| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Adware und Spyware gefunden von MNet SicherheitstoolWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.06.2015, 21:33
| #1 |
 |  Adware und Spyware gefunden von MNet Sicherheitstool Guten Abend, seit einigen Wochen verhält sich dieser Rechner sehr suspekt. Heute kam dann der Höhepunkt: Datensicherung ging nicht, CDs ließen sich nicht mehr lesen, USB-Sticks wurden nicht erkannt... Windows Update blieb hängen. Eure Webseite wird zu Werbung umgeleitet :-( Also wende ich mich an euch, weil ihr immer helfen könnt :-) Hier die ersten Logfiles. Defogger gab übrigens keine Fehlermeldung aus. Frst.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by Josi (administrator) on JOSI-NOTEBOOK on 15-06-2015 22:17:39
Running from C:\Users\Josi\Downloads
Loaded Profiles: Josi (Available Profiles: Josi & Beni & Gast)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Common\FSHDLL32.EXE
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\FWES\program\fsdfwd.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsav32.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Common\FSM32.EXE
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [421888 2007-04-16] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1011712 2009-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7289376 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [468320 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [503808 2009-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [729088 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1323008 2009-04-24] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] => C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [570736 2009-04-15] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [299008 2009-05-12] (TOSHIBA CORPORATION)
HKLM\...\Run: [cfFncEnabler.exe] => C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1045904 2009-03-23] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [96144 2009-03-04] (Toshiba Europe GmbH)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4389592 2009-11-06] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [962688 2009-11-06] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [377712 2009-11-06] (Acronis)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [NeroCheck] => C:\Windows\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\M-net\Sicherheitspaket\Common\FSM32.EXE [201128 2009-11-18] (F-Secure Corporation)
HKLM\...\Run: [F-Secure TNB] => C:\Program Files\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe [1655464 2012-07-24] (F-Secure Corporation)
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [135680 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\Run: [Google Update] => C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-20] (Google Inc.)
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\MountPoints2: {2be051eb-2158-11df-b128-0026223033e5} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\MountPoints2: {5530445e-d60d-11e3-a640-0026223033e5} - D:\Menu.exe
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\MountPoints2: {8e1bdb74-9121-11de-8158-806e6f6e6963} - rundll32.exe url,FileProtocolHandler index.html
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\MountPoints2: {c4c27749-ef31-11de-8993-0026223033e5} - D:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
Startup: C:\Users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2009-12-08]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-06-09]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-06-09]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2015-01-25]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-550289631-3001628655-2886833039-1002\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0FFA6FC6-A0BC-4284-9E06-C8B6E3AFBF3B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKLM -> {0FFA6FC6-A0BC-4284-9E06-C8B6E3AFBF3B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKU\S-1-5-21-550289631-3001628655-2886833039-1000 -> DefaultScope {0FFA6FC6-A0BC-4284-9E06-C8B6E3AFBF3B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG_deDE356
SearchScopes: HKU\S-1-5-21-550289631-3001628655-2886833039-1000 -> {0FFA6FC6-A0BC-4284-9E06-C8B6E3AFBF3B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG_deDE356
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2013-01-28] (Sun Microsystems, Inc.)
BHO: Browsing Protection Class -> {C6867EB7-8350-4856-877F-93CF8AE3DC9C} -> C:\Program Files\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll [2014-06-03] (F-Secure Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-01-28] (Sun Microsystems, Inc.)
Toolbar: HKLM - Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll [2014-06-03] (F-Secure Corporation)
Toolbar: HKU\S-1-5-21-550289631-3001628655-2886833039-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 02 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 03 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 04 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 05 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 06 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 07 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 08 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 09 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 10 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Winsock: Catalog9 21 C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352 2012-07-24] (F-Secure Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Josi\AppData\Roaming\Mozilla\Firefox\Profiles\lolrty9n.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_38 -> C:\Windows\system32\npdeployJava1.dll [2013-01-28] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2013-01-28] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Josi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @talk.google.com/O1DPlugin -> C:\Users\Josi\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF user.js: detected! => C:\Users\Josi\AppData\Roaming\Mozilla\Firefox\Profiles\lolrty9n.default\user.js [2015-03-26]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Josi\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Josi\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Josi\AppData\Roaming\Mozilla\Firefox\Profiles\lolrty9n.default\searchplugins\ask-web-search.xml [2013-12-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2015-06-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-08]
FF HKLM\...\Firefox\Extensions: [litmus-ff@f-secure.com] - C:\Program Files\M-net\Sicherheitspaket\NRS\litmus-ff@f-secure.com
FF Extension: Browsing Protection - C:\Program Files\M-net\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012-07-24]
Chrome:
=======
CHR Profile: C:\Users\Josi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Assist Point) - C:\Users\Josi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpoafklolhgippbaembaimabcodejbe [2015-05-03]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [619408 2009-11-06] (Acronis)
R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 F-Secure Gatekeeper Handler Starter; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe [221608 2009-11-18] (F-Secure Corporation)
R3 FSDFWD; C:\Program Files\M-net\Sicherheitspaket\FWES\Program\fsdfwd.exe [524712 2009-11-18] (F-Secure Corporation)
R2 FSMA; C:\Program Files\M-net\Sicherheitspaket\Common\FSMA32.EXE [188840 2009-11-18] (F-Secure Corporation)
R3 FSORSPClient; C:\Program Files\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe [60456 2015-03-10] (F-Secure Corporation)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-03-23] (Toshiba Europe GmbH)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed]
R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [360704 2011-07-04] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604416 2011-07-04] (TuneUp Software)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 F-Secure Filter; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys [41640 2009-11-18] ()
R3 F-Secure Gatekeeper; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys [145856 2013-07-10] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys [69928 2009-11-18] (F-Secure Corporation)
S4 F-Secure Recognizer; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys [27048 2009-11-18] ()
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [43560 2015-06-09] ()
R1 FSES; C:\Windows\System32\drivers\fses.sys [41552 2012-07-24] (F-Secure Corporation)
R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [72904 2009-11-18] (F-Secure Corporation)
R1 fsvista; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys [14248 2009-11-18] ()
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-08-22] (Malwarebytes Corporation)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2009-12-27] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2009-12-27] (Acronis)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-20] (TOSHIBA Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-15 22:17 - 2015-06-15 22:18 - 00023981 _____ C:\Users\Josi\Downloads\FRST.txt
2015-06-15 22:17 - 2015-06-15 22:17 - 00000000 ____D C:\FRST
2015-06-15 22:16 - 2015-06-15 22:17 - 01148416 _____ (Farbar) C:\Users\Josi\Downloads\FRST.exe
2015-06-15 22:15 - 2015-06-15 22:15 - 00000470 _____ C:\Users\Josi\Downloads\defogger_disable.log
2015-06-15 22:15 - 2015-06-15 22:15 - 00000000 _____ C:\Users\Josi\defogger_reenable
2015-06-15 22:14 - 2015-06-15 22:14 - 00050477 _____ C:\Users\Josi\Downloads\Defogger.exe
2015-06-15 21:42 - 2015-06-15 21:42 - 00004484 _____ C:\Users\Josi\Documents\cc_20150615_214201.reg
2015-06-15 20:34 - 2015-06-15 21:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-15 20:28 - 2015-06-15 21:36 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-06-11 20:47 - 2015-06-11 20:47 - 00001701 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 14:08 - 2015-06-09 14:08 - 06420480 _____ C:\Program Files\GUTB24E.tmp
2015-06-09 14:08 - 2015-06-09 14:08 - 00000000 ____D C:\Program Files\GUMB24D.tmp
2015-06-09 14:05 - 2015-06-09 14:05 - 00000008 __RSH C:\ProgramData\ntuser.pol
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-15 22:17 - 2010-03-13 14:37 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-15 22:16 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-15 22:16 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-15 22:15 - 2009-12-06 13:16 - 00000000 ____D C:\Users\Josi
2015-06-15 22:05 - 2014-12-10 18:44 - 01673804 _____ C:\Windows\WindowsUpdate.log
2015-06-15 22:00 - 2011-07-04 07:35 - 00000498 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2015-06-15 21:59 - 2012-09-24 10:19 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000UA.job
2015-06-15 21:47 - 2013-01-08 21:47 - 00000000 ____D C:\Users\Josi\AppData\Roaming\Garmin
2015-06-15 21:45 - 2009-12-06 13:19 - 00000000 ____D C:\Users\Josi\AppData\Local\Google
2015-06-15 21:45 - 2009-06-09 11:27 - 00000000 ____D C:\ProgramData\Google
2015-06-15 21:45 - 2009-06-09 11:27 - 00000000 ____D C:\Program Files\Google
2015-06-15 21:41 - 2010-05-16 18:10 - 00000000 ____D C:\Windows\Minidump
2015-06-15 21:39 - 2008-01-21 09:16 - 01586872 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-15 21:36 - 2012-04-25 13:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-15 21:36 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-15 21:34 - 2010-03-13 14:37 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-15 21:34 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-15 20:59 - 2012-09-24 10:19 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000Core.job
2015-06-15 20:32 - 2012-04-11 07:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-14 22:48 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-13 14:50 - 2009-12-06 18:05 - 00130560 _____ C:\Users\Josi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-10 21:44 - 2009-06-09 11:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 21:43 - 2013-08-16 17:01 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 21:35 - 2006-11-02 12:24 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-10 21:32 - 2012-04-11 07:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-10 21:32 - 2011-08-19 22:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-09 20:50 - 2010-11-21 20:17 - 00000008 __RSH C:\Users\Josi\ntuser.pol
2015-06-09 14:12 - 2012-07-24 21:26 - 00043560 _____ C:\Windows\system32\Drivers\fsbts.sys
==================== Files in the root of some directories =======
2015-06-09 14:08 - 2015-06-09 14:08 - 6420480 _____ () C:\Program Files\GUTB24E.tmp
2014-02-21 15:22 - 2014-02-21 15:22 - 49940480 _____ () C:\Program Files\GUTF415.tmp
2009-12-06 15:51 - 2010-02-10 20:27 - 0000192 _____ () C:\Users\Josi\AppData\Roaming\wklnhst.dat
2009-12-06 23:54 - 2013-04-11 07:26 - 0000680 _____ () C:\Users\Josi\AppData\Local\d3d9caps.dat
2009-12-06 18:05 - 2015-06-13 14:50 - 0130560 _____ () C:\Users\Josi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-13 23:38 - 2009-12-13 23:39 - 0000336 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\Users\Josi\agsetup183se.exe
C:\Users\Josi\avira_antivir_personal415_de.exe
C:\Users\Josi\lameplugin.exe
Some files in TEMP:
====================
C:\Users\Beni\AppData\Local\Temp\AskSLib.dll
C:\Users\Beni\AppData\Local\Temp\contentDATs.exe
C:\Users\Beni\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Beni\AppData\Local\Temp\iev6mvxg.dll
C:\Users\Beni\AppData\Local\Temp\install_flashplayer11x32_mssd_au_aih.exe
C:\Users\Gast\AppData\Local\Temp\tmp54F2.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-15 21:39
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by Josi at 2015-06-15 22:18:32
Running from C:\Users\Josi\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-550289631-3001628655-2886833039-500 - Administrator - Disabled)
Beni (S-1-5-21-550289631-3001628655-2886833039-1002 - Limited - Enabled) => C:\Users\Beni
Gast (S-1-5-21-550289631-3001628655-2886833039-501 - Limited - Enabled) => C:\Users\Gast
Josi (S-1-5-21-550289631-3001628655-2886833039-1000 - Administrator - Enabled) => C:\Users\Josi
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: M-net Sicherheitspaket 9.12 (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: M-net Sicherheitspaket 9.12 (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: M-net Sicherheitspaket 9.12 (Enabled) {2D7AC0A6-6241-D774-E168-461178D9686C}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acronis*True*Image*Home (HKLM\...\{D1E0E859-F46D-4708-A41D-ED90C0C1822A}) (Version: 12.0.9809 - Acronis)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader 9 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.302.105 - ALPS ELECTRIC CO., LTD.)
ATI Catalyst Install Manager (HKLM\...\{4324E4DD-C67C-A413-5C12-5DC694A99AF6}) (Version: 3.0.723.0 - ATI Technologies, Inc.)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version: - )
Canon MX310 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series) (Version: - )
Canon MX310 series Benutzerregistrierung (HKLM\...\Canon MX310 series Benutzerregistrierung) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
ccc-core-static (Version: 2009.0421.2132.36832 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.08 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.05 - Piriform)
Free Hide Folder (HKLM\...\Free Hide Folder) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java(TM) 6 Update 38 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216038FF}) (Version: 6.0.380 - Oracle)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
M-net Sicherheitspaket (HKLM\...\F-Secure Product 444) (Version: - )
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.65 (HKLM\...\myphotobook) (Version: 3.65 - myphotobook)
Nero - Burning Rom (HKLM\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.9 - ahead software gmbh)
OpenOffice.org 3.1 (HKLM\...\{D765F1CE-5AE5-4C47-B134-AE58AC474740}) (Version: 3.1.9420 - OpenOffice.org)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC runtime (HKLM\...\{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}) (Version: 1 - Microsoft Corporation)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5821 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20132 - Realtek Semiconductor Corp.)
Skins (Version: 2009.0421.2132.36832 - ATI) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.10 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.9 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.0.3.0 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.0.5.32 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.0.1 - TOSHIBA Corporation)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.06.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0017 - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.6 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.0.26 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM\...\{7C30283C-8DC7-4FBB-805E-52BEA5F580E8}) (Version: 2.0 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.8 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.6 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.6 - TOSHIBA) Hidden
TuneUp Utilities 2009 (HKLM\...\{55A29068-F2CE-456C-9148-C869879E2357}) (Version: 8.0.3000.20 - TuneUp Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Utility Common Driver (Version: 1.0.50.22C - TOSHIBA) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Josi\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Josi\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-550289631-3001628655-2886833039-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
==================== Restore Points =========================
09-05-2015 17:01:29 Windows Update
12-05-2015 23:29:25 Windows Update
09-06-2015 14:57:37 Geplanter Prüfpunkt
09-06-2015 22:51:53 Windows Update
10-06-2015 21:33:39 Windows Update
11-06-2015 20:57:36 Windows Update
13-06-2015 15:25:40 Geplanter Prüfpunkt
13-06-2015 17:12:59 Windows Update
14-06-2015 21:01:25 Windows Update
14-06-2015 22:41:36 Windows Update
15-06-2015 20:22:50 Windows Update
15-06-2015 20:45:08 Windows Update
15-06-2015 21:46:40 Removed Garmin Lifetime Updater
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {4F0D4563-35AE-4B16-9157-0756CE5A77C0} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {50924D80-73C3-4F60-B083-E457ADAD8C47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {641E51DC-1C3A-406A-9DA3-5BBB92E4DED0} - System32\Tasks\Google Updater and Installer => C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-20] (Google Inc.)
Task: {69E0AE62-46CB-46B8-9702-A31FD5D30590} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17] (Sun Microsystems, Inc.)
Task: {6ED9BFCA-3243-48A3-8529-5F7719B420F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {7FF43289-4788-4F53-8BDE-B6264A365FAC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000Core => C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-20] (Google Inc.)
Task: {83BF85F1-449B-4220-83B9-DA3317E6FC7B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000UA => C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-20] (Google Inc.)
