PQE56V5N.txt [ Cookie:marianne@ad1.adfarm1.adition.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@sexyfighters[1].txt [ Cookie:marianne@sexyfighters.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@adx.chip[2].txt [ Cookie:marianne@adx.chip.de/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\LCCZ48MB.txt [ Cookie:marianne@ad2.adfarm1.adition.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@imrworldwide[2].txt [ Cookie:marianne@imrworldwide.com/cgi-bin ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@bdsmfaces[3].txt [ Cookie:marianne@bdsmfaces.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\AS5AEZH3.txt [ Cookie:marianne@ad.adserver01.de/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\8EV0BXU1.txt [ Cookie:marianne@warnerbros.112.2o7.net/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y35EQOWP.txt [ Cookie:marianne@apmebf.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@smartadserver[1].txt [ Cookie:marianne@smartadserver.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YSD9CJT4.txt [ Cookie:marianne@accounts.google.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@bs.serving-sys[2].txt [ Cookie:marianne@bs.serving-sys.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@bdsm-paysite-reviews[2].txt [ Cookie:marianne@bdsm-paysite-reviews.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@himedia.individuad[2].txt [ Cookie:marianne@himedia.individuad.net/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@www.googleadservices[1].txt [ Cookie:marianne@www.googleadservices.com/pagead/conversion/1064263931/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@click.richfetish[1].txt [ Cookie:marianne@click.richfetish.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZJ9JKVJD.txt [ Cookie:marianne@tradedoubler.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@media6degrees[2].txt [ Cookie:marianne@media6degrees.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@ww251.smartadserver[1].txt [ Cookie:marianne@ww251.smartadserver.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@collective-media[1].txt [ Cookie:marianne@collective-media.net/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\THEC0GJF.txt [ Cookie:marianne@specificclick.net/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@adecn[2].txt [ Cookie:marianne@adecn.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@user.lucidmedia[1].txt [ Cookie:marianne@user.lucidmedia.com/clicksense/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\5W9MF5ED.txt [ Cookie:marianne@zanox-affiliate.de/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@ads2.net2day[2].txt [ Cookie:marianne@ads2.net2day.de/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@bdsminquisition[1].txt [ Cookie:marianne@bdsminquisition.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@www.bdsmfaces[2].txt [ Cookie:marianne@www.bdsmfaces.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@ads3.net2day[1].txt [ Cookie:marianne@ads3.net2day.de/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\OAF7OVSN.txt [ Cookie:marianne@doubleclick.net/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q0GEVCXB.txt [ Cookie:marianne@fl01.ct2.comclick.com/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marianne@tracking.mindshare[2].txt [ Cookie:marianne@tracking.mindshare.de/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\DLMZJNSE.txt [ Cookie:marianne@yieldmanager.net/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\7YCX7ETY.txt [ Cookie:marianne@unitymedia.de/ ]
C:\USERS\MARIANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\7824M7EG.txt [ Cookie:marianne@server.cpmstar.com/ ]
C:\USERS\MARIANNE\Cookies\M7YNK28I.txt [ Cookie:marianne@media.gan-online.com/ ]
C:\USERS\MARIANNE\Cookies\SZHGSLZV.txt [ Cookie:marianne@adfarm1.adition.com/ ]
C:\USERS\MARIANNE\Cookies\KZPYEE2O.txt [ Cookie:marianne@invitemedia.com/ ]
C:\USERS\MARIANNE\Cookies\OZWG6DUK.txt [ Cookie:marianne@mediaplex.com/ ]
C:\USERS\MARIANNE\Cookies\3EJ155S3.txt [ Cookie:marianne@ad.yieldmanager.com/ ]
C:\USERS\MARIANNE\Cookies\0MN30HFO.txt [ Cookie:marianne@fastclick.net/ ]
C:\USERS\MARIANNE\Cookies\PK7YA1Q7.txt [ Cookie:marianne@adbrite.com/ ]
C:\USERS\MARIANNE\Cookies\3WYJQKDR.txt [ Cookie:marianne@ad1.adfarm1.adition.com/ ]
C:\USERS\MARIANNE\Cookies\9QB8YH2N.txt [ Cookie:marianne@apmebf.com/ ]
C:\USERS\MARIANNE\Cookies\OLPBY0LN.txt [ Cookie:marianne@www.zanox-affiliate.de/ ]
C:\USERS\MARIANNE\Cookies\EFWS6R0Q.txt [ Cookie:marianne@smartadserver.com/ ]
C:\USERS\MARIANNE\Cookies\S9NZZ3MN.txt [ Cookie:marianne@lucidmedia.com/ ]
C:\USERS\MARIANNE\Cookies\NNYLJU1X.txt [ Cookie:marianne@media6degrees.com/ ]
C:\USERS\MARIANNE\Cookies\IR3OCJ10.txt [ Cookie:marianne@collective-media.net/ ]
C:\USERS\MARIANNE\Cookies\AEF82YTU.txt [ Cookie:marianne@zanox-affiliate.de/ ]
C:\USERS\MARIANNE\Cookies\XG50JS4O.txt [ Cookie:marianne@casalemedia.com/ ]
C:\USERS\MARIANNE\Cookies\C9GE82WS.txt [ Cookie:marianne@doubleclick.net/ ]
.eaeacom.112.2o7.net [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.forum.eurobilltracker.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.forum.eurobilltracker.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.forum.eurobilltracker.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.forum.eurobilltracker.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.kaspersky.122.2o7.net [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MARIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFLQC7ZQ.DEFAULT\COOKIES.SQLITE ]
|
|
13.09.2012, 11:42
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "weißer Bildschirm" Trojaner Wie hast du SUPERAntiSpyware gestartet? Einfach per Doppelklick?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu "weißer Bildschirm" Trojaner |
| abgesicherten, abgesicherten modus funktioniert, andere, anderen, bat, beiträge, bildschirm, bruder, desktop, diagnose, durchs, erscheint, funktioniert, googeln, laptop, modus, nicht öffnen, scan, starte, starten, taskmanager, thema, troja, trojaner, weiße, weiße bildschrim virus, weißer, weißer bildschirm, öffnen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