Task: {AA7D33F5-BCDE-41A3-827C-A6C862E9AD53} - System32\Tasks\{DDB4EDFE-E59D-488A-A6B2-DE20766A3D66} => pcalua.exe -a C:\PROGRA~1\FREEHI~1\UNWISE.EXE -c C:\PROGRA~1\FREEHI~1\INSTALL.LOG
Task: {C9EF0F77-EB83-4422-B8C0-8D0B2A753F1E} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Josi => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {DF39B54F-F16D-416E-9D72-1CA38159DC11} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {EDA75C2B-A435-436D-9122-9497926B290D} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [2009-03-20] (TuneUp Software GmbH)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000Core.job => C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000UA.job => C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2012-07-24 21:33 - 2012-07-24 21:33 - 00178816 _____ () C:\Program Files\M-net\Sicherheitspaket\FSPC\engine\0004\fsnrs2_eng.dll
2009-04-24 11:39 - 2009-04-24 11:39 - 00516096 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2009-08-25 04:54 - 2009-04-21 22:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2009-01-30 22:11 - 2009-01-30 22:11 - 00073728 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-03-07 14:15 - 2009-03-07 14:15 - 07005496 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2008-07-14 11:37 - 2008-07-14 11:37 - 00095544 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2009-06-09 11:13 - 2006-10-10 12:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 18:55 - 2006-12-01 18:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2009-08-25 04:55 - 2009-08-25 04:55 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-01-30 10:41 - 2009-01-30 10:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-08-25 04:55 - 2009-08-25 04:55 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-07-24 21:32 - 2012-07-24 21:32 - 00030888 _____ () C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\hashlib_x86.dll
2012-07-24 21:24 - 2009-11-18 18:05 - 00217512 _____ () c:\program files\m-net\sicherheitspaket\daas2\daas2.dll
2012-07-24 21:24 - 2013-04-27 13:54 - 00213048 _____ () C:\Program Files\M-net\Sicherheitspaket\Spam Control\fsas.dll
2012-07-24 21:24 - 2009-11-18 18:06 - 00036864 _____ () C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\FSAVHRES.eng
2012-07-24 21:24 - 2009-11-18 18:06 - 00442792 _____ () C:\Program Files\M-net\Sicherheitspaket\FSGUI\about.dll
2012-07-24 21:24 - 2009-11-18 18:06 - 00090536 _____ () C:\Program Files\M-net\Sicherheitspaket\FSGUI\aboutres.dll
2012-07-24 21:24 - 2009-11-18 18:07 - 00086016 _____ () C:\Program Files\M-net\Sicherheitspaket\FSGUI\strres.eng
2012-07-24 21:24 - 2009-11-18 18:07 - 00553384 _____ () C:\Program Files\M-net\Sicherheitspaket\FSGUI\gres.dll
2012-07-24 21:24 - 2009-11-18 18:06 - 00045056 _____ () C:\Program Files\M-net\Sicherheitspaket\FSGUI\fsavures.eng
2012-07-24 21:24 - 2009-11-18 18:06 - 00143360 _____ () C:\Program Files\M-net\Sicherheitspaket\FSGUI\flyerres.eng
2012-07-24 21:24 - 2009-11-18 18:08 - 00001536 _____ () C:\Program Files\M-net\Sicherheitspaket\FSPC\fspcfsm.eng
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Josi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{97833BE5-EBD8-4D6A-85BD-0E37709B676A}C:\program files\google\google earth\client\googleearth.exe] => (Block) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{048AD7B8-E9A2-405A-B9FB-39B5ECC0A7EB}C:\program files\google\google earth\client\googleearth.exe] => (Block) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [{91CBCA39-E7BE-4AFC-9799-014AD94C85F3}] => (Allow) F:\fsetup.exe
FirewallRules: [{BEBB1534-D584-4761-B00E-BBFEC2AC0F05}] => (Allow) F:\fsetup.exe
FirewallRules: [{69144BF9-C9FD-4DFC-8944-5A3D1B23B780}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C97C910C-4BD3-44FA-B81C-8192769B91B3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C1100173-CF10-4FA6-9A25-CC0B2C62262D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FBE68E62-8283-4D1D-9E3F-62D6A9A49BCF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2015 09:44:13 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 3 2015-06-15 21:44:13+02:00 JOSI-NOTEBOOK Josi-Notebook\Josi F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Variant.Adware.Kazy
Object: C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56\plugins\4\Plugin.exe
Error: (06/15/2015 09:41:53 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2 2015-06-15 21:41:53+02:00 JOSI-NOTEBOOK Josi-Notebook\Josi F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Variant.Adware.Kazy
Object: C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56\plugins\4\Plugin.exe
Error: (06/15/2015 09:37:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2015-06-15 21:37:53+02:00 JOSI-NOTEBOOK Josi-Notebook\Josi F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Variant.Adware.Kazy
Object: C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56\plugins\4\Plugin.exe
Error: (06/15/2015 09:36:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (06/15/2015 09:35:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2015 08:21:27 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2015-06-15 20:21:27+02:00 JOSI-NOTEBOOK Josi-Notebook\Josi F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Variant.Adware.Kazy
Object: C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56\plugins\4\Plugin.exe
Error: (06/15/2015 08:20:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (06/15/2015 08:18:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/14/2015 10:34:59 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2015-06-14 22:34:59+02:00 JOSI-NOTEBOOK Josi-Notebook\Josi F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Gen:Variant.Adware.Kazy
Object: C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56\plugins\4\Plugin.exe
Error: (06/14/2015 10:33:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
System errors:
=============
Microsoft Office:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-06-15 22:18:12.349
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-15 22:18:12.162
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-15 22:18:11.943
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-15 22:18:11.803
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-15 22:18:11.616
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-15 22:18:11.491
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-15 22:18:11.350
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-15 22:18:11.226
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-15 22:18:05.298
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-15 22:18:05.173
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 53%
Total physical RAM: 3035.93 MB
Available physical RAM: 1398.23 MB
Total Pagefile: 6274.13 MB
Available Pagefile: 4520.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1868.55 MB
==================== Drives ================================
Drive c: (Vista) (Fixed) (Total:186.31 GB) (Free:43.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:184.84 GB) (Free:170.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 372.6 GB) (Disk ID: 7878FC96)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=184.8 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
15.06.2015, 22:02
| #2 |
| | Gmer LogCode:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-15 22:54:02
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG01 372,61GB
Running: Gmer-19357.exe; Driver: C:\Users\Josi\AppData\Local\Temp\kglorpoc.sys
---- System - GMER 2.1 ----
SSDT \??\C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys ZwCreateThread [0x92AEFE7C]
SSDT \??\C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys ZwLoadDriver [0x92AF01AC]
SSDT \??\C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x92AEFBBC]
SSDT \??\C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys ZwOpenSection [0x92AF05DE]
SSDT \??\C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys ZwRenameKey [0x92AF187C]
SSDT \??\C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x92AF042E]
SSDT \??\C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys ZwSuspendProcess [0x92AEFA3C]
SSDT \??\C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys ZwSuspendThread [0x92AEFEB0]
SSDT \??\C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x92AF0032]
SSDT \??\C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys ZwTerminateProcess [0x92AEF996]
SSDT \??\C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys ZwTerminateThread [0x92AEFAF6]
SSDT \??\C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x92AEFF76]
SSDT \??\C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x92AEFE96]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetTimerEx + 454 82CEBB18 4 Bytes [7C, FE, AE, 92] {JL 0x0; SCASB ; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 5B0 82CEBC74 4 Bytes [AC, 01, AF, 92]
.text ntkrnlpa.exe!KeSetTimerEx + 5E0 82CEBCA4 4 Bytes [BC, FB, AE, 92]
.text ntkrnlpa.exe!KeSetTimerEx + 630 82CEBCF4 4 Bytes [DE, 05, AF, 92]
.text ntkrnlpa.exe!KeSetTimerEx + 748 82CEBE0C 4 Bytes [7C, 18, AF, 92] {JL 0x1a; SCASD ; XCHG EDX, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8397E480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x839BF900, 0x3CA, 0x48000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91603000, 0x263970, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\svchost.exe[396] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0071000C
.text C:\Windows\system32\svchost.exe[396] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0071100C
.text C:\Windows\system32\svchost.exe[396] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0071200C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[836] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 00CC000C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[836] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 00CC100C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[836] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 00CC200C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[836] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 00CC300C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[836] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 00CC400C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[836] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 00CC600C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[836] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 00CC800C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[836] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 00CC900C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[836] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 00CC700C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[836] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 00CC500C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[836] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 00CCB00C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[836] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 00CCA00C
.text C:\Windows\system32\wininit.exe[892] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0015000C
.text C:\Windows\system32\wininit.exe[892] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0015100C
.text C:\Windows\system32\wininit.exe[892] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0015200C
.text C:\Windows\system32\wininit.exe[892] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0015300C
.text C:\Windows\system32\wininit.exe[892] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0015400C
.text C:\Windows\system32\wininit.exe[892] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0015600C
.text C:\Windows\system32\wininit.exe[892] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0015800C
.text C:\Windows\system32\wininit.exe[892] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0015900C
.text C:\Windows\system32\wininit.exe[892] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0015700C
.text C:\Windows\system32\wininit.exe[892] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0015500C
.text C:\Windows\system32\wininit.exe[892] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0015A00C
.text C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe[948] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 003E000C
.text C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe[948] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 003E100C
.text C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe[948] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 003E200C
.text C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe[948] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 003E300C
.text C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe[948] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 003E400C
.text C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe[948] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 003E600C
.text C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe[948] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 003E800C
.text C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe[948] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 003E900C
.text C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe[948] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 003E700C
.text C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe[948] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 003E500C
.text C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe[948] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 003EA00C
.text C:\Windows\system32\lsass.exe[960] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 001E000C
.text C:\Windows\system32\lsass.exe[960] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 001E100C
.text C:\Windows\system32\lsass.exe[960] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 001E200C
.text C:\Windows\system32\lsass.exe[960] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 001E300C
.text C:\Windows\system32\lsass.exe[960] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 001E400C
.text C:\Windows\system32\lsass.exe[960] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 001E600C
.text C:\Windows\system32\lsass.exe[960] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 001E800C
.text C:\Windows\system32\lsass.exe[960] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 001E900C
.text C:\Windows\system32\lsass.exe[960] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 001E700C
.text C:\Windows\system32\lsass.exe[960] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 001E500C
.text C:\Windows\system32\lsass.exe[960] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 001EB00C
.text C:\Windows\system32\lsass.exe[960] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 001EA00C
.text C:\Windows\system32\lsm.exe[968] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0009000C
.text C:\Windows\system32\lsm.exe[968] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0009100C
.text C:\Windows\system32\lsm.exe[968] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0009200C
.text C:\Windows\system32\lsm.exe[968] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0009300C
.text C:\Windows\system32\lsm.exe[968] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0009400C
.text C:\Windows\system32\lsm.exe[968] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0009600C
.text C:\Windows\system32\lsm.exe[968] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0009800C
.text C:\Windows\system32\lsm.exe[968] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0009900C
.text C:\Windows\system32\lsm.exe[968] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0009700C
.text C:\Windows\system32\lsm.exe[968] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0009500C
.text C:\Windows\system32\lsm.exe[968] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0009A00C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1100] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 00F3000C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1100] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 00F3100C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1100] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 00F3200C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1100] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 00F3300C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1100] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 00F3400C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1100] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 00F3500C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1100] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 00F3B00C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1100] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 00F3600C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1100] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 00F3800C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1100] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 00F3900C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1100] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 00F3700C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1100] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 00F3A00C
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 000D000C
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 000D100C
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 000D200C
.text C:\Windows\system32\winlogon.exe[1184] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 001C000C
.text C:\Windows\system32\winlogon.exe[1184] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 001C100C
.text C:\Windows\system32\winlogon.exe[1184] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 001C200C
.text C:\Windows\system32\winlogon.exe[1184] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 001C300C
.text C:\Windows\system32\winlogon.exe[1184] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 001C400C
.text C:\Windows\system32\winlogon.exe[1184] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 001C600C
.text C:\Windows\system32\winlogon.exe[1184] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 001C800C
.text C:\Windows\system32\winlogon.exe[1184] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 001C900C
.text C:\Windows\system32\winlogon.exe[1184] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 001C700C
.text C:\Windows\system32\winlogon.exe[1184] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 001C500C
.text C:\Windows\system32\winlogon.exe[1184] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 001CB00C
.text C:\Windows\system32\winlogon.exe[1184] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 001CA00C
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 001D000C
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 001D100C
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 001D200C
.text C:\Windows\system32\atiesrxx.exe[1376] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 003C000C
.text C:\Windows\system32\atiesrxx.exe[1376] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 003C100C
.text C:\Windows\system32\atiesrxx.exe[1376] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 003C200C
.text C:\Windows\system32\atiesrxx.exe[1376] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 003C300C
.text C:\Windows\system32\atiesrxx.exe[1376] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 003C400C
.text C:\Windows\system32\atiesrxx.exe[1376] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 003C500C
.text C:\Windows\system32\atiesrxx.exe[1376] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 003CB00C
.text C:\Windows\system32\atiesrxx.exe[1376] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 003C600C
.text C:\Windows\system32\atiesrxx.exe[1376] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 003C800C
.text C:\Windows\system32\atiesrxx.exe[1376] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 003C900C
.text C:\Windows\system32\atiesrxx.exe[1376] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 003C700C
.text C:\Windows\system32\atiesrxx.exe[1376] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 003CA00C
.text C:\Windows\System32\svchost.exe[1396] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0009000C
.text C:\Windows\System32\svchost.exe[1396] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0009100C
.text C:\Windows\System32\svchost.exe[1396] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0009200C
.text C:\Windows\System32\svchost.exe[1432] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 00E9000C
.text C:\Windows\System32\svchost.exe[1432] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 00E9100C
.text C:\Windows\System32\svchost.exe[1432] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 00E9200C
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0026000C
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0026100C
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0026200C
.text C:\Windows\system32\svchost.exe[1624] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 008E000C
.text C:\Windows\system32\svchost.exe[1624] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 008E100C
.text C:\Windows\system32\svchost.exe[1624] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 008E200C
.text C:\Windows\system32\atieclxx.exe[1716] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0038000C
.text C:\Windows\system32\atieclxx.exe[1716] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0038100C
.text C:\Windows\system32\atieclxx.exe[1716] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0038200C
.text C:\Windows\system32\atieclxx.exe[1716] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0038300C
.text C:\Windows\system32\atieclxx.exe[1716] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0038400C
.text C:\Windows\system32\atieclxx.exe[1716] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0038500C
.text C:\Windows\system32\atieclxx.exe[1716] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0038B00C
.text C:\Windows\system32\atieclxx.exe[1716] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0038600C
.text C:\Windows\system32\atieclxx.exe[1716] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0038800C
.text C:\Windows\system32\atieclxx.exe[1716] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0038900C
.text C:\Windows\system32\atieclxx.exe[1716] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0038700C
.text C:\Windows\system32\atieclxx.exe[1716] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 0038A00C
.text C:\Windows\system32\svchost.exe[1808] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 008A000C
.text C:\Windows\system32\svchost.exe[1808] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 008A100C
.text C:\Windows\system32\svchost.exe[1808] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 008A200C
.text C:\Windows\system32\svchost.exe[2180] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 006B000C
.text C:\Windows\system32\svchost.exe[2180] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 006B100C
.text C:\Windows\system32\svchost.exe[2180] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 006B200C
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2356] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 003F000C
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2356] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 003F100C
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2356] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 003F200C
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2356] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 003F300C
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2356] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 003F400C
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2356] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 003F500C
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2356] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 003FB00C
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2356] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 003F600C
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2356] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 003F800C
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2356] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 003F900C
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2356] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 003F700C
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2356] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 003FA00C
.text C:\Windows\system32\TODDSrv.exe[2376] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 002C000C
.text C:\Windows\system32\TODDSrv.exe[2376] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 002C100C
.text C:\Windows\system32\TODDSrv.exe[2376] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 002C200C
.text C:\Windows\system32\TODDSrv.exe[2376] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 002C300C
.text C:\Windows\system32\TODDSrv.exe[2376] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 002C400C
.text C:\Windows\system32\TODDSrv.exe[2376] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 002C500C
.text C:\Windows\system32\TODDSrv.exe[2376] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 002CB00C
.text C:\Windows\system32\TODDSrv.exe[2376] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 002C600C
.text C:\Windows\system32\TODDSrv.exe[2376] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 002C800C
.text C:\Windows\system32\TODDSrv.exe[2376] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 002C900C
.text C:\Windows\system32\TODDSrv.exe[2376] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 002C700C
.text C:\Windows\system32\TODDSrv.exe[2376] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 002CA00C
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2420] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 00CB000C
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2420] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 00CB100C
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2420] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 00CB200C
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2420] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 00CB300C
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2420] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 00CB400C
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2420] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 00CB600C
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2420] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 00CB800C
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2420] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 00CB900C
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2420] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 00CB700C
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2420] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 00CB500C
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2420] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 00CBB00C
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2420] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 00CBA00C
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2440] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 003F000C
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2440] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 003F100C
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2440] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 003F200C
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2440] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 003F300C
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2440] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 003F400C
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2440] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 003F600C
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2440] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 003F800C
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2440] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 003F900C
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2440] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 003F700C
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2440] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 003F500C
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2440] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 003FB00C
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2440] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 003FA00C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2504] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0034000C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2504] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0034100C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2504] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0034200C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2504] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0034300C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2504] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0034400C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2504] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0034600C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2504] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0034800C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2504] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0034900C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2504] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0034700C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2504] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0034500C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2504] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0034B00C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2504] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 0034A00C
.text C:\Windows\System32\TUProgSt.exe[2552] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0039000C
.text C:\Windows\System32\TUProgSt.exe[2552] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0039100C
.text C:\Windows\System32\TUProgSt.exe[2552] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0039200C
.text C:\Windows\System32\TUProgSt.exe[2552] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0039300C
.text C:\Windows\System32\TUProgSt.exe[2552] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0039400C
.text C:\Windows\System32\TUProgSt.exe[2552] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0039600C
.text C:\Windows\System32\TUProgSt.exe[2552] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0039800C
.text C:\Windows\System32\TUProgSt.exe[2552] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0039900C
.text C:\Windows\System32\TUProgSt.exe[2552] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0039700C
.text C:\Windows\System32\TUProgSt.exe[2552] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0039500C
.text C:\Windows\System32\TUProgSt.exe[2552] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0039B00C
.text C:\Windows\System32\TUProgSt.exe[2552] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 0039A00C
.text C:\Windows\System32\svchost.exe[2712] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 000C000C
.text C:\Windows\System32\svchost.exe[2712] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 000C100C
.text C:\Windows\System32\svchost.exe[2712] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 000C200C
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[2856] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 00AA000C
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[2856] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 00AA100C
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[2856] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 00AA200C
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[2856] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 00AA300C
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[2856] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 00AA400C
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[2856] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 00AA500C
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[2856] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 00AAB00C
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[2856] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 00AA600C
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[2856] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 00AA800C
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[2856] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 00AA900C
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[2856] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 00AA700C
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[2856] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 00AAA00C
.text C:\Windows\system32\wbem\wmiprvse.exe[3028] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0100000C
.text C:\Windows\system32\wbem\wmiprvse.exe[3028] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0100100C
.text C:\Windows\system32\wbem\wmiprvse.exe[3028] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0100200C
.text C:\Windows\system32\wbem\wmiprvse.exe[3028] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0100300C
.text C:\Windows\system32\wbem\wmiprvse.exe[3028] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0100400C
.text C:\Windows\system32\wbem\wmiprvse.exe[3028] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0100600C
.text C:\Windows\system32\wbem\wmiprvse.exe[3028] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0100800C
.text C:\Windows\system32\wbem\wmiprvse.exe[3028] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0100900C
.text C:\Windows\system32\wbem\wmiprvse.exe[3028] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0100700C
.text C:\Windows\system32\wbem\wmiprvse.exe[3028] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0100500C
.text C:\Windows\system32\wbem\wmiprvse.exe[3028] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0100B00C
.text C:\Windows\system32\wbem\wmiprvse.exe[3028] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 0100A00C
.text C:\Windows\system32\taskeng.exe[3148] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0022000C
.text C:\Windows\system32\taskeng.exe[3148] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0022100C
.text C:\Windows\system32\taskeng.exe[3148] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0022200C
.text C:\Windows\system32\taskeng.exe[3148] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0022300C
.text C:\Windows\system32\taskeng.exe[3148] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0022400C
.text C:\Windows\system32\taskeng.exe[3148] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0022600C
.text C:\Windows\system32\taskeng.exe[3148] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0022800C
.text C:\Windows\system32\taskeng.exe[3148] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0022900C
.text C:\Windows\system32\taskeng.exe[3148] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0022700C
.text C:\Windows\system32\taskeng.exe[3148] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0022500C
.text C:\Windows\system32\taskeng.exe[3148] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0022B00C
.text C:\Windows\system32\taskeng.exe[3148] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 0022A00C
.text C:\Windows\system32\Dwm.exe[3372] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 00EA000C
.text C:\Windows\system32\Dwm.exe[3372] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 00EA100C
.text C:\Windows\system32\Dwm.exe[3372] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 00EA200C
.text C:\Windows\system32\Dwm.exe[3372] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 00EA300C
.text C:\Windows\system32\Dwm.exe[3372] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 00EA400C
.text C:\Windows\system32\Dwm.exe[3372] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 00EA600C
.text C:\Windows\system32\Dwm.exe[3372] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 00EA800C
.text C:\Windows\system32\Dwm.exe[3372] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 00EA900C
.text C:\Windows\system32\Dwm.exe[3372] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 00EA700C
.text C:\Windows\system32\Dwm.exe[3372] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 00EA500C
.text C:\Windows\system32\Dwm.exe[3372] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 00EAB00C
.text C:\Windows\system32\Dwm.exe[3372] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 00EAA00C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3424] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 019D000C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3424] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 019D100C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3424] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 019D200C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3424] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 019D300C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3424] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 019D400C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3424] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 019D500C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3424] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 019DB00C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3424] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 019D600C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3424] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 019D800C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3424] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 019D900C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3424] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 019D700C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[3424] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 019DA00C
.text C:\Windows\Explorer.EXE[3460] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0354000C
.text C:\Windows\Explorer.EXE[3460] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0354100C
.text C:\Windows\Explorer.EXE[3460] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0354200C
.text C:\Windows\Explorer.EXE[3460] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0354300C
.text C:\Windows\Explorer.EXE[3460] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0354400C
.text C:\Windows\Explorer.EXE[3460] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0354600C
.text C:\Windows\Explorer.EXE[3460] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0354800C
.text C:\Windows\Explorer.EXE[3460] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0354900C
.text C:\Windows\Explorer.EXE[3460] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0354700C
.text C:\Windows\Explorer.EXE[3460] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0354500C
.text C:\Windows\Explorer.EXE[3460] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0354B00C
.text C:\Windows\Explorer.EXE[3460] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 0354A00C
.text C:\Windows\system32\taskeng.exe[3496] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 019C000C
.text C:\Windows\system32\taskeng.exe[3496] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 019C100C
.text C:\Windows\system32\taskeng.exe[3496] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 019C200C
.text C:\Windows\system32\taskeng.exe[3496] kernel32.dll!LoadLibraryExW 779B374A 3 Bytes JMP 019C300C
.text C:\Windows\system32\taskeng.exe[3496] kernel32.dll!LoadLibraryExW + 4 779B374E 1 Byte [8A]
.text C:\Windows\system32\taskeng.exe[3496] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 019C400C
.text C:\Windows\system32\taskeng.exe[3496] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 019C600C
.text C:\Windows\system32\taskeng.exe[3496] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 019C800C
.text C:\Windows\system32\taskeng.exe[3496] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 019C900C
.text C:\Windows\system32\taskeng.exe[3496] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 019C700C
.text C:\Windows\system32\taskeng.exe[3496] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 019C500C
.text C:\Windows\system32\taskeng.exe[3496] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 019CB00C
.text C:\Windows\system32\taskeng.exe[3496] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 019CA00C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3704] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 003F000C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3704] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 003F100C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3704] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 003F200C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3704] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 003F300C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3704] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 003F400C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3704] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 003F600C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3704] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 003F800C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3704] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 003F900C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3704] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 003F700C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3704] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 003F500C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3704] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 003FB00C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3704] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 003FA00C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3720] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 021C000C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3720] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 021C100C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3720] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 021C200C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3720] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 021C300C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3720] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 021C400C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3720] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 021C600C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3720] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 021C800C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3720] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 021C900C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3720] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 021C700C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3720] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 021C500C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3720] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 021CB00C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3720] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 021CA00C
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3748] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 01C1000C
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3748] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 01C1100C
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3748] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 01C1200C
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3748] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 01C1300C
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3748] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 01C1400C
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3748] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 01C1600C
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3748] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 01C1800C
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3748] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 01C1900C
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3748] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 01C1700C
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3748] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 01C1500C
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3748] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 01C1B00C
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3748] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 01C1A00C
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3764] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0034000C
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3764] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0034100C
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3764] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0034200C
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3764] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0034300C
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3764] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0034400C
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3764] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0034500C
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3764] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0034A00C
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3764] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0034600C
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3764] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0034800C
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3764] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0034900C
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3764] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0034700C
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0361000C
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0361100C
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0361200C
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0361300C
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0361400C
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0361500C
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0361B00C
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0361600C
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0361800C
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0361900C
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0361700C
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 0361A00C
.text C:\Program Files\Apoint2K\Apoint.exe[3784] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 01D8000C
.text C:\Program Files\Apoint2K\Apoint.exe[3784] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 01D8100C
.text C:\Program Files\Apoint2K\Apoint.exe[3784] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 01D8200C
.text C:\Program Files\Apoint2K\Apoint.exe[3784] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 01D8300C
.text C:\Program Files\Apoint2K\Apoint.exe[3784] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 01D8400C
.text C:\Program Files\Apoint2K\Apoint.exe[3784] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 01D8500C
.text C:\Program Files\Apoint2K\Apoint.exe[3784] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 01D8B00C
.text C:\Program Files\Apoint2K\Apoint.exe[3784] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 01D8600C
.text C:\Program Files\Apoint2K\Apoint.exe[3784] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 01D8800C
.text C:\Program Files\Apoint2K\Apoint.exe[3784] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 01D8900C
.text C:\Program Files\Apoint2K\Apoint.exe[3784] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 01D8700C
.text C:\Program Files\Apoint2K\Apoint.exe[3784] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 01D8A00C
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3808] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 003C000C
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3808] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 003C100C
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3808] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 003C200C
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3808] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 003C300C
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3808] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 003C400C
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3808] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 003C500C
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3808] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 003CB00C
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3808] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 003C600C
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3808] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 003C800C
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3808] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 003C900C
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3808] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 003C700C
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3808] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 003CA00C
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[3816] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0161000C
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[3816] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0161100C
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[3816] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0161200C
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[3816] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0161300C
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[3816] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0161400C
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[3816] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0161600C
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[3816] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0161800C
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[3816] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0161900C
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[3816] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0161700C
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[3816] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0161500C
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[3816] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0161B00C
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[3816] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 0161A00C
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3824] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 01D5000C
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3824] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 01D5100C
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3824] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 01D5200C
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3824] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 01D5300C
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3824] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 01D5400C
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3824] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 01D5500C
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3824] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 01D5B00C
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3824] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 01D5600C
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3824] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 01D5800C
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3824] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 01D5900C
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3824] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 01D5700C
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3824] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 01D5A00C
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3872] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0037000C
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3872] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0037100C
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3872] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0037200C
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3872] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0037300C
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3872] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0037400C
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3872] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0037500C
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3872] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0037A00C
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3872] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0037600C
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3872] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0037800C
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3872] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0037900C
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3872] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0037700C
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3884] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 003C000C
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3884] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 003C100C
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3884] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 003C200C
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3884] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 003C300C
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3884] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 003C400C
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3884] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 003C600C
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3884] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 003C800C
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3884] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 003C900C
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3884] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 003C700C
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3884] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 003C500C
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3884] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 003CB00C
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3884] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 003CA00C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3896] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0277000C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3896] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0277100C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3896] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0277200C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3896] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0277300C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3896] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0277400C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3896] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0277600C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3896] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0277800C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3896] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0277900C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3896] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0277700C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3896] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0277500C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3896] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0277B00C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3896] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 0277A00C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3908] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0028000C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3908] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0028100C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3908] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0028200C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3908] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0028300C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3908] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0028400C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3908] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0028600C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3908] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0028800C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3908] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0028900C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3908] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0028700C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3908] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0028500C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3908] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0028B00C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3908] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 0028A00C
.text C:\Users\Josi\Downloads\Gmer-19357.exe[4776] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0016000C
.text C:\Users\Josi\Downloads\Gmer-19357.exe[4776] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0016100C
.text C:\Users\Josi\Downloads\Gmer-19357.exe[4776] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0016200C
.text C:\Users\Josi\Downloads\Gmer-19357.exe[4776] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0016300C
.text C:\Users\Josi\Downloads\Gmer-19357.exe[4776] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0016400C
.text C:\Users\Josi\Downloads\Gmer-19357.exe[4776] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0016500C
.text C:\Users\Josi\Downloads\Gmer-19357.exe[4776] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0016A00C
.text C:\Users\Josi\Downloads\Gmer-19357.exe[4776] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0016600C
.text C:\Users\Josi\Downloads\Gmer-19357.exe[4776] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0016800C
.text C:\Users\Josi\Downloads\Gmer-19357.exe[4776] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0016900C
.text C:\Users\Josi\Downloads\Gmer-19357.exe[4776] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0016700C
.text C:\Users\Josi\Downloads\Gmer-19357.exe[4776] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 0016B00C
.text C:\Windows\system32\wuauclt.exe[4960] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0008000C
.text C:\Windows\system32\wuauclt.exe[4960] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0008100C
.text C:\Windows\system32\wuauclt.exe[4960] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0008200C
.text C:\Windows\system32\wuauclt.exe[4960] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0008300C
.text C:\Windows\system32\wuauclt.exe[4960] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0008400C
.text C:\Windows\system32\wuauclt.exe[4960] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 0008A00C
.text C:\Windows\system32\wuauclt.exe[4960] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0008500C
.text C:\Windows\system32\wuauclt.exe[4960] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0008B00C
.text C:\Windows\system32\wuauclt.exe[4960] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0008600C
.text C:\Windows\system32\wuauclt.exe[4960] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0008800C
.text C:\Windows\system32\wuauclt.exe[4960] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0008900C
.text C:\Windows\system32\wuauclt.exe[4960] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0008700C
.text C:\Windows\ehome\ehmsas.exe[5256] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0005000C
.text C:\Windows\ehome\ehmsas.exe[5256] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0005100C
.text C:\Windows\ehome\ehmsas.exe[5256] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0005200C
.text C:\Windows\ehome\ehmsas.exe[5256] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0005300C
.text C:\Windows\ehome\ehmsas.exe[5256] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0005400C
.text C:\Windows\ehome\ehmsas.exe[5256] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0005600C
.text C:\Windows\ehome\ehmsas.exe[5256] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0005800C
.text C:\Windows\ehome\ehmsas.exe[5256] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0005900C
.text C:\Windows\ehome\ehmsas.exe[5256] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0005700C
.text C:\Windows\ehome\ehmsas.exe[5256] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0005500C
.text C:\Windows\ehome\ehmsas.exe[5256] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0005B00C
.text C:\Windows\ehome\ehmsas.exe[5256] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 0005A00C
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[6108] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 0017000C
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[6108] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 0017100C
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[6108] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 0017200C
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[6108] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 0017300C
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[6108] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 0017400C
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[6108] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 0017500C
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[6108] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 0017A00C
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[6108] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 0017600C
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[6108] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 0017800C
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[6108] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 0017900C
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[6108] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 0017700C
.text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[6116] ntdll.dll!NtCreateProcess 77AC80C8 5 Bytes JMP 003E000C
.text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[6116] ntdll.dll!NtCreateProcessEx 77AC80D8 5 Bytes JMP 003E100C
.text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[6116] ntdll.dll!NtCreateUserProcess 77AC9438 5 Bytes JMP 003E200C
.text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[6116] kernel32.dll!LoadLibraryExW 779B374A 5 Bytes JMP 003E300C
.text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[6116] kernel32.dll!TerminateThread 779B3D81 5 Bytes JMP 003E400C
.text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[6116] USER32.dll!SetWindowsHookExW 76577B69 5 Bytes JMP 003E500C
.text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[6116] USER32.dll!DdeConnect 765B997F 5 Bytes JMP 003EB00C
.text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[6116] ADVAPI32.dll!OpenServiceW 7759FFC3 5 Bytes JMP 003E600C
.text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[6116] ADVAPI32.dll!CloseServiceHandle 775A00CD 5 Bytes JMP 003E800C
.text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[6116] ADVAPI32.dll!CreateServiceW 775C38FF 5 Bytes JMP 003E900C
.text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[6116] ADVAPI32.dll!ControlService 775C3B2D 5 Bytes JMP 003E700C
.text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[6116] ole32.dll!CoCreateInstanceEx 7736E1CB 5 Bytes JMP 003EA00C
---- Devices - GMER 2.1 ----
Device Ntfs.sys
AttachedDevice tdrpm251.sys
Device volmgr.sys
AttachedDevice fltmgr.sys
Device iaStor.sys
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 8570FD90
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xA4 0x0F 0xC5 0xCE ...
---- EOF - GMER 2.1 ----
Danke schon mal für die nächsten Schritte! |
|
16.06.2015, 05:33
| #3 |
| /// the machine /// TB-Ausbilder    | Adware und Spyware gefunden von MNet Sicherheitstool hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
16.06.2015, 12:51
| #4 |
| | TDSS log file Hallo und danke dir! Malwarebytes gab keinen FUnd aus. TDSS schon, hier der Log: Code:
ATTFilter 13:32:46.0340 0x16bc TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:33:06.0924 0x16bc ============================================================
13:33:06.0924 0x16bc Current date / time: 2015/06/16 13:33:06.0924
13:33:06.0924 0x16bc SystemInfo:
13:33:06.0924 0x16bc
13:33:06.0924 0x16bc OS Version: 6.0.6001 ServicePack: 1.0
13:33:06.0924 0x16bc Product type: Workstation
13:33:06.0925 0x16bc ComputerName: JOSI-NOTEBOOK
13:33:06.0925 0x16bc UserName: Josi
13:33:06.0925 0x16bc Windows directory: C:\Windows
13:33:06.0925 0x16bc System windows directory: C:\Windows
13:33:06.0925 0x16bc Processor architecture: Intel x86
13:33:06.0925 0x16bc Number of processors: 2
13:33:06.0925 0x16bc Page size: 0x1000
13:33:06.0925 0x16bc Boot type: Normal boot
13:33:06.0925 0x16bc ============================================================
13:33:07.0232 0x16bc KLMD registered as C:\Windows\system32\drivers\43063721.sys
13:33:07.0526 0x16bc System UUID: {BB03ABB2-EBC3-F66A-AB01-904E3ACBBB76}
13:33:08.0767 0x16bc Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 ( 372.61 Gb ), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:33:08.0768 0x16bc ============================================================
13:33:08.0768 0x16bc \Device\Harddisk0\DR0:
13:33:08.0768 0x16bc MBR partitions:
13:33:08.0768 0x16bc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
13:33:08.0769 0x16bc \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1749C800
13:33:08.0769 0x16bc \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1778B000, BlocksNum 0x171AE000
13:33:08.0769 0x16bc ============================================================
13:33:08.0811 0x16bc C: <-> \Device\Harddisk0\DR0\Partition2
13:33:08.0861 0x16bc E: <-> \Device\Harddisk0\DR0\Partition3
13:33:08.0862 0x16bc ============================================================
13:33:08.0862 0x16bc Initialize success
13:33:08.0862 0x16bc ============================================================
13:34:06.0760 0x0bf0 ============================================================
13:34:06.0760 0x0bf0 Scan started
13:34:06.0760 0x0bf0 Mode: Manual; SigCheck; TDLFS;
13:34:06.0760 0x0bf0 ============================================================
13:34:06.0760 0x0bf0 KSN ping started
13:34:20.0098 0x0bf0 KSN ping finished: true
13:34:21.0310 0x0bf0 ================ Scan system memory ========================
13:34:21.0310 0x0bf0 System memory - ok
13:34:21.0311 0x0bf0 ================ Scan services =============================
13:34:22.0157 0x0bf0 [ FCB8C7210F0135E24C6580F7F649C73C, 7E5E3D0B4F4BD418E6CC551850C672E1AF347CBB2E665B6F72638786CE5079C5 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:34:22.0492 0x0bf0 ACPI - ok
13:34:22.0859 0x0bf0 [ 2841973308641ACC6236E583449B6357, 78EE6F3A5878D48D07F510CEAABBA27CA4CA21C51F2E950E9C16C1F86604B6BE ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
13:34:23.0035 0x0bf0 AcrSch2Svc - ok
13:34:23.0324 0x0bf0 [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:34:23.0454 0x0bf0 AdobeFlashPlayerUpdateSvc - ok
13:34:23.0502 0x0bf0 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:34:23.0549 0x0bf0 adp94xx - ok
13:34:23.0627 0x0bf0 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:34:23.0671 0x0bf0 adpahci - ok
13:34:23.0723 0x0bf0 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:34:23.0756 0x0bf0 adpu160m - ok
13:34:23.0777 0x0bf0 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:34:23.0834 0x0bf0 adpu320 - ok
13:34:23.0928 0x0bf0 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:34:24.0009 0x0bf0 AeLookupSvc - ok
13:34:24.0118 0x0bf0 [ 48EB99503533C27AC6135648E5474457, 344A83008F41AAC3CDFC52EFC4F2EFF441971C58182597D2FBED315B3FC62137 ] AFD C:\Windows\system32\drivers\afd.sys
13:34:24.0171 0x0bf0 AFD - ok
13:34:24.0224 0x0bf0 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:34:24.0258 0x0bf0 agp440 - ok
13:34:24.0308 0x0bf0 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:34:24.0363 0x0bf0 aic78xx - ok
13:34:24.0406 0x0bf0 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
13:34:24.0492 0x0bf0 ALG - ok
13:34:24.0547 0x0bf0 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
13:34:24.0579 0x0bf0 aliide - ok
13:34:24.0898 0x0bf0 [ 761F38EE3C1146A7434AD72763382544, B9ECCFB92AB1E569E36A7542A6D3D6805B3C4D105C22C84C3A1BC53662D86ED7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:34:24.0983 0x0bf0 AMD External Events Utility - ok
13:34:25.0016 0x0bf0 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:34:25.0161 0x0bf0 amdagp - ok
13:34:25.0282 0x0bf0 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
13:34:25.0309 0x0bf0 amdide - ok
13:34:25.0378 0x0bf0 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
13:34:25.0469 0x0bf0 AmdK7 - ok
13:34:25.0536 0x0bf0 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:34:25.0603 0x0bf0 AmdK8 - ok
13:34:25.0639 0x0bf0 [ 95116E2BCFAF5A36AF0369050E92B9A5, 34F7D6B2F37379698DAA80FEB98F0EA092968AEE7021E5917019E782CD260FFC ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
13:34:25.0723 0x0bf0 ApfiltrService - ok
13:34:25.0811 0x0bf0 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
13:34:25.0873 0x0bf0 Appinfo - ok
13:34:25.0896 0x0bf0 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
13:34:25.0927 0x0bf0 arc - ok
13:34:26.0034 0x0bf0 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:34:26.0065 0x0bf0 arcsas - ok
13:34:26.0278 0x0bf0 [ 2FE0D5DB69014980A970D3BF9A85D2B1, 3837F176B0CB7FEA2689D90B50B62F660FE579A5EB1E47C827DFA95596B72D1E ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:34:26.0317 0x0bf0 aspnet_state - ok
13:34:26.0345 0x0bf0 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:34:26.0387 0x0bf0 AsyncMac - ok
13:34:26.0441 0x0bf0 [ 9C0E70031905ADBF94EDB9EA14AF943B, 88E4A250C22E919DECEDF1D59566265C473CDFAC97440F25A6D05E6200223194 ] atapi C:\Windows\system32\drivers\atapi.sys
13:34:26.0473 0x0bf0 atapi - ok
13:34:26.0939 0x0bf0 [ 53DF058C7115B3E6259954D2A2DBF8E9, 5B405E47124096BE4EC30B9EEDDF93D898D8E50996834FAB3497C1112FD25555 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:34:27.0839 0x0bf0 atikmdag - ok
13:34:27.0893 0x0bf0 [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:34:27.0967 0x0bf0 AudioEndpointBuilder - ok
13:34:28.0004 0x0bf0 [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:34:28.0087 0x0bf0 Audiosrv - ok
13:34:28.0152 0x0bf0 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
13:34:28.0241 0x0bf0 Beep - ok
13:34:28.0287 0x0bf0 [ 8582E233C346AEFE759833E8A30DD697, 2B0A4FB7F0C3256A5003821634DFA04BA8C3FBB46E942E8BC5D114AF8D1E5354 ] BFE C:\Windows\System32\bfe.dll
13:34:28.0487 0x0bf0 BFE - ok
13:34:28.0637 0x0bf0 [ 02ED7B4DBC2A3232A389106DA7515C3D, 0DFCD03CB967D1A980D56124603F353DC1D800E3A5E436EEE95C65FDE17398CF ] BITS C:\Windows\System32\qmgr.dll
13:34:28.0872 0x0bf0 BITS - ok
13:34:28.0944 0x0bf0 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:34:28.0989 0x0bf0 blbdrive - ok
13:34:29.0089 0x0bf0 [ 8153396D5551276227FA146900F734E6, 0AE06774162D542D9E95246B7112A40D7C463EF331B4F56C9CF8AD99A0341E38 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:34:29.0126 0x0bf0 bowser - ok
13:34:29.0173 0x0bf0 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:34:29.0208 0x0bf0 BrFiltLo - ok
13:34:29.0234 0x0bf0 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:34:29.0359 0x0bf0 BrFiltUp - ok
13:34:29.0450 0x0bf0 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
13:34:29.0496 0x0bf0 Browser - ok
13:34:29.0549 0x0bf0 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
13:34:29.0614 0x0bf0 Brserid - ok
13:34:29.0640 0x0bf0 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:34:29.0704 0x0bf0 BrSerWdm - ok
13:34:29.0757 0x0bf0 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:34:29.0875 0x0bf0 BrUsbMdm - ok
13:34:29.0918 0x0bf0 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:34:30.0023 0x0bf0 BrUsbSer - ok
13:34:30.0042 0x0bf0 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:34:30.0106 0x0bf0 BTHMODEM - ok
13:34:30.0240 0x0bf0 [ F1140ED3A1E1D6824A63F27AFD9EEF32, AF40AA352857A4161B500C404B88DEBD41E0A06640393B57CD5FD14E325BBE97 ] camsvc C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
13:34:30.0270 0x0bf0 camsvc - ok
13:34:30.0305 0x0bf0 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:34:30.0355 0x0bf0 cdfs - ok
13:34:30.0418 0x0bf0 [ 1EC25CEA0DE6AC4718BF89F9E1778B57, 019E12C30E7A395259F3906EC55AFF86949CFDBB443060208C8B91B9EB7F9FB7 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:34:30.0481 0x0bf0 cdrom - ok
13:34:30.0559 0x0bf0 [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] CertPropSvc C:\Windows\System32\certprop.dll
13:34:30.0623 0x0bf0 CertPropSvc - ok
13:34:30.0656 0x0bf0 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
13:34:30.0739 0x0bf0 circlass - ok
13:34:30.0828 0x0bf0 [ 465745561C832B29F7C48B488AAB3842, B631C61FBF6E2641FED7C4CFC1B179D19143B04CF76DCF48A9C7582E756FFD8C ] CLFS C:\Windows\system32\CLFS.sys
13:34:30.0915 0x0bf0 CLFS - ok
13:34:31.0011 0x0bf0 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:34:31.0052 0x0bf0 clr_optimization_v2.0.50727_32 - ok
13:34:31.0113 0x0bf0 [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:34:31.0284 0x0bf0 clr_optimization_v4.0.30319_32 - ok
13:34:31.0378 0x0bf0 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:34:31.0418 0x0bf0 CmBatt - ok
13:34:31.0435 0x0bf0 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:34:31.0462 0x0bf0 cmdide - ok
13:34:31.0522 0x0bf0 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:34:31.0551 0x0bf0 Compbatt - ok
13:34:31.0556 0x0bf0 COMSysApp - ok
13:34:31.0630 0x0bf0 [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
13:34:31.0661 0x0bf0 ConfigFree Service - ok
13:34:31.0701 0x0bf0 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:34:31.0748 0x0bf0 crcdisk - ok
13:34:31.0783 0x0bf0 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
13:34:31.0934 0x0bf0 Crusoe - ok
13:34:31.0983 0x0bf0 [ 6DE363F9F99334514C46AEC02D3E3678, FF403B8A4D7D6B3D2F23E2711D1353CFB0C748AD7D7927CF5DFBD99CD169D826 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:34:32.0079 0x0bf0 CryptSvc - ok
13:34:32.0195 0x0bf0 [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:34:32.0581 0x0bf0 DcomLaunch - ok
13:34:32.0651 0x0bf0 [ A3E9FA213F443AC77C7746119D13FEEC, 479B349BFC811D20572C09C4A2228C3880F8F3B4B4BA5F4E56600C7EF583DE7B ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:34:32.0686 0x0bf0 DfsC - ok
13:34:32.0959 0x0bf0 [ FA3463F25F9CC9C3BCF1E7912FEFF099, 8CFA0F1DFD975ED877B303EB55BE52B0B1EC2B20FEC36820121A0F5E046E0032 ] DFSR C:\Windows\system32\DFSR.exe
13:34:33.0429 0x0bf0 DFSR - ok
13:34:33.0485 0x0bf0 [ 43A988A9C10333476CB5FB667CBD629D, 7E0DD57E75A50E3671673876631A1E66A4AC16810418BEC1AC2143DFD331F389 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:34:33.0623 0x0bf0 Dhcp - ok
13:34:33.0675 0x0bf0 [ 64109E623ABD6955C8FB110B592E68B7, 964F456EF44F9AE836B8CAB438FEB18303B2548A2B7D85FEBD72F4F80127B0EE ] disk C:\Windows\system32\drivers\disk.sys
13:34:33.0706 0x0bf0 disk - ok
13:34:33.0752 0x0bf0 [ F5A0F1DA1ED8B429597E71D27D976E31, 5C1D2509DAB5FF9B4F23C658222A579F1175088447E2E6A414C15C4252EBDA5A ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:34:33.0799 0x0bf0 Dnscache - ok
13:34:33.0865 0x0bf0 [ 5AF620A08C614E24206B79E8153CF1A8, 5BB32FF3C9A5C51C2773F0ECF9647749667F4678EF3C75FEB4420EC6C805913E ] dot3svc C:\Windows\System32\dot3svc.dll
13:34:33.0990 0x0bf0 dot3svc - ok
13:34:34.0059 0x0bf0 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
13:34:34.0113 0x0bf0 DPS - ok
13:34:34.0140 0x0bf0 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:34:34.0225 0x0bf0 drmkaud - ok
13:34:34.0296 0x0bf0 [ 85F33880B8CFB554BD3D9CCDB486845A, 2D120F94800AEB886D4BA2A45FE2454EBB1FAC3E57BDE552737EBDE7EF8899CF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:34:34.0464 0x0bf0 DXGKrnl - ok
13:34:34.0608 0x0bf0 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:34:34.0709 0x0bf0 E1G60 - ok
13:34:34.0763 0x0bf0 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
13:34:34.0835 0x0bf0 EapHost - ok
13:34:34.0897 0x0bf0 [ DD2CD259D83D8B72C02C5F2331FF9D68, 07E758A414442FEAFE55FB28842D960971553DB16C31D5791FDD0843CBF5E2B4 ] Ecache C:\Windows\system32\drivers\ecache.sys
13:34:34.0983 0x0bf0 Ecache - ok
13:34:35.0152 0x0bf0 [ 3A511ED3C9A9DA2CD5A50FF46178063A, FA8732D1B078E01EC2337BE1997B58B37BC3C39747D932F8CAB1B98C6BC754F5 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:34:35.0329 0x0bf0 ehRecvr - ok
13:34:35.0382 0x0bf0 [ A3D94C93333619458AF4BDE7531234C5, E01860EDC1AA3D9B58F9EC5BE20838A7C7B0A1F68B0264281AEDD6F5B69AA1BD ] ehSched C:\Windows\ehome\ehsched.exe
13:34:35.0479 0x0bf0 ehSched - ok
13:34:35.0519 0x0bf0 [ 487BA5C5BB442BD172F120DC197811C2, C43068044443FFB2368BAD0008DADF5D4218D0DCD9AB9F1D492540DE9CDC7EB9 ] ehstart C:\Windows\ehome\ehstart.dll
13:34:35.0572 0x0bf0 ehstart - ok
13:34:35.0634 0x0bf0 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:34:35.0821 0x0bf0 elxstor - ok
13:34:35.0914 0x0bf0 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C, 80385AC32CE8388F06341AA4A880F68E0EB5815CCCA5CF8E799846F472DCE360 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:34:36.0168 0x0bf0 EMDMgmt - ok
13:34:36.0207 0x0bf0 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:34:36.0248 0x0bf0 ErrDev - ok
13:34:36.0366 0x0bf0 [ 3CB3343D720168B575133A0A20DC2465, B356938AC3D9CE833A2C0EBFAA548CDB6B68BEDDB2CCA80222E508BD978FB26B ] EventSystem C:\Windows\system32\es.dll
13:34:36.0505 0x0bf0 EventSystem - ok
13:34:36.0578 0x0bf0 [ 0D858EB20589A34EFB25695ACAA6AA2D, E5C891D8971173D78194176CB38C0D62C1245C71E04DD94EC742A69C2925F843 ] exfat C:\Windows\system32\drivers\exfat.sys
13:34:36.0675 0x0bf0 exfat - ok
13:34:36.0838 0x0bf0 [ C42B0105E09B1ECE2DD75141CF64AFD6, 499E3BDD16DD8CE48EC9313A7ADEBCBD164A38C27ED1CE7196A6E1A523BBF7D4 ] F-Secure Filter C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys
13:34:36.0867 0x0bf0 F-Secure Filter - ok
13:34:37.0034 0x0bf0 [ 86002959B3C33C89F3257859CC4E1BC3, BA8F076C83AD18FD5D7E073A413177A6390C8488762ED3FD82FE9EF9D88AD8E0 ] F-Secure Gatekeeper C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys
13:34:37.0101 0x0bf0 F-Secure Gatekeeper - ok
13:34:37.0240 0x0bf0 [ 2346842F07E2AB64D1DC83A67FCCDFA1, 4F2C93CB357488A3653F584F28C4617B675A4497F8FBFDC75F85AB0838D3F67E ] F-Secure Gatekeeper Handler Starter C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe
13:34:37.0327 0x0bf0 F-Secure Gatekeeper Handler Starter - ok
13:34:37.0452 0x0bf0 [ DC0720248DC4D1F303DF94CCC3ADFF96, 323688D74DBA3F4775A77A5693E84FA7E386734459FD0C32DBD0D045B55BF0E4 ] F-Secure HIPS C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys
13:34:37.0521 0x0bf0 F-Secure HIPS - ok
13:34:37.0674 0x0bf0 [ 17B22D1BB6770D8A86573387345C1738, ED04BB18ED54B92F612FC11130F8FAC3F04CAFDF39F79BF72A97290710FC8F05 ] F-Secure Recognizer C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys
13:34:37.0725 0x0bf0 F-Secure Recognizer - ok
13:34:37.0766 0x0bf0 [ 3C489390C2E2064563727752AF8EAB9E, BF528F6D4718AC160C103FD89496C6B7BABED7A17A6BD4222D684AF22FE21A49 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:34:37.0850 0x0bf0 fastfat - ok
13:34:37.0898 0x0bf0 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:34:37.0941 0x0bf0 fdc - ok
13:34:38.0020 0x0bf0 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
13:34:38.0064 0x0bf0 fdPHost - ok
13:34:38.0087 0x0bf0 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
13:34:38.0195 0x0bf0 FDResPub - ok
13:34:38.0245 0x0bf0 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:34:38.0304 0x0bf0 FileInfo - ok
13:34:38.0374 0x0bf0 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:34:38.0490 0x0bf0 Filetrace - ok
13:34:38.0509 0x0bf0 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:34:38.0553 0x0bf0 flpydisk - ok
13:34:38.0647 0x0bf0 [ 05EA53AFE985443011E36DAB07343B46, E033C1C218E9B0D22B63E1B927D7BBE331B59814F26952B68BEDC914EF881E55 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:34:38.0761 0x0bf0 FltMgr - ok
13:34:38.0937 0x0bf0 [ C9BE08664611DDAF98E2331E9288B00B, C645DDAB5FD588486553DF2DD5750AF5A967FEE988F4EB29E05362E3362DF4A2 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:34:38.0966 0x0bf0 FontCache3.0.0.0 - ok
13:34:39.0046 0x0bf0 [ C46C9E277A193CFDD2BAF0874A2F7450, E93BC96330A9ADF061A73D41424703DE2D7BFAE0F73A5DFF3F0A8BDE21D64242 ] fsbts C:\Windows\system32\Drivers\fsbts.sys
13:34:39.0079 0x0bf0 fsbts - ok
13:34:39.0264 0x0bf0 [ 7CD27E80DFD22F02FBDA47B706ABA0F2, 363A4D304FEFC3FF832B5F219E0C05A8036D0C66F03BE0D8BE7DD13C39090AB8 ] FSDFWD C:\Program Files\M-net\Sicherheitspaket\FWES\Program\fsdfwd.exe
13:34:39.0529 0x0bf0 FSDFWD - ok
13:34:39.0596 0x0bf0 [ 45D83EB65FC09ACFFFA5D27053EB9FF3, 1297DF1A294F1350DCB3581206784F531342273F6E00E8EC5F5A7CA6732E747E ] FSES C:\Windows\system32\drivers\fses.sys
13:34:39.0626 0x0bf0 FSES - ok
13:34:39.0687 0x0bf0 [ 4873E90A180E1585F9B6C6D52AEBF52C, 6935C17E5EF4C3603C01AECCD76342937DCE4171FCFC35671C721DFD1FCFC332 ] FSFW C:\Windows\system32\drivers\fsdfw.sys
13:34:39.0791 0x0bf0 FSFW - ok
13:34:39.0883 0x0bf0 [ 8A556A81E9FF95BD9EB7207783E8FCF4, 4E831D4D87763A0CD8CD9EFA9774EACED5AFF5B84CEDB5CA9C7B3E8FC38F1D0D ] FSMA C:\Program Files\M-net\Sicherheitspaket\Common\FSMA32.EXE
13:34:39.0931 0x0bf0 FSMA - ok
13:34:40.0104 0x0bf0 [ 277A41EB7D2DAA7105DF85BFC2F1C9AD, 59141146C7292C4B9ABC4D019B07E6A3EEB759DB97B629046F168B944459208D ] FSORSPClient C:\Program Files\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe
13:34:40.0163 0x0bf0 FSORSPClient - ok
13:34:40.0220 0x0bf0 [ D8B300C1C744460DAE837DB72BC2CCBD, 625A31DF8DA08EC2EDFFBD10C671F71F9970246F954AB0ED004DE78505F48B7A ] fsvista C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys
13:34:40.0244 0x0bf0 fsvista - ok
13:34:40.0260 0x0bf0 [ 65EA8B77B5851854F0C55C43FA51A198, 150BE6C195094DBEAC4FD73CC1C31FF59B77A73944574E244D280EE2DE69DC2F ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:34:40.0358 0x0bf0 Fs_Rec - ok
13:34:40.0413 0x0bf0 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:34:40.0447 0x0bf0 gagp30kx - ok
13:34:40.0522 0x0bf0 [ D9F1113D9401185245573350712F92FC, 7D8E96B61D7FC1FCC7D70A19DB725BCEA78FE94F3D7AFBB1202771D530A628B7 ] gpsvc C:\Windows\System32\gpsvc.dll
13:34:40.0785 0x0bf0 gpsvc - ok
13:34:40.0869 0x0bf0 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:34:41.0027 0x0bf0 gupdate - ok
13:34:41.0091 0x0bf0 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:34:41.0131 0x0bf0 gupdatem - ok
13:34:41.0247 0x0bf0 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:34:41.0377 0x0bf0 gusvc - ok
13:34:41.0430 0x0bf0 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:34:41.0586 0x0bf0 HdAudAddService - ok
13:34:41.0673 0x0bf0 [ C87B1EE051C0464491C1A7B03FA0BC99, 0EF498A7D37A454E8B6DB1BE3C0EADA648B51B34A2BB553171E766463E54EE90 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:34:41.0772 0x0bf0 HDAudBus - ok
13:34:41.0813 0x0bf0 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:34:41.0914 0x0bf0 HidBth - ok
13:34:41.0955 0x0bf0 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
13:34:42.0013 0x0bf0 HidIr - ok
13:34:42.0111 0x0bf0 [ 8FA640195279ACE21BEA91396A0054FC, 20541E5FA29B3FBD8824F3DF93C7D63AFEE56948F82FFDE20E9E87F5C0A3A789 ] hidserv C:\Windows\system32\hidserv.dll
13:34:42.0188 0x0bf0 hidserv - ok
13:34:42.0261 0x0bf0 [ 854CA287AB7FAF949617A788306D967E, 8C0BC3727C07634FAD35C7184C72B6D48D428F35E612257A833F00CACF4AAB5D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:34:42.0327 0x0bf0 HidUsb - ok
13:34:42.0397 0x0bf0 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
13:34:42.0532 0x0bf0 hkmsvc - ok
13:34:42.0586 0x0bf0 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:34:42.0616 0x0bf0 HpCISSs - ok
13:34:42.0678 0x0bf0 [ 96E241624C71211A79C84F50A8E71CAB, EB6E679218B781F67FBFF4EB12DDE44769ACA7EA3F83A4404A073EA89C902C25 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:34:42.0884 0x0bf0 HTTP - ok
13:34:42.0938 0x0bf0 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:34:42.0967 0x0bf0 i2omp - ok
13:34:43.0027 0x0bf0 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:34:43.0068 0x0bf0 i8042prt - ok
13:34:43.0154 0x0bf0 [ 71ECC07BC7C5E24C3DD01D8A29A24054, 03BB7E80212B038E26B439F41D757152B00CBC5E20ADE54B0FC903B199B73E88 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:34:43.0269 0x0bf0 iaStor - ok
13:34:43.0301 0x0bf0 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:34:43.0447 0x0bf0 iaStorV - ok
13:34:43.0656 0x0bf0 [ 7B630ACAED64FEF0C3E1CF255CB56686, 9DCC6953BC6EF77C3916F8AA226CEC0662513A23AB60E9F714D53746E82FB372 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:34:43.0985 0x0bf0 idsvc - ok
13:34:44.0076 0x0bf0 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:34:44.0105 0x0bf0 iirsp - ok
13:34:44.0173 0x0bf0 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC, ED795B07B38EDBB2850384EDFA04C85539D4D22A7AAB8981C83C84E2EAB5976F ] IKEEXT C:\Windows\System32\ikeext.dll
13:34:44.0317 0x0bf0 IKEEXT - ok
13:34:44.0633 0x0bf0 [ 2E4F8AD76CB1203D68DB6E8F02E4AF74, 88224DFD93408E8345644D8C65429C300229EE5D457F45F27DEFF4E4E0F871EF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:34:44.0895 0x0bf0 IntcAzAudAddService - ok
13:34:44.0940 0x0bf0 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
13:34:44.0969 0x0bf0 intelide - ok
13:34:44.0990 0x0bf0 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:34:45.0041 0x0bf0 intelppm - ok
13:34:45.0068 0x0bf0 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:34:45.0150 0x0bf0 IPBusEnum - ok
13:34:45.0196 0x0bf0 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:34:45.0256 0x0bf0 IpFilterDriver - ok
13:34:45.0303 0x0bf0 [ 6A35D233693EDC29A12742049BC5E37F, 77275407105492A11CDC232E72C8183F0DFD28F8B9AD2A24AAABDB246F14D38F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:34:45.0474 0x0bf0 iphlpsvc - ok
13:34:45.0482 0x0bf0 IpInIp - ok
13:34:45.0514 0x0bf0 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:34:45.0582 0x0bf0 IPMIDRV - ok
13:34:45.0636 0x0bf0 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:34:45.0719 0x0bf0 IPNAT - ok
13:34:45.0740 0x0bf0 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:34:45.0797 0x0bf0 IRENUM - ok
13:34:45.0842 0x0bf0 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:34:46.0357 0x0bf0 isapnp - ok
13:34:46.0400 0x0bf0 [ F247EEC28317F6C739C16DE420097301, 0F4BE16BB0630DFE2256F70C94D4363B7B71F02F7F6597E7CAE28A3EFEA7BCAD ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:34:46.0496 0x0bf0 iScsiPrt - ok
13:34:46.0550 0x0bf0 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:34:46.0582 0x0bf0 iteatapi - ok
13:34:46.0604 0x0bf0 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:34:46.0655 0x0bf0 iteraid - ok
13:34:46.0994 0x0bf0 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:34:47.0082 0x0bf0 kbdclass - ok
13:34:47.0223 0x0bf0 [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:34:47.0379 0x0bf0 kbdhid - ok
13:34:47.0463 0x0bf0 [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] KeyIso C:\Windows\system32\lsass.exe
13:34:47.0493 0x0bf0 KeyIso - ok
13:34:47.0620 0x0bf0 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA, 903CF1169D984BBDAE114827D82D5CCC88C2BC7CAEE6BB3A299E2572B0751BB6 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:34:47.0989 0x0bf0 KSecDD - ok
13:34:48.0096 0x0bf0 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:34:48.0342 0x0bf0 KtmRm - ok
13:34:48.0525 0x0bf0 [ 05CE901A4472B3FBF9407C94AD1DB693, FDBACD00F61F86F3D037E3708BFBEAA72B3C436718CC559B77BBADD5115B7230 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:34:48.0604 0x0bf0 LanmanServer - ok
13:34:48.0781 0x0bf0 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15, 7B1FAC42B9EA73A8C4E812F8F729EB882BDFD04D2E68FE354CFD6B8379A46D14 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:34:48.0944 0x0bf0 LanmanWorkstation - ok
13:34:49.0012 0x0bf0 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:34:49.0101 0x0bf0 lltdio - ok
13:34:49.0376 0x0bf0 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:34:49.0866 0x0bf0 lltdsvc - ok
13:34:49.0909 0x0bf0 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:34:50.0007 0x0bf0 lmhosts - ok
13:34:50.0369 0x0bf0 [ 31F74D5D47EEA83E5E89447586917774, 5B8C99FDC77E8782A4362907424432A36AAA487756CA3E6CCC7E0F9759662145 ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
13:34:50.0557 0x0bf0 LPCFilter - ok
13:34:50.0597 0x0bf0 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:34:50.0708 0x0bf0 LSI_FC - ok
13:34:50.0805 0x0bf0 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:34:50.0838 0x0bf0 LSI_SAS - ok
13:34:51.0068 0x0bf0 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:34:51.0397 0x0bf0 LSI_SCSI - ok
13:34:51.0473 0x0bf0 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
13:34:51.0554 0x0bf0 luafv - ok
13:34:51.0609 0x0bf0 [ 3BD2AD18179DEAD6652E87157FB98E4A, 66416F10BF5E29CA8E47D8DB8A906164669C722EDF985598A605C096A92A87AF ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:34:52.0188 0x0bf0 Mcx2Svc - ok
13:34:52.0251 0x0bf0 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
13:34:52.0449 0x0bf0 megasas - ok
13:34:52.0598 0x0bf0 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:34:53.0154 0x0bf0 MegaSR - ok
13:34:53.0365 0x0bf0 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
13:34:53.0488 0x0bf0 MMCSS - ok
13:34:53.0962 0x0bf0 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
13:34:54.0214 0x0bf0 Modem - ok
13:34:54.0339 0x0bf0 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:34:54.0422 0x0bf0 monitor - ok
13:34:54.0895 0x0bf0 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:34:55.0103 0x0bf0 mouclass - ok
13:34:55.0161 0x0bf0 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:34:55.0258 0x0bf0 mouhid - ok
13:34:55.0308 0x0bf0 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:34:55.0339 0x0bf0 MountMgr - ok
13:34:55.0391 0x0bf0 [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:34:55.0444 0x0bf0 MozillaMaintenance - ok
13:34:55.0502 0x0bf0 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
13:34:55.0816 0x0bf0 mpio - ok
13:34:55.0852 0x0bf0 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:34:55.0968 0x0bf0 mpsdrv - ok
13:34:56.0117 0x0bf0 [ D1639BA315B0D79DEC49A4B0E1FB929B, 96420572029217FDD78CD286A022EB5F8BAB76EE30F75E48CD69AEE1A4846B53 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:34:56.0492 0x0bf0 MpsSvc - ok
13:34:56.0553 0x0bf0 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:34:56.0581 0x0bf0 Mraid35x - ok
13:34:56.0733 0x0bf0 [ AE3DE84536B6799D2267443CEC8EDBB9, 787AF9D5BC6D1A1E4A55A66D62F0DF93F45C2FB7EA5BE0BF63F1270604600B40 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:34:56.0774 0x0bf0 MRxDAV - ok
13:34:56.0874 0x0bf0 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1, 2C5F0554D5A763D6B3F1402C9BF36C6091CBBDFFD5139AEE85D69D5B210D2047 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:34:56.0932 0x0bf0 mrxsmb - ok
13:34:57.0209 0x0bf0 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55, 9BAD029A6AAF4C2292C682B9F07C57051C84F7FA4F3EBEA52C25CAEF1A41121F ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:34:57.0476 0x0bf0 mrxsmb10 - ok
13:34:57.0641 0x0bf0 [ 5C80D8159181C7ABF1B14BA703B01E0B, 414085AD3C36B8E95D1D49E2958671332DECE38739544CCB70FAB30C408E89A2 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:34:57.0704 0x0bf0 mrxsmb20 - ok
13:34:57.0781 0x0bf0 [ AA305CFF241DA187BD5077DE4A2A043D, 1D0FAE34A617E350DA6B0A2380AD4522EFF78F1CC02BE1199023F5CCD465411D ] msahci C:\Windows\system32\drivers\msahci.sys
13:34:57.0809 0x0bf0 msahci - ok
13:34:57.0951 0x0bf0 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:34:58.0073 0x0bf0 msdsm - ok
13:34:58.0272 0x0bf0 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
13:34:58.0355 0x0bf0 MSDTC - ok
13:34:58.0415 0x0bf0 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:34:58.0634 0x0bf0 Msfs - ok
13:34:58.0749 0x0bf0 [ 1E00B9B8601F24A96AD71A7D0FC5F136, D9C303D3D46AEF099A430C5472FFF460CFAB6BB2D9C72502284A1BAFF5DC0D17 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:34:58.0805 0x0bf0 msisadrv - ok
13:34:58.0913 0x0bf0 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:34:58.0963 0x0bf0 MSiSCSI - ok
13:34:58.0970 0x0bf0 msiserver - ok
13:34:59.0019 0x0bf0 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:34:59.0297 0x0bf0 MSKSSRV - ok
13:34:59.0414 0x0bf0 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:34:59.0456 0x0bf0 MSPCLOCK - ok
13:34:59.0522 0x0bf0 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:34:59.0632 0x0bf0 MSPQM - ok
13:34:59.0681 0x0bf0 [ B5614AECB05A9340AA0FB55BF561CC63, 8D1B5E958A0F721F5A81AD649CC5759B4DECB771FC4654F4EDEB29AC7DF1BD40 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:34:59.0719 0x0bf0 MsRPC - ok
13:34:59.0815 0x0bf0 [ 215634CF935B696E3EBCA813D02E9165, 1494ACAC359533BCC919C3E51CFEBEF0BFE02860DFFD93801D8CEA65576D1DD8 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:34:59.0844 0x0bf0 mssmbios - ok
13:34:59.0878 0x0bf0 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:34:59.0919 0x0bf0 MSTEE - ok
13:35:00.0364 0x0bf0 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C, 95149C41CC9F269C299541A97A9E2E2CCAEE34FE2362EEECD1F813EBC6D4CDC5 ] Mup C:\Windows\system32\Drivers\mup.sys
13:35:00.0419 0x0bf0 Mup - ok
13:35:00.0487 0x0bf0 [ C43B25863FBD65B6D2A142AF3AE320CA, 88E147751CBECFF31CD65954BC978B86CEA74485EB60DBB25AABAB4601797A4E ] napagent C:\Windows\system32\qagentRT.dll
13:35:00.0676 0x0bf0 napagent - ok
13:35:00.0924 0x0bf0 [ 3C21CE48FF529BB73DADB98770B54025, B8541E3D2B120B97947AE51B28A99E2623ACAD3790BC282B1251ACBEC7684F8D ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:35:01.0239 0x0bf0 NativeWifiP - ok
13:35:01.0332 0x0bf0 [ C8560010A542B5DCA94C62468DC20784, AE7584D95B0E9F5E340ADD00AA88563C64462A4FC6440F580B7936FD19D173CA ] NDIS C:\Windows\system32\drivers\ndis.sys
13:35:01.0837 0x0bf0 NDIS - ok
13:35:02.0095 0x0bf0 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:35:02.0153 0x0bf0 NdisTapi - ok
13:35:02.0174 0x0bf0 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:35:02.0215 0x0bf0 Ndisuio - ok
13:35:02.0239 0x0bf0 [ 3D14C3B3496F88890D431E8AA022A411, 9B31451756A35314586F93996172E1039B2CD21132CCBE772B3E61A8D9454A30 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:35:02.0355 0x0bf0 NdisWan - ok
13:35:02.0396 0x0bf0 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:35:02.0458 0x0bf0 NDProxy - ok
13:35:02.0487 0x0bf0 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:35:02.0559 0x0bf0 NetBIOS - ok
13:35:02.0620 0x0bf0 [ 7C5FEE5B1C5728507CD96FB4A13E7A02, EDBA08442AD6AF20463A0610FF24D5929574E5EC012495A2C219F6BA84C97F57 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:35:02.0736 0x0bf0 netbt - ok
13:35:02.0986 0x0bf0 [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] Netlogon C:\Windows\system32\lsass.exe
13:35:03.0015 0x0bf0 Netlogon - ok
13:35:03.0053 0x0bf0 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
13:35:03.0110 0x0bf0 Netman - ok
13:35:03.0300 0x0bf0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:35:03.0341 0x0bf0 NetMsmqActivator - ok
13:35:03.0444 0x0bf0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:35:03.0486 0x0bf0 NetPipeActivator - ok
13:35:03.0520 0x0bf0 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
13:35:03.0571 0x0bf0 netprofm - ok
13:35:03.0666 0x0bf0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:35:03.0740 0x0bf0 NetTcpActivator - ok
13:35:03.0753 0x0bf0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:35:03.0842 0x0bf0 NetTcpPortSharing - ok
13:35:04.0305 0x0bf0 [ 8DE67BD902095A13329FD82C85A1FA09, 7F0B058D0C306A845F7BF14B24B0BDBCE6F152A054331072549F46284E75A367 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
13:35:04.0845 0x0bf0 NETw5v32 - ok
13:35:04.0977 0x0bf0 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:35:04.0999 0x0bf0 nfrd960 - ok
13:35:05.0031 0x0bf0 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
13:35:05.0284 0x0bf0 NlaSvc - ok
13:35:05.0377 0x0bf0 [ ECB5003F484F9ED6C608D6D6C7886CBB, 45496B84B2FD156499E9F07FC82BC6F032B8F4D9DC194098CF9F5474D5642F9E ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:35:05.0416 0x0bf0 Npfs - ok
13:35:05.0495 0x0bf0 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
13:35:05.0552 0x0bf0 nsi - ok
13:35:05.0630 0x0bf0 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:35:05.0681 0x0bf0 nsiproxy - ok
13:35:06.0124 0x0bf0 [ B4EFFE29EB4F15538FD8A9681108492D, 12AF3C19DD2DE7D92EE4C03AD07BAFD77EB8BFF2333E6FBD9CAAA0F654A35F46 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:35:06.0816 0x0bf0 Ntfs - ok
13:35:06.0876 0x0bf0 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
13:35:06.0929 0x0bf0 ntrigdigi - ok
13:35:06.0973 0x0bf0 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
13:35:07.0037 0x0bf0 Null - ok
13:35:07.0087 0x0bf0 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:35:07.0132 0x0bf0 nvraid - ok
13:35:07.0154 0x0bf0 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:35:07.0175 0x0bf0 nvstor - ok
13:35:07.0193 0x0bf0 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:35:07.0254 0x0bf0 nv_agp - ok
13:35:07.0259 0x0bf0 NwlnkFlt - ok
13:35:07.0265 0x0bf0 NwlnkFwd - ok
13:35:07.0429 0x0bf0 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:35:07.0502 0x0bf0 odserv - ok
13:35:07.0592 0x0bf0 [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:35:07.0748 0x0bf0 ohci1394 - ok
13:35:07.0803 0x0bf0 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:35:07.0833 0x0bf0 ose - ok
13:35:07.0890 0x0bf0 [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:35:08.0119 0x0bf0 p2pimsvc - ok
13:35:08.0213 0x0bf0 [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2psvc C:\Windows\system32\p2psvc.dll
13:35:08.0365 0x0bf0 p2psvc - ok
13:35:08.0405 0x0bf0 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
13:35:08.0461 0x0bf0 Parport - ok
13:35:08.0483 0x0bf0 [ 3B38467E7C3DAED009DFE359E17F139F, 419BD726E511B3FEFBD8204C9E2BF6131EC05C71D15406070F834688EAFB694F ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:35:08.0505 0x0bf0 partmgr - ok
13:35:08.0583 0x0bf0 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
13:35:08.0741 0x0bf0 Parvdm - ok
13:35:08.0806 0x0bf0 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
13:35:08.0849 0x0bf0 PcaSvc - ok
13:35:08.0900 0x0bf0 [ ECA39351296D905BAA4FA3244C152B00, D4129AE68EC317DBF5C21509A1DA98215CD9FD55F1D839362DE89196FF6855F8 ] pci C:\Windows\system32\drivers\pci.sys
13:35:08.0953 0x0bf0 pci - ok
13:35:09.0061 0x0bf0 [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
13:35:09.0080 0x0bf0 pciide - ok
13:35:09.0150 0x0bf0 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:35:09.0178 0x0bf0 pcmcia - ok
13:35:09.0368 0x0bf0 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:35:09.0565 0x0bf0 PEAUTH - ok
13:35:09.0609 0x0bf0 [ 28F7FFFF50C474CF8BE16A2CACC7CE42, E17F79BD51BED437A02F2E48A73E1DB668D8173996C2193DE15643FE2251E8E7 ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
13:35:09.0661 0x0bf0 PGEffect - ok
13:35:09.0823 0x0bf0 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
13:35:10.0266 0x0bf0 pla - ok
13:35:10.0329 0x0bf0 [ 78F975CB6D18265BE6F492EDB2D7BC7B, 112C6FB0A84E605B1EA87F98C8A4C210C9DB84C811029109444AB174011A158C ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:35:10.0406 0x0bf0 PlugPlay - ok
13:35:10.0446 0x0bf0 [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:35:10.0618 0x0bf0 PNRPAutoReg - ok
13:35:10.0757 0x0bf0 [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:35:10.0999 0x0bf0 PNRPsvc - ok
13:35:11.0088 0x0bf0 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A, FAE64867CE80439735F88A9988243667BDE84486B5A768B650E55E1519C85C03 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:35:11.0342 0x0bf0 PolicyAgent - ok
13:35:11.0391 0x0bf0 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:35:11.0452 0x0bf0 PptpMiniport - ok
13:35:11.0531 0x0bf0 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
13:35:11.0566 0x0bf0 Processor - ok
13:35:11.0622 0x0bf0 [ B627E4FC8585E8843C5905D4D3587A90, 07D7BC1BF8CDD5E34155B260B914D4A9892D3CEAEACDE334D1AF2A608E1FA2D8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:35:11.0672 0x0bf0 ProfSvc - ok
13:35:11.0686 0x0bf0 [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:35:11.0712 0x0bf0 ProtectedStorage - ok
13:35:11.0718 0x0bf0 [ BFEF604508A0ED1EAE2A73E872555FFB, AC817FB5A6126475B4A3CA191AD49651B919FB55429B939D036BC564632E426D ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:35:11.0773 0x0bf0 PSched - ok
13:35:11.0810 0x0bf0 [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
13:35:11.0831 0x0bf0 PxHelp20 - ok
13:35:11.0973 0x0bf0 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:35:12.0505 0x0bf0 ql2300 - ok
13:35:12.0566 0x0bf0 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:35:12.0591 0x0bf0 ql40xx - ok
13:35:12.0674 0x0bf0 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
13:35:12.0711 0x0bf0 QWAVE - ok
13:35:12.0753 0x0bf0 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:35:12.0806 0x0bf0 QWAVEdrv - ok
13:35:12.0885 0x0bf0 [ 70DBDAB246C18B78E2200D6401D038BE, 18395D084AA9BEAF9C20736C90063CE1F862AF3A80F7752DB4FC0D1870D9996D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
13:35:12.0976 0x0bf0 RapiMgr - ok
13:35:12.0992 0x0bf0 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:35:13.0063 0x0bf0 RasAcd - ok
13:35:13.0117 0x0bf0 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
13:35:13.0198 0x0bf0 RasAuto - ok
13:35:13.0278 0x0bf0 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:35:13.0332 0x0bf0 Rasl2tp - ok
13:35:13.0367 0x0bf0 [ 6E7C284FC5C4EC07AD164D93810385A6, FDBF80C8DE53E56A3515353129C6912E8CAEC2B2DA9AB3A4B027CB73BDF1EC60 ] RasMan C:\Windows\System32\rasmans.dll
13:35:13.0440 0x0bf0 RasMan - ok
13:35:13.0455 0x0bf0 [ 3E9D9B048107B40D87B97DF2E48E0744, F7B8DAE57B9372CEB21A912379FC7670B099A9642CF2E7EA8D335ADBD4CF86A2 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:35:13.0492 0x0bf0 RasPppoe - ok
13:35:13.0554 0x0bf0 [ A7D141684E9500AC928A772ED8E6B671, C9329ECA4190EE1F4A6F186D45EA42ACF60C04CDBAFEB19973F3C2DF04A1BCEE ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:35:13.0592 0x0bf0 RasSstp - ok
13:35:13.0991 0x0bf0 [ 6E1C5D0457622F9EE35F683110E93D14, 9C6BE049FDA5E6CBA486EE33F01AADDD6085CC5F1F08409EC439ADE9137D3F5F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:35:14.0050 0x0bf0 rdbss - ok
13:35:14.0078 0x0bf0 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:35:14.0315 0x0bf0 RDPCDD - ok
13:35:14.0377 0x0bf0 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:35:14.0427 0x0bf0 rdpdr - ok
13:35:14.0457 0x0bf0 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:35:14.0489 0x0bf0 RDPENCDD - ok
13:35:14.0522 0x0bf0 [ E1C18F4097A5ABCEC941DC4B2F99DB7E, B38AC355042F18A41F83BF088FE7EB867184C7FE37820365314419BD3810BB68 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:35:14.0565 0x0bf0 RDPWD - ok
13:35:14.0597 0x0bf0 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
13:35:14.0642 0x0bf0 RemoteAccess - ok
13:35:14.0735 0x0bf0 [ CC4E32400F3C7253400CF8F3F3A0B676, D2A874BE3D365260AD7C10C30F2DE22F818CBFC12D65AADE2203B9ED02C9BEB5 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:35:14.0780 0x0bf0 RemoteRegistry - ok
13:35:14.0839 0x0bf0 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
13:35:14.0862 0x0bf0 RpcLocator - ok
13:35:14.0963 0x0bf0 [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] RpcSs C:\Windows\system32\rpcss.dll
13:35:15.0263 0x0bf0 RpcSs - ok
13:35:15.0341 0x0bf0 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:35:15.0378 0x0bf0 rspndr - ok
13:35:15.0401 0x0bf0 [ D85DA4371AF61359EDFCA4EA06619DD4, 8A0EFCEF8909B9DC17046C299B3E3597F60D1C7052F6A3D5B98B8B8091D04E15 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
13:35:15.0471 0x0bf0 RTHDMIAzAudService - ok
13:35:15.0518 0x0bf0 [ 470253597930E765DD08B30E723C1FA2, A39E48ED2130D3DB00010F3B8A2F688AA928A1E02064171FFD64F7F0BF402C59 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
13:35:15.0560 0x0bf0 RTL8169 - ok
13:35:15.0615 0x0bf0 [ 52532A4CA8B251775DECC87C4813ABFB, D10633C8BFF66A1CF855E86157B93E48AC4E5BF380CDA8C3C1061CA6A8DA0030 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
13:35:15.0641 0x0bf0 RTSTOR - ok
13:35:15.0687 0x0bf0 [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] SamSs C:\Windows\system32\lsass.exe
13:35:15.0709 0x0bf0 SamSs - ok
13:35:15.0750 0x0bf0 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:35:15.0775 0x0bf0 sbp2port - ok
13:35:15.0889 0x0bf0 [ 11387E32642269C7E62E8B52C060B3C6, 6225FA14CBDC1D30F2E4CDC2059773DA49C67BE2C00A1DE582E8E07717F20425 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:35:15.0932 0x0bf0 SCardSvr - ok
13:35:16.0111 0x0bf0 [ 7B587B8A6D4A99F79D2902D0385F29BD, C29F2EE25F7B11E1821832CB7F4F8506C2AB20804D6702CC5EAF5BA1F3FCA972 ] Schedule C:\Windows\system32\schedsvc.dll
13:35:16.0531 0x0bf0 Schedule - ok
13:35:16.0573 0x0bf0 [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:35:16.0619 0x0bf0 SCPolicySvc - ok
13:35:16.0661 0x0bf0 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:35:16.0714 0x0bf0 SDRSVC - ok
13:35:16.0750 0x0bf0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:35:16.0903 0x0bf0 secdrv - ok
13:35:16.0992 0x0bf0 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
13:35:17.0048 0x0bf0 seclogon - ok
13:35:17.0083 0x0bf0 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
13:35:17.0123 0x0bf0 SENS - ok
13:35:17.0154 0x0bf0 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
13:35:17.0205 0x0bf0 Serenum - ok
13:35:17.0244 0x0bf0 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
13:35:17.0302 0x0bf0 Serial - ok
13:35:17.0333 0x0bf0 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:35:17.0369 0x0bf0 sermouse - ok
13:35:17.0407 0x0bf0 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
13:35:17.0703 0x0bf0 SessionEnv - ok
13:35:17.0736 0x0bf0 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:35:17.0766 0x0bf0 sffdisk - ok
13:35:17.0850 0x0bf0 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:35:17.0886 0x0bf0 sffp_mmc - ok
13:35:17.0990 0x0bf0 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:35:18.0044 0x0bf0 sffp_sd - ok
13:35:18.0063 0x0bf0 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:35:18.0136 0x0bf0 sfloppy - ok
13:35:18.0249 0x0bf0 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:35:18.0317 0x0bf0 SharedAccess - ok
13:35:18.0422 0x0bf0 [ 27F10F348E508243F6254846F8370D0D, 1646EF3805B66B7C12C3ADE9ABE84ADA9AB7BA50791A76FC72C906112E393A92 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:35:18.0491 0x0bf0 ShellHWDetection - ok
13:35:18.0546 0x0bf0 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:35:18.0568 0x0bf0 sisagp - ok
13:35:18.0599 0x0bf0 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:35:18.0622 0x0bf0 SiSRaid2 - ok
13:35:18.0655 0x0bf0 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:35:18.0692 0x0bf0 SiSRaid4 - ok
13:35:18.0912 0x0bf0 [ 0BA91E1358AD25236863039BB2609A2E, ECB3C8E3D9C6FA77C0CF5A898FB90BB9474C6EFBE3698B56C93ECE44535EDACE ] slsvc C:\Windows\system32\SLsvc.exe
13:35:19.0505 0x0bf0 slsvc - ok
13:35:19.0581 0x0bf0 [ 7C6DC44CA0BFA6291629AB764200D1D4, 747CDA89C6F94F8314E5E5C425387ABDF9FF8528D82422F8FF66D96307B47B13 ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:35:19.0642 0x0bf0 SLUINotify - ok
13:35:19.0665 0x0bf0 [ 031E6BCD53C9B2B9ACE111EAFEC347B6, B934129BD77CA6A1434C59EA82B5E93FD4089608E0E41242B6E68070A0F33FB8 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:35:19.0791 0x0bf0 Smb - ok
13:35:19.0881 0x0bf0 [ DECA2315713EDE05E47E4A4122EEC3E0, 1039A746BFD1CC040F7F31A622863CD07E399ECBDDBF0D7E69E685ABD84D55A3 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
13:35:19.0913 0x0bf0 snapman - ok
13:35:20.0010 0x0bf0 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:35:20.0034 0x0bf0 SNMPTRAP - ok
13:35:20.0063 0x0bf0 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
13:35:20.0083 0x0bf0 spldr - ok
13:35:20.0099 0x0bf0 [ 846CDF9A3CF4DA9B306ADFB7D55EE4C2, 3BB92B6E855634C1CCE4B7796CEA4D948C702EDFCEDE14FA5C383AF14C1C1401 ] Spooler C:\Windows\System32\spoolsv.exe
13:35:20.0161 0x0bf0 Spooler - ok
13:35:20.0233 0x0bf0 [ 2252AEF839B1093D16761189F45AF885, D7B79E1B9CD73EDEA855DBE120ED470CC0F67D1AA44038E6051A4C5BCE361DE3 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:35:20.0290 0x0bf0 srv - ok
13:35:20.0400 0x0bf0 [ B7FF59408034119476B00A81BB53D5D1, 365D8E719D729D56082F5A6EEB65B31EB5DB5D15A5346D05E7130F41F2F97D46 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:35:20.0433 0x0bf0 srv2 - ok
13:35:20.0486 0x0bf0 [ 2ACCC9B12AF02030F531E6CCA6F8B76E, D1BA17C7BFE02347824DEEB1B7362FD251769ECB92B14EB3C600C85AB7E04D1B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:35:20.0534 0x0bf0 srvnet - ok
13:35:20.0582 0x0bf0 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:35:20.0632 0x0bf0 SSDPSRV - ok
13:35:20.0649 0x0bf0 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:35:20.0708 0x0bf0 SstpSvc - ok
13:35:20.0805 0x0bf0 [ 7DD08A597BC56051F320DA0BAF69E389, ACC59CF80765248705FFCE65DC9B5D072DC054F08C02FB4D16BA0E84D8BED0A4 ] stisvc C:\Windows\System32\wiaservc.dll
13:35:21.0032 0x0bf0 stisvc - ok
13:35:21.0107 0x0bf0 [ 97E089971A6ABA49AD5592BD6298E416, E2E0965972CF0EB4162E67FFE5BC2B9E98C56CA136F82F4242ABD379E18C68BB ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:35:21.0143 0x0bf0 swenum - ok
13:35:21.0189 0x0bf0 [ B36C7CDB86F7F7A8E884479219766950, F3EA381A84CD6950BF71A56E9ABAD5010F226C5254CB936699A38BA4C85F7367 ] swprv C:\Windows\System32\swprv.dll
13:35:21.0353 0x0bf0 swprv - ok
13:35:21.0434 0x0bf0 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:35:21.0455 0x0bf0 Symc8xx - ok
13:35:21.0471 0x0bf0 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:35:21.0494 0x0bf0 Sym_hi - ok
13:35:21.0576 0x0bf0 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:35:21.0597 0x0bf0 Sym_u3 - ok
13:35:21.0642 0x0bf0 [ 8710A92D0024B03B5FB9540DF1F71F1D, B72A968A7966DC16A1D69A8D53012A4307EEBDC4CB8E1D9C93BFB88D996E490F ] SysMain C:\Windows\system32\sysmain.dll
13:35:21.0905 0x0bf0 SysMain - ok
13:35:21.0950 0x0bf0 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:35:21.0980 0x0bf0 TabletInputService - ok
13:35:22.0014 0x0bf0 [ 680916BB09EE0F3A6ACA7C274B0D633F, 008B6EE41FA4D371258F0A656AE96B3E3F487BE5B9E0654B920013B4F1C0DFD8 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:35:22.0064 0x0bf0 TapiSrv - ok
13:35:22.0152 0x0bf0 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
13:35:22.0236 0x0bf0 TBS - ok
13:35:22.0305 0x0bf0 [ 782568AB6A43160A159B6215B70BCCE9, 11FDD484743985D2F41098C191926BFE8010D4E432CA20CCEB6219B514F9838A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:35:22.0413 0x0bf0 Tcpip - ok
13:35:22.0505 0x0bf0 [ 782568AB6A43160A159B6215B70BCCE9, 11FDD484743985D2F41098C191926BFE8010D4E432CA20CCEB6219B514F9838A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:35:22.0619 0x0bf0 Tcpip6 - ok
13:35:22.0663 0x0bf0 [ D4A2E4A4B011F3A883AF77315A5AE76B, 29E18087236A592638570F76691BC5C64CCA383F43EE22DF122413860E2D882C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:35:22.0698 0x0bf0 tcpipreg - ok
13:35:22.0726 0x0bf0 [ 6FDFBA25002CE4BAC463AC866AE71405, E2952EA6E10543910931612D8AC18D340589C2AC88CF059F65866189CA03602A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
13:35:22.0744 0x0bf0 tdcmdpst - ok
13:35:22.0893 0x0bf0 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:35:22.0964 0x0bf0 TDPIPE - ok
13:35:23.0208 0x0bf0 [ 3630F5B8181554DEECFE2E4252BC4C4C, 4C827CD4C3880854DE1CE232118F21E09A8731441D7203D5CA1ACBF8CDDF8B70 ] tdrpman251 C:\Windows\system32\DRIVERS\tdrpm251.sys
13:35:23.0350 0x0bf0 tdrpman251 - ok
13:35:23.0388 0x0bf0 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:35:23.0425 0x0bf0 TDTCP - ok
13:35:23.0452 0x0bf0 [ D09276B1FAB033CE1D40DCBDF303D10F, 2CB47CB522B4E1C091DE30AF0EB4E21D321C42D2A5BA9647CBD078652680D8FF ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:35:23.0499 0x0bf0 tdx - ok
13:35:23.0550 0x0bf0 [ 721D8DF7BE216946367255DE91529AB8, DE405EF11C5ED54E3FEED924A253750F9330A75E1453961E7D77D02E7EDB0CE0 ] TemproMonitoringService C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
13:35:23.0574 0x0bf0 TemproMonitoringService - ok
13:35:23.0613 0x0bf0 [ 718B2F4355CD8EB2844741ADDAC0E622, 65903757BC221F7A0DD8621FA506730FEB16FFA147AC6CF62C3C1805F69C8C2F ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:35:23.0637 0x0bf0 TermDD - ok
13:35:23.0724 0x0bf0 [ D605031E225AACCBCEB5B76A4F1603A6, 27D78644CADBC11C3AB5E0C10F854FD43BCD43B6E91C1ED1F6D35BC501147701 ] TermService C:\Windows\System32\termsrv.dll
13:35:24.0108 0x0bf0 TermService - ok
13:35:24.0133 0x0bf0 [ 27F10F348E508243F6254846F8370D0D, 1646EF3805B66B7C12C3ADE9ABE84ADA9AB7BA50791A76FC72C906112E393A92 ] Themes C:\Windows\system32\shsvcs.dll
13:35:24.0250 0x0bf0 Themes - ok
13:35:24.0311 0x0bf0 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
13:35:24.0350 0x0bf0 THREADORDER - ok
13:35:24.0425 0x0bf0 [ 6DCB8DDB481CD3C40FA68593723B4D89, EE7D05C688C9FFBC1281E7152B5FC0AFC2CD21F778C6733E0F47024BF73E4A4D ] tifsfilter C:\Windows\system32\DRIVERS\tifsfilt.sys
13:35:24.0446 0x0bf0 tifsfilter - ok
13:35:24.0499 0x0bf0 [ C820BFC70FEB25EC877C49E81CD477C1, 5830A2A028C30CF3331832056A698C9B35B0765CAE82EB916AD603CF15B7C03C ] timounter C:\Windows\system32\DRIVERS\timntr.sys
13:35:24.0671 0x0bf0 timounter - ok
13:35:24.0762 0x0bf0 [ FB8448D1B0DA00D70C28ADF9282B31BB, 7342DE5FBCFE6D1B0E916030176A485E8BFD65CD52640807082294D146697DDC ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
13:35:24.0781 0x0bf0 TMachInfo - ok
13:35:24.0864 0x0bf0 [ 22BC804EFE155F54252F389B0781D7F2, 10E88C4E4CF3170DDD9D778FFBB4FC04C4D0FBC8E7781D4CD79B600564E4022C ] TNaviSrv C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
13:35:25.0028 0x0bf0 TNaviSrv - ok
13:35:25.0089 0x0bf0 [ C5AC715B65B01788ABC22D10749DDDD8, 3237B8CBEA645F550CE588511BC7085358B3D1358D46AF5EED65F3BAC5174195 ] TODDSrv C:\Windows\system32\TODDSrv.exe
13:35:25.0129 0x0bf0 TODDSrv - ok
13:35:25.0191 0x0bf0 [ 5557E7F940CBCF09BE43379F551F6689, F20501196075FF9FF0992DB29F0D79391554F729B90BF3312A320E8CF67665A8 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
13:35:25.0614 0x0bf0 TosCoSrv - ok
13:35:25.0661 0x0bf0 [ 9D1C30CE9F1A8488D5D9102C0820743D, 6AFC48B1E4A2B298223A11DE874DEBB81F14500D02404FBDE3FE919ADBE5D824 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
13:35:25.0693 0x0bf0 TOSHIBA eco Utility Service - detected UnsignedFile.Multi.Generic ( 1 )
13:35:36.0078 0x0bf0 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - warning
13:35:39.0182 0x0bf0 [ B792D35B8BDC5FC4106808FF5C7770AB, BCC0999360B9CB431DCFD6A6ED3E9BD83EFDEF0E18055C61A2EB170C15389DB0 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
13:35:39.0244 0x0bf0 TOSHIBA HDD SSD Alert Service - detected UnsignedFile.Multi.Generic ( 1 )
13:35:41.0709 0x0bf0 Detect skipped due to KSN trusted
13:35:41.0709 0x0bf0 TOSHIBA HDD SSD Alert Service - ok
13:35:41.0834 0x0bf0 [ 4399A9BF7D8F49991A07FD86590A1619, D591D12EC3792B0B649944722BBBEBBB8B0D3346FCC8FC4B4B34799266AD2910 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
13:35:41.0912 0x0bf0 tos_sps32 - ok
13:35:41.0974 0x0bf0 [ 1A6FA701F66B58192B814570322521B2, 9F75C4CA828F4E68611410A097410E8D86601351B9C2A8A23986DAA7AA1DBE30 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
13:35:42.0021 0x0bf0 TPCHSrv - ok
13:35:42.0099 0x0bf0 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
13:35:42.0146 0x0bf0 TrkWks - ok
13:35:42.0318 0x0bf0 [ 16613A1BAD034D4ECF957AF18B7C2FF5, 75499618187ED4385984F608D134BB298A4CCB339F70B31E4A8B2CF3E3558396 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:35:42.0349 0x0bf0 TrustedInstaller - ok
13:35:42.0396 0x0bf0 [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:35:42.0442 0x0bf0 tssecsrv - ok
13:35:42.0489 0x0bf0 [ FE8790052041A80C47AFBFFC34EF8BE2, 8FF0372F98836053FF560C0F740DAFD288A4A107FC4594F023086FE24AF9D323 ] TuneUp.Defrag C:\Windows\System32\TuneUpDefragService.exe
13:35:42.0567 0x0bf0 TuneUp.Defrag - ok
13:35:42.0630 0x0bf0 [ 6580ABC55F34B73D66F153EA55034361, 914D1F01C185334BC786C7A95FC5382B5DF6C5659F677506FF9E8A573AE1CB51 ] TuneUp.ProgramStatisticsSvc C:\Windows\System32\TUProgSt.exe
13:35:42.0708 0x0bf0 TuneUp.ProgramStatisticsSvc - ok
13:35:42.0723 0x0bf0 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:35:42.0754 0x0bf0 tunmp - ok
13:35:42.0817 0x0bf0 [ 6042505FF6FA9AC1EF7684D0E03B6940, D09CF14A6C0C760238792DDA4ECB6FBB6CA645BB91BD62585EBD050226BDB5A7 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:35:42.0832 0x0bf0 tunnel - ok
13:35:42.0988 0x0bf0 [ 792A8B80F8188ABA4B2BE271583F3E46, BFE96D13926F3CB7D807CEBB5E190736B742EB5C93F7FED08AA5D145F4B6A874 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:35:43.0004 0x0bf0 TVALZ - ok
13:35:43.0066 0x0bf0 [ 009AECD4C19209B09669A6615EA1E889, 58AEB6CEA36EB5B5A1F22392382773E812D22967C9A107FE03A43C899DBF6DD6 ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
13:35:43.0113 0x0bf0 TVALZFL - ok
13:35:43.0144 0x0bf0 [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:35:43.0207 0x0bf0 uagp35 - ok
13:35:43.0254 0x0bf0 [ C985B36E127EA9B8A92396120BFF52D8, 3C5D642C01FE03F2E2ABBDCC2755FEE58855626288E8C7E2959C41061F847C01 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:35:43.0347 0x0bf0 udfs - ok
13:35:43.0394 0x0bf0 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:35:43.0456 0x0bf0 UI0Detect - ok
13:35:43.0488 0x0bf0 [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:35:43.0503 0x0bf0 uliagpkx - ok
13:35:43.0550 0x0bf0 [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:35:43.0612 0x0bf0 uliahci - ok
13:35:43.0659 0x0bf0 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:35:43.0690 0x0bf0 UlSata - ok
13:35:43.0722 0x0bf0 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:35:43.0737 0x0bf0 ulsata2 - ok
13:35:43.0768 0x0bf0 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:35:43.0815 0x0bf0 umbus - ok
13:35:43.0878 0x0bf0 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
13:35:43.0924 0x0bf0 upnphost - ok
13:35:43.0971 0x0bf0 [ 3955375C83AFBE4B110C5FB1231345AF, 8A2A16B5BF88E45A4F8DD41B59AB9EA32908DD02C789FEAF9CE08F0C03BEDF98 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:35:44.0002 0x0bf0 usbccgp - ok
13:35:44.0034 0x0bf0 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:35:44.0127 0x0bf0 usbcir - ok
13:35:44.0174 0x0bf0 [ 7F8D9D95A00072CCDD43AD3F7B4450C2, 360D75653C668025788B06738845C9468A4F5F44CE0C96CC0C93DEC2425D07AE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:35:44.0190 0x0bf0 usbehci - ok
13:35:44.0221 0x0bf0 [ 63B44B390451ED3B95405ADDDCC1984E, 5DE6C7BF2D3A0585187078A650CEC226B402554B9DD4D00F2275FE7C267EED75 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:35:44.0268 0x0bf0 usbhub - ok
13:35:44.0299 0x0bf0 [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:35:44.0361 0x0bf0 usbohci - ok
13:35:44.0392 0x0bf0 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:35:44.0424 0x0bf0 usbprint - ok
13:35:44.0470 0x0bf0 [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:35:44.0517 0x0bf0 usbscan - ok
13:35:44.0548 0x0bf0 [ 87BA6B83C5D19B69160968D07D6E2982, 9E039DF4BBE53CA22A0ACE486B9867F99FFFE086CCAF6A83BD78770E4631F3F8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:35:44.0595 0x0bf0 USBSTOR - ok
13:35:44.0626 0x0bf0 [ CA62C65383513C365E1CA5796CCAC7B5, D931366FEE63DB5C5592FD75150AC2919CCE1099F45EEC58CDC7AD381E1D3691 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:35:44.0642 0x0bf0 usbuhci - ok
13:35:44.0673 0x0bf0 [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:35:44.0720 0x0bf0 usbvideo - ok
13:35:44.0938 0x0bf0 [ 032A0ACC3909AE7215D524E29D536797, 51E36ED5953C0880BE508837181925A0F677842E8A5BA98099700E6ED691A783 ] UxSms C:\Windows\System32\uxsms.dll
13:35:44.0985 0x0bf0 UxSms - ok
13:35:45.0016 0x0bf0 [ 2BB1DCD293E1A3771EA2C57B359DE15A, F3609FF9E8388B1705BC10209F55E1D08066F14FDB8538F310D0B64964953C9F ] UxTuneUp C:\Windows\System32\uxtuneup.dll
13:35:45.0032 0x0bf0 UxTuneUp - ok
13:35:45.0126 0x0bf0 [ B13BC395B9D6116628F5AF47E0802AC4, 36E023A07E56588A8C26EF95E4F99303659E4783E0D9E8AEF193CA77A7AF91BA ] vds C:\Windows\System32\vds.exe
13:35:45.0453 0x0bf0 vds - ok
13:35:45.0500 0x0bf0 [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:35:45.0562 0x0bf0 vga - ok
13:35:45.0578 0x0bf0 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:35:45.0625 0x0bf0 VgaSave - ok
13:35:45.0656 0x0bf0 [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:35:45.0672 0x0bf0 viaagp - ok
13:35:45.0703 0x0bf0 [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:35:45.0734 0x0bf0 ViaC7 - ok
13:35:45.0765 0x0bf0 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
13:35:45.0781 0x0bf0 viaide - ok
13:35:45.0796 0x0bf0 [ BDD98BBE7323FC0975A26373D8050471, AF543F5C0515F4E13884EDEB8D465F04003BF40991DAA13391D923F9DDF1FB83 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:35:45.0828 0x0bf0 volmgr - ok
13:35:45.0968 0x0bf0 [ 98F5FFE6316BD74E9E2C97206C190196, CA9FA0EE5515D26F9406FF95F728E7F2CC29A8B7C97BC69FC2E95BBC60A2D261 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:35:45.0999 0x0bf0 volmgrx - ok
13:35:46.0046 0x0bf0 [ D8B4A53DD2769F226B3EB374374987C9, 49314B3E53FBF40A60E272C5B3B79FD1EFABFE1215DA5B030571B4DDF5592896 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:35:46.0077 0x0bf0 volsnap - ok
13:35:46.0108 0x0bf0 [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:35:46.0140 0x0bf0 vsmraid - ok
13:35:46.0296 0x0bf0 [ D5FB73D19C46ADE183F968E13F186B23, D35432BE4FF462FCEA958CF646D5572B6D78058BC2F1F324C9F50A0B14B02259 ] VSS C:\Windows\system32\vssvc.exe
13:35:47.0013 0x0bf0 VSS - ok
13:35:47.0044 0x0bf0 [ 1CF9206966A8458CDA9A8B20DF8AB7D3, 405D5FE96DA7ED03D4124EF6C692F80E88E5982B90DF46E353E94FFF576A5570 ] W32Time C:\Windows\system32\w32time.dll
13:35:47.0122 0x0bf0 W32Time - ok
13:35:47.0154 0x0bf0 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:35:47.0232 0x0bf0 WacomPen - ok
13:35:47.0263 0x0bf0 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:35:47.0294 0x0bf0 Wanarp - ok
13:35:47.0294 0x0bf0 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:35:47.0341 0x0bf0 Wanarpv6 - ok
13:35:47.0388 0x0bf0 [ 779F9C90D3FE9C70B6FFD8EF035F3E83, 4E38026BA53139B4A10D5E8F00413FAF442A2A42FE1388FCF2155F07BE826750 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
13:35:47.0512 0x0bf0 WcesComm - ok
13:35:47.0575 0x0bf0 [ F3A5C2E1A6533192B070D06ECF6BE796, CBA11D9E60A04A0B82C6934A53EA859513CD476FF047DD3D59727B10CE7DB2DA ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:35:47.0622 0x0bf0 wcncsvc - ok
13:35:47.0637 0x0bf0 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:35:47.0684 0x0bf0 WcsPlugInService - ok
13:35:47.0715 0x0bf0 [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
13:35:47.0746 0x0bf0 Wd - ok
13:35:47.0793 0x0bf0 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96, 6A6EFFDB538DE1E201058A00F3E056F1256E92EED943FBFBCE28E54BE751E33D ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:35:47.0918 0x0bf0 Wdf01000 - ok
13:35:47.0965 0x0bf0 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:35:48.0027 0x0bf0 WdiServiceHost - ok
13:35:48.0043 0x0bf0 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:35:48.0074 0x0bf0 WdiSystemHost - ok
13:35:48.0121 0x0bf0 [ CF9A5F41789B642DB967021DE06A2713, A541F9D87CBDE2A4E48C5D5363736EF603B2701741D3044232474F179884AD7B ] WebClient C:\Windows\System32\webclnt.dll
13:35:48.0183 0x0bf0 WebClient - ok
13:35:48.0214 0x0bf0 [ 905214925A88311FCE52F66153DE7610, 5D18C6E835A2EA4108C93D9E6AA976142119860C8FC8ECB2DFA961A241B6E61C ] Wecsvc C:\Windows\system32\wecsvc.dll
13:35:48.0277 0x0bf0 Wecsvc - ok
13:35:48.0339 0x0bf0 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:35:48.0402 0x0bf0 wercplsupport - ok
13:35:48.0433 0x0bf0 [ FD1965AAA112C6818A30AB02742D0461, 6779D836934412907390DC85FA2A8C3BB1CC31FD4151830275B773FD13CFFBC2 ] WerSvc C:\Windows\System32\WerSvc.dll
13:35:48.0480 0x0bf0 WerSvc - ok
13:35:48.0558 0x0bf0 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:35:48.0620 0x0bf0 WinDefend - ok
13:35:48.0651 0x0bf0 WinHttpAutoProxySvc - ok
13:35:48.0714 0x0bf0 [ 00B79A7C984678F24CF052E5BEB3A2F5, 4D8E4394C926D2B1C71613D309F2D62A663B0ADB73A036F5E9E7D1AFF605CA2A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:35:48.0792 0x0bf0 Winmgmt - ok
13:35:48.0885 0x0bf0 [ 20FC93FDC916843CFDFCAA7A1B0DB16F, 4C81243D153EA9F09DF3F5B48CF8ED415DA1B283D757FB77C51FDF2A79F7A864 ] WinRM C:\Windows\system32\WsmSvc.dll
13:35:49.0010 0x0bf0 WinRM - ok
13:35:49.0072 0x0bf0 [ F03110711B17AD31271CB2BAF0DBB2B1, 47DCC92F8890ACB53CDD6548FD66A04E7B5F29B3B89D8D3D09EBCE20BF31AC68 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
13:35:49.0104 0x0bf0 winusb - ok
13:35:49.0197 0x0bf0 [ 275F4346E569DF56CFB95243BD6F6FF0, 9C85246BF99119DBD6E0B5D38F96B8BC00F3C87618D17BC0E0A063A0D9A03440 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:35:49.0322 0x0bf0 Wlansvc - ok
13:35:49.0369 0x0bf0 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:35:49.0384 0x0bf0 WmiAcpi - ok
13:35:49.0447 0x0bf0 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D, 07C1DAF3DA3CDA84FBE4C7576372115FCAAAAFC332F252C03625E53C7F3C6EE5 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:35:49.0509 0x0bf0 wmiApSrv - ok
13:35:49.0712 0x0bf0 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:35:49.0915 0x0bf0 WMPNetworkSvc - ok
13:35:49.0977 0x0bf0 [ 5D94CD167751294962BA238D82DD1BB8, 62C7A31706F1C33A2C1C68006191AEE85A98885D23EC582EF2F88AAF604AC9A7 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:35:50.0055 0x0bf0 WPCSvc - ok
13:35:50.0086 0x0bf0 [ 396D406292B0CD26E3504FFE82784702, 5F9015BB515AC13D4DFE8F4B532352CF2C5B61DEFD3D0D61BCD82C781D36E7AF ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:35:50.0149 0x0bf0 WPDBusEnum - ok
13:35:50.0196 0x0bf0 [ 0CEC23084B51B8288099EB710224E955, E1AAB1E08E1745313D0A149A645AA878148D2DBE5CCC23C4ECCFC5003945C22B ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:35:50.0242 0x0bf0 WpdUsb - ok
13:35:50.0586 0x0bf0 [ 762CD41257671CE9DD1B57967537E0D9, 7B1C886704BE082F8D40119926FDDB92B748665501F3C587715C93B7D7575D6F ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:35:50.0851 0x0bf0 WPFFontCache_v0400 - ok
13:35:50.0882 0x0bf0 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:35:50.0929 0x0bf0 ws2ifsl - ok
13:35:50.0991 0x0bf0 [ 683DD16B590372F2C9661D277F35E49C, 29D86389D95256EEF37BA01D403494385015D926E851A39EC7948FF6EF4E8481 ] wscsvc C:\Windows\System32\wscsvc.dll
13:35:51.0054 0x0bf0 wscsvc - ok
13:35:51.0069 0x0bf0 WSearch - ok
13:35:51.0288 0x0bf0 [ 6298277B73C77FA99106B271A7525163, 9E076697F025167B57D8D66ED0862B184D70324E058BFA36E42D0C6728720B31 ] wuauserv C:\Windows\system32\wuaueng.dll
13:35:51.0459 0x0bf0 wuauserv - ok
13:35:51.0490 0x0bf0 [ AC13CB789D93412106B0FB6C7EB2BCB6, 8F5B0BD0CBBAB182A400F8994D4727BC0C978D749B6429A2D41B412AE97428B6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:35:51.0537 0x0bf0 WUDFRd - ok
13:35:51.0584 0x0bf0 [ 575A4190D989F64732119E4114045A4F, 373C344B106AFDB1E6125A21DFE28CA6CFC77FA87FE904656A4F209DB2ED69C7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:35:51.0631 0x0bf0 wudfsvc - ok
13:35:51.0646 0x0bf0 ================ Scan global ===============================
13:35:51.0693 0x0bf0 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
13:35:51.0740 0x0bf0 [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
13:35:51.0771 0x0bf0 [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
13:35:51.0818 0x0bf0 [ 2B336AB6286D6C81FA02CBAB914E3C6C, C5ADF6D5BFC00375BA6D0E5D96F36D36ADFBF66325A48358C6317E387FB220EC ] C:\Windows\system32\services.exe
13:35:51.0834 0x0bf0 [ Global ] - ok
13:35:51.0834 0x0bf0 ================ Scan MBR ==================================
13:35:51.0849 0x0bf0 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:35:53.0690 0x0bf0 \Device\Harddisk0\DR0 - ok
13:35:53.0690 0x0bf0 ================ Scan VBR ==================================
13:35:53.0706 0x0bf0 [ 2C3FC1BD7C4FA267BAFDAA4E533CCC47 ] \Device\Harddisk0\DR0\Partition1
13:35:53.0737 0x0bf0 \Device\Harddisk0\DR0\Partition1 - ok
13:35:53.0752 0x0bf0 [ C78B7C73AE1341DDE26AFE6294033CAD ] \Device\Harddisk0\DR0\Partition2
13:35:53.0784 0x0bf0 \Device\Harddisk0\DR0\Partition2 - ok
13:35:53.0815 0x0bf0 [ 6B6324ECC14244BDA7C9ED852AFBD197 ] \Device\Harddisk0\DR0\Partition3
13:35:53.0846 0x0bf0 \Device\Harddisk0\DR0\Partition3 - ok
13:35:53.0862 0x0bf0 ================ Scan generic autorun ======================
13:35:53.0955 0x0bf0 [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
13:35:54.0018 0x0bf0 Windows Defender - ok
13:35:54.0096 0x0bf0 [ 82E781852BDE2A7180FA0BF5A1D653B9, 1CF54EA7E0AF554C9A8644AF904397BCB34F10DD99F71F198728C23B134E70EF ] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
13:35:54.0142 0x0bf0 HWSetup - detected UnsignedFile.Multi.Generic ( 1 )
13:35:56.0685 0x0bf0 Detect skipped due to KSN trusted
13:35:56.0685 0x0bf0 HWSetup - ok
13:35:56.0763 0x0bf0 [ 81CC023D8EE53F137AEB735717CEA919, 7E2FC912BDEC160B37B459346A778CF62D03A4910D807C9810FDC7FBB9AA1CB2 ] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe
13:35:56.0857 0x0bf0 SVPWUTIL - detected UnsignedFile.Multi.Generic ( 1 )
13:35:59.0322 0x0bf0 Detect skipped due to KSN trusted
13:35:59.0322 0x0bf0 SVPWUTIL - ok
13:35:59.0384 0x0bf0 [ 5C639276655D8AE95C9F1C6C98CA9116, BA62781527B7EEBD3FE00C037DF144C575F867E45C29099E40F03B3C495C95EF ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
13:35:59.0478 0x0bf0 TosSENotify - detected UnsignedFile.Multi.Generic ( 1 )
13:36:01.0958 0x0bf0 Detect skipped due to KSN trusted
13:36:01.0958 0x0bf0 TosSENotify - ok
13:36:02.0426 0x0bf0 [ C8BB9FD980C413AFCAD221940D6B0A95, 98C3CBC8DABD9AC6AA3E9BC179D076268B183E51D4C447E8644B7D0B91211D10 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
13:36:03.0034 0x0bf0 RtHDVCpl - ok
13:36:03.0206 0x0bf0 [ 9C00C20E9763CB54BFBBD82B7058E5E4, 00CCB43ECC50F4FCBB8B7A4DF86CB4EBC25FFDC9032475AB0A28B9962CB37CF0 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
13:36:03.0237 0x0bf0 StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
13:36:05.0733 0x0bf0 Detect skipped due to KSN trusted
13:36:05.0733 0x0bf0 StartCCC - ok
13:36:05.0796 0x0bf0 [ 91F4CDB6AE8F978EFCE5DDE4264BEB79, 095F036939BBD77FA51CF165868FCA263A4CA4966CB73153BCEC371C5EA4DE18 ] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
13:36:05.0920 0x0bf0 TPwrMain - ok
13:36:05.0967 0x0bf0 [ 1694B28EBF704C0C0DA037EA65CD051F, E3E1E58409B2B738FE7ED972F725C02606B18F4EDC848DCB91EF472FB39EDD31 ] C:\Program Files\TOSHIBA\TBS\HSON.exe
13:36:05.0998 0x0bf0 HSON - ok
13:36:06.0030 0x0bf0 [ C1344BCC06A3161C9D86F05612F720C4, F63261FA914D90AAF509D57577D9B6530FC9F9FEDA2CDBC82FDEF64ABF59F679 ] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
13:36:06.0154 0x0bf0 SmoothView - detected UnsignedFile.Multi.Generic ( 1 )
13:36:08.0619 0x0bf0 Detect skipped due to KSN trusted
13:36:08.0619 0x0bf0 SmoothView - ok
13:36:08.0728 0x0bf0 [ 543E009B1465864D9AE7C6F25DCFA83A, 37548EDC7FED7B0AF181FA7D4ABD6219205F1FECF437C787570EFF89D249B8C8 ] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
13:36:08.0869 0x0bf0 00TCrdMain - detected UnsignedFile.Multi.Generic ( 1 )
13:36:11.0443 0x0bf0 Detect skipped due to KSN trusted
13:36:11.0443 0x0bf0 00TCrdMain - ok
13:36:11.0521 0x0bf0 [ 7229B9EED3F44B0F9E8AA74D8CA2212F, BA30B8F829DF2EA7D0E033D87596B2065D82DC5495400B4B880C9B95636A21E6 ] C:\Program Files\Apoint2K\Apoint.exe
13:36:11.0630 0x0bf0 Apoint - ok
13:36:11.0661 0x0bf0 [ 532CBBE5848770281CF40909DD06C752, 69265112B6C4CF01A5671BBA25FAC76E08A72F25E46BF90CB1CFA245D35144D3 ] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
13:36:11.0724 0x0bf0 SmartFaceVWatcher - detected UnsignedFile.Multi.Generic ( 1 )
13:36:14.0204 0x0bf0 Detect skipped due to KSN trusted
13:36:14.0204 0x0bf0 SmartFaceVWatcher - ok
13:36:14.0329 0x0bf0 [ C6F29FC4363AED8566DB6F9B52AAB5FB, AFBB3F4F4AA57B5D89E8F186642D287228A86F1D9C33B707412D0E1DBE153A7C ] C:\Program Files\TOSHIBA\TECO\Teco.exe
13:36:14.0469 0x0bf0 Teco - detected UnsignedFile.Multi.Generic ( 1 )
13:36:16.0950 0x0bf0 Detect skipped due to KSN trusted
13:36:16.0950 0x0bf0 Teco - ok
13:36:17.0012 0x0bf0 [ 6E0A862D5471648ABA19AD2B5CEA80BD, 4B3FEB6E52D6FD9000D00BAD343F9B1F1B3C538131C5BC41C799203FC042C1FE ] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
13:36:17.0106 0x0bf0 TPCHWMsg - ok
13:36:17.0152 0x0bf0 [ E09B922FB422AEFD1493E0657669BD8B, F0692307530C3F20E95D762A674366E6B7BB702EB445666995630EE7D1B18BEB ] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
13:36:17.0277 0x0bf0 NDSTray.exe - detected UnsignedFile.Multi.Generic ( 1 )
13:36:19.0836 0x0bf0 Detect skipped due to KSN trusted
13:36:19.0836 0x0bf0 NDSTray.exe - ok
13:36:19.0898 0x0bf0 [ 68120B7C3FF8A3664341D0536C0C3198, F7118E542A3ECAE6B29ADFBA88F2ADE4BCD3270D61993EDF6C340676B66003FD ] C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe
13:36:19.0960 0x0bf0 cfFncEnabler.exe - detected UnsignedFile.Multi.Generic ( 1 )
13:36:22.0503 0x0bf0 Detect skipped due to KSN trusted
13:36:22.0503 0x0bf0 cfFncEnabler.exe - ok
13:36:22.0644 0x0bf0 [ 9F55DAB3FA10F18ADB8F947A183E9AAC, 2D3D5796E5623547BD14339A1C443B58EA30C09FD7A8B175F59BC715C9F83C8B ] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
13:36:22.0737 0x0bf0 Toshiba TEMPRO - ok
13:36:22.0800 0x0bf0 [ DFB75217B883F58344DA719C9C7D32F4, 9D7F7FD5187F29A1B48D22EF3EA9E5642B86A33400A0D320754694869D4847EB ] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
13:36:22.0815 0x0bf0 Toshiba Registration - ok
13:36:22.0893 0x0bf0 [ FEDB6110D3E0A7EFE6996F93CD8C48E7, 719F6B648AE9841B03C8FB9FC9D0CB1233FDD3030FBD3C420C3E8CEB59A12214 ] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
13:36:23.0034 0x0bf0 CanonSolutionMenu - ok
13:36:23.0158 0x0bf0 [ 2F0F0E6AA6F5874E13E792996077138B, 9D12D4D61139436E3BFDC74577195A1D2C62B8D2C30034093197452287E22C15 ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
13:36:23.0314 0x0bf0 CanonMyPrinter - ok
13:36:23.0580 0x0bf0 [ BA8A911A41F9D36BCCE4AB2E32E6C287, C93ECAF47E86CA9516A85438A837F8481D297992D01646EECE79EDA771128E83 ] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
13:36:24.0048 0x0bf0 TrueImageMonitor.exe - ok
13:36:24.0110 0x0bf0 [ 2BBF6F2D264A872871A20C0EC42CB67B, 17C6F15F90D2836DC63D1FA0F67E0EBB51E61D742D0FB33035F02EE595C08FAC ] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
13:36:24.0219 0x0bf0 AcronisTimounterMonitor - ok
13:36:24.0297 0x0bf0 [ 764BB57F7E533FCC5E514AE0F8E996B1, 3482281F6C4532FBEA24138C96A6E3D767F5AEA951F4B6FE63381FF39D03DC90 ] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
13:36:24.0375 0x0bf0 Acronis Scheduler2 Service - ok
13:36:24.0406 0x0bf0 [ C5B2679B0AE204FDD0415199B7AFEF20, A488839697F72F5E914DC87077F196F355E4AA85A5AC9C555D67BB47CC198750 ] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
13:36:24.0438 0x0bf0 KeNotify - ok
13:36:24.0484 0x0bf0 [ 3E4C03CEFAD8DE135263236B61A49C90, 243201B64F4B60D55CDB1A3BF4B9AA60BC22EB8ACA88E95042EE48AC5DF5F397 ] C:\Windows\system32\\NeroCheck.exe
13:36:24.0531 0x0bf0 NeroCheck - detected UnsignedFile.Multi.Generic ( 1 )
13:36:27.0121 0x0bf0 Detect skipped due to KSN trusted
13:36:27.0121 0x0bf0 NeroCheck - ok
13:36:27.0183 0x0bf0 [ 4AB05041D5C922B9A7A5D9059F5538CD, 554885535DB523D25DBDB43FBA9384B8E4EC9DF79B02F3B9FFDE3C498106D463 ] C:\Windows\WindowsMobile\wmdSync.exe
13:36:27.0214 0x0bf0 Windows Mobile-based device management - ok
13:36:27.0308 0x0bf0 [ FBAF93425D4B5A6C48ABB5B7F81088CD, 0277B542725AD42A99738ED04A5016DBB4AAE8A8458A3EFD67D36ECA7CBFE2AF ] C:\Program Files\M-net\Sicherheitspaket\Common\FSM32.EXE
13:36:27.0355 0x0bf0 F-Secure Manager - ok
13:36:27.0448 0x0bf0 [ 0C551D09388819755066B00A58EBE506, 5FE3145251EFB9B576D6F5416F891E79D8B8C613463F57362BA3FD63313E460E ] C:\Program Files\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe
13:36:27.0667 0x0bf0 F-Secure TNB - ok
13:36:27.0760 0x0bf0 [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:36:27.0932 0x0bf0 Sidebar - ok
13:36:27.0932 0x0bf0 WindowsWelcomeCenter - ok
13:36:27.0994 0x0bf0 [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:36:28.0088 0x0bf0 Sidebar - ok
13:36:28.0088 0x0bf0 WindowsWelcomeCenter - ok
13:36:28.0135 0x0bf0 [ F2C201341735E6674F7AD892CEA3799B, BF1039D011834B4DDFD0ACDC4BE2F278D6DBB18CC5B40C2540E941FEDBDCB665 ] C:\Windows\ehome\ehTray.exe
13:36:28.0197 0x0bf0 ehTray.exe - ok
13:36:28.0244 0x0bf0 [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
13:36:28.0291 0x0bf0 WMPNSCFG - ok
13:36:28.0478 0x0bf0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe
13:36:28.0525 0x0bf0 Google Update - ok
13:36:28.0587 0x0bf0 swg - ok
13:36:28.0618 0x0bf0 [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
13:36:28.0650 0x0bf0 WMPNSCFG - ok
13:36:28.0930 0x0bf0 [ CAD76DEE2311C5FFF840A2EB7B058143, 191F87D4F15A187E8E4ED855D6A7BAFB17902A3C5DB6CFE71A5CDFF072CC88EA ] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
13:36:29.0492 0x0bf0 TOSHIBA Online Product Information - ok
13:36:29.0508 0x0bf0 Waiting for KSN requests completion. In queue: 18
13:36:30.0522 0x0bf0 Waiting for KSN requests completion. In queue: 10
13:36:31.0536 0x0bf0 Waiting for KSN requests completion. In queue: 10
13:36:32.0581 0x0bf0 AV detected via SS2: M-net Sicherheitspaket 9.12, C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsavwsch.exe ( 9.10.15260.0 ), 0x41000 ( enabled : updated )
13:36:32.0596 0x0bf0 FW detected via SS2: M-net Sicherheitspaket 9.12, C:\Program Files\M-net\Sicherheitspaket\FWES\Program\fsfwwsch.exe ( 6.22.155.0 ), 0x41010 ( enabled )
13:36:34.0905 0x0bf0 ============================================================
13:36:34.0905 0x0bf0 Scan finished
13:36:34.0905 0x0bf0 ============================================================
13:36:34.0905 0x1140 Detected object count: 1
13:36:34.0905 0x1140 Actual detected object count: 1
13:37:07.0642 0x1140 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:37:07.0643 0x1140 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:37:24.0611 0x153c Deinitialize success
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.06.16.03
rootkit: v2015.06.15.01
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Josi :: JOSI-NOTEBOOK [administrator]
16.06.2015 12:42:18
mbar-log-2015-06-16 (12-42-18).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 414760
Time elapsed: 44 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
17.06.2015, 05:31
| #5 |
| /// the machine /// TB-Ausbilder | Adware und Spyware gefunden von MNet Sicherheitstool hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.06.2015, 19:32
| #6 |
| | ComboFix LogCode:
ATTFilter ComboFix 15-06-09.01 - Josi 17.06.2015 20:04:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3036.1429 [GMT 2:00]
ausgeführt von:: c:\users\Josi\Downloads\ComboFix.exe
AV: M-net Sicherheitspaket 9.12 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: M-net Sicherheitspaket 9.12 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: M-net Sicherheitspaket 9.12 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Josi\agsetup183se.exe
c:\users\Josi\avira_antivir_personal415_de.exe
c:\users\Josi\lameplugin.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-05-17 bis 2015-06-17 ))))))))))))))))))))))))))))))
.
.
2015-06-17 18:18 . 2015-06-17 18:20 -------- d-----w- c:\users\Josi\AppData\Local\temp
2015-06-17 18:18 . 2015-06-17 18:18 -------- d-----w- c:\users\Gast\AppData\Local\temp
2015-06-17 18:18 . 2015-06-17 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-17 18:18 . 2015-06-17 18:18 -------- d-----w- c:\users\Beni\AppData\Local\temp
2015-06-16 10:42 . 2015-06-16 11:31 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-16 10:40 . 2015-06-16 10:40 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-15 20:17 . 2015-06-15 20:19 -------- d-----w- C:\FRST
2015-06-15 18:28 . 2015-06-15 19:36 -------- d-----w- c:\program files\Mozilla Thunderbird
2015-06-09 12:08 . 2015-06-09 12:08 6420480 ----a-w- c:\program files\GUTB24E.tmp
2015-06-09 12:08 . 2015-06-09 12:08 -------- d-----w- c:\program files\GUMB24D.tmp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-16 10:42 . 2014-08-22 06:37 119512 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2015-06-10 19:32 . 2012-04-11 05:10 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-06-10 19:32 . 2011-08-19 20:59 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-09 12:12 . 2012-07-24 19:26 43560 ----a-w- c:\windows\system32\drivers\fsbts.sys
2014-02-21 13:22 . 2014-02-21 13:22 49940480 ----a-w- c:\program files\GUTF415.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 421888]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-04-23 1011712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-21 61440]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-06 468320]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-03-31 503808]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-03-29 184320]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-03-24 163840]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-24 1323008]
"TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2009-04-15 570736]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-12 299008]
"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-03-23 1045904]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-03-04 96144]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-06 4389592]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-11-06 962688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-06 377712]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"F-Secure Manager"="c:\program files\M-net\Sicherheitspaket\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe" [2012-07-24 1655464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-2-24 391072]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-2-24 391072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 14886567
*NewlyCreated* - KGLORPOC
*Deregistered* - 14886567
*Deregistered* - kglorpoc
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-10 19:26 986440 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-17 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-03-20 13:30]
.
2015-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 19:32]
.
2015-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 15:53]
.
2015-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 15:53]
.
2015-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000Core.job
- c:\users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24 20:42]
.
2015-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000UA.job
- c:\users\Josi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24 20:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Josi\AppData\Roaming\Mozilla\Firefox\Profiles\lolrty9n.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2009-12-13 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
user_pref(extensions.autoDisableScopes,14);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-06-17 20:19
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-17 20:25:18
ComboFix-quarantined-files.txt 2015-06-17 18:25
.
Vor Suchlauf: 8 Verzeichnis(se), 46.884.057.088 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 47.380.434.944 Bytes frei
.
- - End Of File - - BDD0B8613E619FE96F61CE5F45325E64
5C616939100B85E558DA92B899A0FC36
|
|
18.06.2015, 16:24
| #7 |
| /// the machine /// TB-Ausbilder | Adware und Spyware gefunden von MNet Sicherheitstool Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.06.2015, 22:23
| #8 |
| | Mbam Log Hallo Schrauber, vielen lieben Dank schon mal! Frage: Soll ich die Dateien in der Quarantäne löschen lassen?? Hier der Log: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 18.06.2015 Suchlauf-Zeit: 21:41:09 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.18.05 Rootkit Datenbank: v2015.06.15.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Josi Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 425033 Verstrichene Zeit: 42 Min, 3 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 7 PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [1617d5e78bfff0462486721da263d828], PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, In Quarantäne, [bb722d8f0288c6706946593851b424dc], PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-550289631-3001628655-2886833039-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, In Quarantäne, [7ab38834afdb47efbaf5583910f56f91], PUP.Optional.ProductSetup.A, HKU\S-1-5-21-550289631-3001628655-2886833039-1000\SOFTWARE\PRODUCTSETUP, In Quarantäne, [fc31dae2503ae55120443a57c73e4db3], PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-550289631-3001628655-2886833039-1000\SOFTWARE\SUPER OPTIMIZER, In Quarantäne, [c16c902c8ffbdb5b3afde4acc0458878], PUP.Optional.Mindspark.A, HKU\S-1-5-21-550289631-3001628655-2886833039-1002\SOFTWARE\APPDATALOW\SOFTWARE\Allin1Convert_8h, In Quarantäne, [939a813bbcce5ed8bb991c0ff014dc24], PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-550289631-3001628655-2886833039-501\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, In Quarantäne, [5cd1bc008dfdeb4b7d32aee3877ed729], Registrierungswerte: 3 PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [1617d5e78bfff0462486721da263d828] PUP.Optional.ProductSetup.A, HKU\S-1-5-21-550289631-3001628655-2886833039-1000\SOFTWARE\PRODUCTSETUP|tb, In Quarantäne, [fc31dae2503ae55120443a57c73e4db3], PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-550289631-3001628655-2886833039-1000\SOFTWARE\SUPER OPTIMIZER|SetupName, C:\Users\Josi\AppData\Local\Temp\is1128754588\063C320E_stp\SuperOptimizer.exe, In Quarantäne, [c16c902c8ffbdb5b3afde4acc0458878] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 8 PUP.Optional.Mindspark.A, C:\Users\Beni\AppData\Roaming\Mozilla\Firefox\Profiles\bj5t1gdk.default\extensions\8hffxtbr@Allin1Convert_8h.com, In Quarantäne, [86a75e5e464437ff789ff8f9bc471ae6], PUP.Optional.Mindspark.A, C:\Users\Beni\AppData\Roaming\Mozilla\Firefox\Profiles\bj5t1gdk.default\extensions\8hffxtbr@Allin1Convert_8h.com\chrome, In Quarantäne, [86a75e5e464437ff789ff8f9bc471ae6], PUP.Optional.Mindspark.A, C:\Users\Beni\AppData\Roaming\Mozilla\Firefox\Profiles\bj5t1gdk.default\extensions\8hffxtbr@Allin1Convert_8h.com\META-INF, In Quarantäne, [86a75e5e464437ff789ff8f9bc471ae6], PUP.Optional.Mindspark.A, C:\Users\Beni\AppData\Roaming\Mozilla\Firefox\Profiles\bj5t1gdk.default\extensions\8hffxtbr@Allin1Convert_8h.com\plugins, In Quarantäne, [86a75e5e464437ff789ff8f9bc471ae6], PUP.Optional.AssistPoint.A, C:\Users\Beni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpoafklolhgippbaembaimabcodejbe\1.0.5592.26348_0, In Quarantäne, [61cc4379a2e82d095167add78c7ad42c], PUP.Optional.AssistPoint.A, C:\Users\Beni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpoafklolhgippbaembaimabcodejbe, In Quarantäne, [61cc4379a2e82d095167add78c7ad42c], PUP.Optional.AssistPoint.A, C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpoafklolhgippbaembaimabcodejbe\1.0.5592.26348_0, In Quarantäne, [40ed209c8a0086b04177b0d4fe089f61], PUP.Optional.AssistPoint.A, C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpoafklolhgippbaembaimabcodejbe, In Quarantäne, [40ed209c8a0086b04177b0d4fe089f61], Dateien: 16 PUP.Optional.Mindspark.A, C:\Users\Josi\AppData\Roaming\Mozilla\Firefox\Profiles\lolrty9n.default\searchplugins\ask-web-search.xml, In Quarantäne, [8f9e6c505a30fb3b0196d2583fc5b64a], PUP.Optional.Mindspark.A, C:\Users\Beni\AppData\Roaming\Mozilla\Firefox\Profiles\bj5t1gdk.default\extensions\8hffxtbr@Allin1Convert_8h.com\bootstrap.js, In Quarantäne, [86a75e5e464437ff789ff8f9bc471ae6], PUP.Optional.Mindspark.A, C:\Users\Beni\AppData\Roaming\Mozilla\Firefox\Profiles\bj5t1gdk.default\extensions\8hffxtbr@Allin1Convert_8h.com\chrome.manifest, In Quarantäne, [86a75e5e464437ff789ff8f9bc471ae6], PUP.Optional.Mindspark.A, C:\Users\Beni\AppData\Roaming\Mozilla\Firefox\Profiles\bj5t1gdk.default\extensions\8hffxtbr@Allin1Convert_8h.com\install.rdf, In Quarantäne, [86a75e5e464437ff789ff8f9bc471ae6], PUP.Optional.Mindspark.A, C:\Users\Beni\AppData\Roaming\Mozilla\Firefox\Profiles\bj5t1gdk.default\extensions\8hffxtbr@Allin1Convert_8h.com\install_no_bootstrap.rdf, In Quarantäne, [86a75e5e464437ff789ff8f9bc471ae6], PUP.Optional.Mindspark.A, C:\Users\Beni\AppData\Roaming\Mozilla\Firefox\Profiles\bj5t1gdk.default\extensions\8hffxtbr@Allin1Convert_8h.com\chrome\8hffxtbr.jar, In Quarantäne, [86a75e5e464437ff789ff8f9bc471ae6], PUP.Optional.Mindspark.A, C:\Users\Beni\AppData\Roaming\Mozilla\Firefox\Profiles\bj5t1gdk.default\extensions\8hffxtbr@Allin1Convert_8h.com\META-INF\manifest.mf, In Quarantäne, [86a75e5e464437ff789ff8f9bc471ae6], PUP.Optional.Mindspark.A, C:\Users\Beni\AppData\Roaming\Mozilla\Firefox\Profiles\bj5t1gdk.default\extensions\8hffxtbr@Allin1Convert_8h.com\META-INF\zigbert.rsa, In Quarantäne, [86a75e5e464437ff789ff8f9bc471ae6], PUP.Optional.Mindspark.A, C:\Users\Beni\AppData\Roaming\Mozilla\Firefox\Profiles\bj5t1gdk.default\extensions\8hffxtbr@Allin1Convert_8h.com\META-INF\zigbert.sf, In Quarantäne, [86a75e5e464437ff789ff8f9bc471ae6], PUP.Optional.Mindspark.A, C:\Users\Beni\AppData\Roaming\Mozilla\Firefox\Profiles\bj5t1gdk.default\extensions\8hffxtbr@Allin1Convert_8h.com\plugins\NativeMessagingDispatcher.dll, In Quarantäne, [86a75e5e464437ff789ff8f9bc471ae6], PUP.Optional.AssistPoint.A, C:\Users\Beni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpoafklolhgippbaembaimabcodejbe\1.0.5592.26348_0\manifest.json, In Quarantäne, [61cc4379a2e82d095167add78c7ad42c], PUP.Optional.AssistPoint.A, C:\Users\Beni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpoafklolhgippbaembaimabcodejbe\1.0.5592.26348_0\content.js, In Quarantäne, [61cc4379a2e82d095167add78c7ad42c], PUP.Optional.AssistPoint.A, C:\Users\Beni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpoafklolhgippbaembaimabcodejbe\1.0.5592.26348_0\icon.png, In Quarantäne, [61cc4379a2e82d095167add78c7ad42c], PUP.Optional.AssistPoint.A, C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpoafklolhgippbaembaimabcodejbe\1.0.5592.26348_0\manifest.json, In Quarantäne, [40ed209c8a0086b04177b0d4fe089f61], PUP.Optional.AssistPoint.A, C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpoafklolhgippbaembaimabcodejbe\1.0.5592.26348_0\content.js, In Quarantäne, [40ed209c8a0086b04177b0d4fe089f61], PUP.Optional.AssistPoint.A, C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpoafklolhgippbaembaimabcodejbe\1.0.5592.26348_0\icon.png, In Quarantäne, [40ed209c8a0086b04177b0d4fe089f61], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 18/06/2015 um 22:42:48
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (x86)
# Benutzername : Josi - JOSI-NOTEBOOK
# Gestarted von : C:\Users\Josi\Desktop\AdwCleaner_4.206.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Josi\AppData\Roaming\Mozilla\Firefox\Profiles\lolrty9n.default\user.js
Ordner Gefunden : C:\Users\Josi\AppData\Local\PackageAware
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{cfd32d46-7d3f-483f-bace-7172aec5592d}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Assist Point
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Super Optimizer_is1
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\UpdateStar
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v7.0.6001.18444
-\\ Mozilla Firefox v38.0.5 (x86 de)
[lolrty9n.default] - Zeile Gefunden : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[lolrty9n.default] - Zeile Gefunden : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[lolrty9n.default] - Zeile Gefunden : user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com");
-\\ Google Chrome v43.0.2357.124
*************************
AdwCleaner[R0].txt - [1852 Bytes] - [18/06/2015 22:42:48]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1911 Bytes] ##########
Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 18/06/2015 um 22:59:10
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (x86)
# Benutzername : Josi - JOSI-NOTEBOOK
# Gestarted von : C:\Users\Josi\Desktop\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Josi\AppData\Local\PackageAware
Datei Gelöscht : C:\Users\Josi\AppData\Roaming\Mozilla\Firefox\Profiles\lolrty9n.default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\UpdateStar
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Super Optimizer_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{cfd32d46-7d3f-483f-bace-7172aec5592d}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Assist Point
***** [ Internetbrowser ] *****
-\\ Internet Explorer v7.0.6001.18444
-\\ Mozilla Firefox v38.0.5 (x86 de)
[lolrty9n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[lolrty9n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[lolrty9n.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com");
-\\ Google Chrome v43.0.2357.124
*************************
AdwCleaner[R0].txt - [1990 Bytes] - [18/06/2015 22:42:48]
AdwCleaner[S0].txt - [1937 Bytes] - [18/06/2015 22:59:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1996 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.2 (06.18.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Josi on 18.06.2015 at 23:13:28,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
~~~ Chrome
[C:\Users\Josi\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Josi\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Josi\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Josi\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.06.2015 at 23:15:38,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by Josi (administrator) on JOSI-NOTEBOOK on 18-06-2015 23:22:48
Running from C:\Users\Josi\Downloads
Loaded Profiles: Josi (Available Profiles: Josi & Beni & Gast)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Common\FSHDLL32.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Common\FSM32.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe
(F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\FWES\program\fsdfwd.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [421888 2007-04-16] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1011712 2009-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7289376 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [468320 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [503808 2009-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [729088 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1323008 2009-04-24] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] => C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [570736 2009-04-15] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [299008 2009-05-12] (TOSHIBA CORPORATION)
HKLM\...\Run: [cfFncEnabler.exe] => C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1045904 2009-03-23] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [96144 2009-03-04] (Toshiba Europe GmbH)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4389592 2009-11-06] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [962688 2009-11-06] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [377712 2009-11-06] (Acronis)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [NeroCheck] => C:\Windows\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\M-net\Sicherheitspaket\Common\FSM32.EXE [201128 2009-11-18] (F-Secure Corporation)
HKLM\...\Run: [F-Secure TNB] => C:\Program Files\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe [1655464 2012-07-24] (F-Secure Corporation)
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [135680 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
Startup: C:\Users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2009-12-08]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-06-09]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-06-09]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2015-01-25]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-550289631-3001628655-2886833039-1002\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-550289631-3001628655-2886833039-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0FFA6FC6-A0BC-4284-9E06-C8B6E3AFBF3B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-550289631-3001628655-2886833039-1000 -> {0FFA6FC6-A0BC-4284-9E06-C8B6E3AFBF3B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG_deDE356
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2013-01-28] (Sun Microsystems, Inc.)
BHO: Browsing Protection Class -> {C6867EB7-8350-4856-877F-93CF8AE3DC9C} -> C:\Program Files\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll [2014-06-03] (F-Secure Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-01-28] (Sun Microsystems, Inc.)
Toolbar: HKLM - Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll [2014-06-03] (F-Secure Corporation)
Toolbar: HKU\S-1-5-21-550289631-3001628655-2886833039-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Josi\AppData\Roaming\Mozilla\Firefox\Profiles\lolrty9n.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_38 -> C:\Windows\system32\npdeployJava1.dll [2013-01-28] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2013-01-28] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Josi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @talk.google.com/O1DPlugin -> C:\Users\Josi\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Josi\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Josi\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2015-06-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-08]
FF HKLM\...\Firefox\Extensions: [litmus-ff@f-secure.com] - C:\Program Files\M-net\Sicherheitspaket\NRS\litmus-ff@f-secure.com
FF Extension: Browsing Protection - C:\Program Files\M-net\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012-07-24]
Chrome:
=======
CHR Profile: C:\Users\Josi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Josi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-16]
CHR Extension: (Google Wallet) - C:\Users\Josi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-16]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [619408 2009-11-06] (Acronis)
S2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S2 F-Secure Gatekeeper Handler Starter; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe [221608 2009-11-18] (F-Secure Corporation)
R3 FSDFWD; C:\Program Files\M-net\Sicherheitspaket\FWES\Program\fsdfwd.exe [524712 2009-11-18] (F-Secure Corporation)
R2 FSMA; C:\Program Files\M-net\Sicherheitspaket\Common\FSMA32.EXE [188840 2009-11-18] (F-Secure Corporation)
R3 FSORSPClient; C:\Program Files\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe [60456 2015-03-10] (F-Secure Corporation)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-03-23] (Toshiba Europe GmbH)
S2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation)
S2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed]
S2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed]
S2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [360704 2011-07-04] (TuneUp Software)
S2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604416 2011-07-04] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 F-Secure Filter; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys [41640 2009-11-18] ()
R3 F-Secure Gatekeeper; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys [145856 2013-07-10] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys [69928 2009-11-18] (F-Secure Corporation)
S4 F-Secure Recognizer; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys [27048 2009-11-18] ()
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [43560 2015-06-09] ()
R1 FSES; C:\Windows\System32\drivers\fses.sys [41552 2012-07-24] (F-Secure Corporation)
R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [72904 2009-11-18] (F-Secure Corporation)
R1 fsvista; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys [14248 2009-11-18] ()
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2009-12-27] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2009-12-27] (Acronis)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-20] (TOSHIBA Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Josi\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-18 23:15 - 2015-06-18 23:15 - 00001083 _____ C:\Users\Josi\Desktop\JRT.txt
2015-06-18 23:13 - 2015-06-18 23:13 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOSI-NOTEBOOK-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-06-18 23:13 - 2015-06-18 23:13 - 00000000 ____D C:\RegBackup
2015-06-18 23:12 - 2015-06-18 23:12 - 02950477 _____ (Thisisu) C:\Users\Josi\Desktop\JRT.exe
2015-06-18 22:42 - 2015-06-18 22:59 - 00000000 ____D C:\AdwCleaner
2015-06-18 22:42 - 2015-06-18 22:42 - 02231296 _____ C:\Users\Josi\Desktop\AdwCleaner_4.206.exe
2015-06-18 22:33 - 2015-06-18 22:33 - 00007772 _____ C:\Users\Josi\Desktop\mbam.txt
2015-06-18 22:26 - 2015-06-18 23:00 - 00012782 _____ C:\Windows\PFRO.log
2015-06-18 21:36 - 2015-06-18 21:36 - 00000864 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-18 21:36 - 2015-06-18 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-18 21:36 - 2015-06-18 21:36 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-06-18 21:36 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 21:36 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-18 21:34 - 2015-06-18 21:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Josi\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-17 20:25 - 2015-06-17 20:25 - 00010365 _____ C:\ComboFix.txt
2015-06-17 20:00 - 2015-06-17 20:25 - 00000000 ____D C:\ComboFix
2015-06-17 20:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-17 20:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-17 20:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-17 20:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-17 20:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-17 20:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-17 20:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-17 20:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-17 19:59 - 2015-06-17 20:25 - 00000000 ____D C:\Qoobox
2015-06-17 19:59 - 2015-06-17 20:21 - 00000000 ____D C:\Windows\erdnt
2015-06-17 09:03 - 2015-06-17 09:03 - 05628161 ____R (Swearware) C:\Users\Josi\Downloads\ComboFix.exe
2015-06-16 13:32 - 2015-06-16 13:32 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Josi\Desktop\tdsskiller.exe
2015-06-16 12:42 - 2015-06-16 13:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-16 12:40 - 2015-06-16 13:31 - 00000000 ____D C:\Users\Josi\Desktop\mbar
2015-06-16 12:40 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-16 12:39 - 2015-06-16 12:39 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Josi\Desktop\mbar-1.09.1.1004.exe
2015-06-15 22:54 - 2015-06-15 22:54 - 00086520 _____ C:\Users\Josi\Desktop\Gmer.txt
2015-06-15 22:32 - 2015-06-15 22:32 - 00380416 _____ C:\Users\Josi\Downloads\Gmer-19357.exe
2015-06-15 22:18 - 2015-06-15 22:19 - 00031618 _____ C:\Users\Josi\Downloads\Addition.txt
2015-06-15 22:17 - 2015-06-18 23:22 - 00018688 _____ C:\Users\Josi\Downloads\FRST.txt
2015-06-15 22:17 - 2015-06-18 23:22 - 00000000 ____D C:\FRST
2015-06-15 22:16 - 2015-06-15 22:17 - 01148416 _____ (Farbar) C:\Users\Josi\Downloads\FRST.exe
2015-06-15 22:15 - 2015-06-15 22:15 - 00000470 _____ C:\Users\Josi\Downloads\defogger_disable.log
2015-06-15 22:15 - 2015-06-15 22:15 - 00000000 _____ C:\Users\Josi\defogger_reenable
2015-06-15 22:14 - 2015-06-15 22:14 - 00050477 _____ C:\Users\Josi\Downloads\Defogger.exe
2015-06-15 21:42 - 2015-06-15 21:42 - 00004484 _____ C:\Users\Josi\Documents\cc_20150615_214201.reg
2015-06-15 20:34 - 2015-06-18 22:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-15 20:28 - 2015-06-15 21:36 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-06-11 20:47 - 2015-06-11 20:47 - 00001701 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 14:08 - 2015-06-09 14:08 - 06420480 _____ C:\Program Files\GUTB24E.tmp
2015-06-09 14:08 - 2015-06-09 14:08 - 00000000 ____D C:\Program Files\GUMB24D.tmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-18 23:17 - 2010-03-13 14:37 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-18 23:15 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-18 23:15 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-18 23:14 - 2014-12-10 18:44 - 01414928 _____ C:\Windows\WindowsUpdate.log
2015-06-18 23:14 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-18 23:07 - 2008-01-21 09:16 - 01586872 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-18 23:03 - 2014-08-22 08:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-06-18 23:03 - 2011-07-04 07:35 - 00000498 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2015-06-18 23:03 - 2010-03-13 14:37 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-18 23:00 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-18 22:59 - 2012-09-24 10:19 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000UA.job
2015-06-18 22:59 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-18 22:32 - 2012-04-11 07:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-18 22:26 - 2012-04-25 13:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-18 22:26 - 2009-06-09 11:27 - 00000000 ____D C:\Program Files\Google
2015-06-18 21:36 - 2014-01-17 17:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-17 20:25 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2015-06-17 20:25 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2015-06-17 20:20 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2015-06-17 20:17 - 2009-12-06 13:16 - 00000000 ____D C:\Users\Josi
2015-06-16 20:59 - 2012-09-24 10:19 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000Core.job
2015-06-15 21:47 - 2013-01-08 21:47 - 00000000 ____D C:\Users\Josi\AppData\Roaming\Garmin
2015-06-15 21:45 - 2009-12-06 13:19 - 00000000 ____D C:\Users\Josi\AppData\Local\Google
2015-06-15 21:45 - 2009-06-09 11:27 - 00000000 ____D C:\ProgramData\Google
2015-06-15 21:41 - 2010-05-16 18:10 - 00000000 ____D C:\Windows\Minidump
2015-06-13 14:50 - 2009-12-06 18:05 - 00130560 _____ C:\Users\Josi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-10 21:44 - 2009-06-09 11:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 21:43 - 2013-08-16 17:01 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 21:35 - 2006-11-02 12:24 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-10 21:32 - 2012-04-11 07:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-10 21:32 - 2011-08-19 22:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-09 20:50 - 2010-11-21 20:17 - 00000008 __RSH C:\Users\Josi\ntuser.pol
2015-06-09 14:12 - 2012-07-24 21:26 - 00043560 _____ C:\Windows\system32\Drivers\fsbts.sys
==================== Files in the root of some directories =======
2015-06-09 14:08 - 2015-06-09 14:08 - 6420480 _____ () C:\Program Files\GUTB24E.tmp
2014-02-21 15:22 - 2014-02-21 15:22 - 49940480 _____ () C:\Program Files\GUTF415.tmp
2009-12-06 15:51 - 2010-02-10 20:27 - 0000192 _____ () C:\Users\Josi\AppData\Roaming\wklnhst.dat
2009-12-06 23:54 - 2013-04-11 07:26 - 0000680 _____ () C:\Users\Josi\AppData\Local\d3d9caps.dat
2009-12-06 18:05 - 2015-06-13 14:50 - 0130560 _____ () C:\Users\Josi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-13 23:38 - 2009-12-13 23:39 - 0000336 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Josi\AppData\Local\temp\Quarantine.exe
C:\Users\Josi\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-18 23:07
==================== End of log ============================
|
|
19.06.2015, 16:27
| #9 |
| /// the machine /// TB-Ausbilder | Adware und Spyware gefunden von MNet SicherheitstoolESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.06.2015, 10:33
| #10 |
| | ESET logCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=050ead446be77d4789a09787e4cc0852
# end=init
# utc_time=2015-06-20 08:45:50
# local_time=2015-06-20 10:45:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.0.6001 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24419
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=050ead446be77d4789a09787e4cc0852
# end=updated
# utc_time=2015-06-20 08:48:46
# local_time=2015-06-20 10:48:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.0.6001 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=050ead446be77d4789a09787e4cc0852
# engine=24419
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-20 09:52:53
# local_time=2015-06-20 11:52:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 95 233911064 272326701 0 0
# scanned=196987
# found=6
# cleaned=0
# scan_time=3846
sh=4A5DEE4A5B1AEB00E5807AF3EE16DA7CCBE5521F ft=1 fh=0d8b6b0d107f5c19 vn="Variante von Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Josi\agsetup183se.exe.vir"
sh=14EF79CCEB06AFCFF52F330A21B2FFF0E76CF27B ft=0 fh=0000000000000000 vn="Win32/Toolbar.MyWebSearch.AO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Beni\AppData\Local\Mozilla\Firefox\Profiles\bj5t1gdk.default\Cache\6\F8\EF3C3d01"
sh=B3A746A8F828CB1EC58C0FC8D0FAB4934A815842 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Beni\AppData\Local\Mozilla\Firefox\Profiles\bj5t1gdk.default\Cache\F\E5\5D2C9d01"
sh=4A5DEE4A5B1AEB00E5807AF3EE16DA7CCBE5521F ft=1 fh=0d8b6b0d107f5c19 vn="Variante von Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Beni\Downloads\agsetup183se.exe"
sh=8547D1E5EACE099ECFE5EDBF6958FA077650894B ft=1 fh=61435738673b6524 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Beni\Downloads\FreeYouTubeToMP3Converter.exe"
sh=9AD14F7EAED0ED6A5E5C33E8EC147910AA230377 ft=1 fh=9b6c67ac3a12050f vn="Variante von Win32/UniBlue.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Josi\Documents\pcmechanicpm.exe"
Code:
ATTFilter
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015 Ran by Josi (administrator) on JOSI-NOTEBOOK on 20-06-2015 12:49:25 Running from C:\Users\Josi\Downloads Loaded Profiles: Josi (Available Profiles: Josi & Beni & Gast) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsgk32.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Common\FSHDLL32.EXE (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TuneUp Software) C:\Windows\System32\TUProgSt.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\FWES\program\fsdfwd.exe (F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fssm32.exe (F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsav32.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (F-Secure Corporation) C:\Program Files\M-net\Sicherheitspaket\Common\FSM32.EXE (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (TuneUp Software) C:\Windows\System32\TuneUpDefragService.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () C:\Users\Josi\Desktop\SecurityCheck.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [421888 2007-04-16] (TOSHIBA Electronics, Inc.) HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1011712 2009-04-23] (TOSHIBA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7289376 2009-03-30] (Realtek Semiconductor) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [468320 2009-03-06] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [503808 2009-03-31] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [729088 2009-03-23] (TOSHIBA Corporation) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.) HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-03-24] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1323008 2009-04-24] (TOSHIBA Corporation) HKLM\...\Run: [TPCHWMsg] => C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [570736 2009-04-15] (TOSHIBA Corporation) HKLM\...\Run: [NDSTray.exe] => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [299008 2009-05-12] (TOSHIBA CORPORATION) HKLM\...\Run: [cfFncEnabler.exe] => C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1045904 2009-03-23] (Toshiba Europe GmbH) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [96144 2009-03-04] (Toshiba Europe GmbH) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.) HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4389592 2009-11-06] (Acronis) HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [962688 2009-11-06] (Acronis) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [377712 2009-11-06] (Acronis) HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION) HKLM\...\Run: [NeroCheck] => C:\Windows\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [F-Secure Manager] => C:\Program Files\M-net\Sicherheitspaket\Common\FSM32.EXE [201128 2009-11-18] (F-Secure Corporation) HKLM\...\Run: [F-Secure TNB] => C:\Program Files\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe [1655464 2012-07-24] (F-Secure Corporation) HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [135680 2008-07-03] (Microsoft Corporation) HKU\S-1-5-21-550289631-3001628655-2886833039-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA) Startup: C:\Users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2009-12-08] ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-06-09] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-06-09] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2015-01-25] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-550289631-3001628655-2886833039-1002\User: Group Policy Restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-550289631-3001628655-2886833039-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-550289631-3001628655-2886833039-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-550289631-3001628655-2886833039-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {0FFA6FC6-A0BC-4284-9E06-C8B6E3AFBF3B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-550289631-3001628655-2886833039-1000 -> {0FFA6FC6-A0BC-4284-9E06-C8B6E3AFBF3B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG_deDE356 BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2013-01-28] (Sun Microsystems, Inc.) BHO: Browsing Protection Class -> {C6867EB7-8350-4856-877F-93CF8AE3DC9C} -> C:\Program Files\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll [2014-06-03] (F-Secure Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-01-28] (Sun Microsystems, Inc.) Toolbar: HKLM - Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll [2014-06-03] (F-Secure Corporation) Toolbar: HKU\S-1-5-21-550289631-3001628655-2886833039-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Josi\AppData\Roaming\Mozilla\Firefox\Profiles\lolrty9n.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2015-02-13] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=1.6.0_38 -> C:\Windows\system32\npdeployJava1.dll [2013-01-28] (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2013-01-28] (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.) FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Josi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @talk.google.com/O1DPlugin -> C:\Users\Josi\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.) FF Plugin HKU\S-1-5-21-550289631-3001628655-2886833039-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Josi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\Josi\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Josi\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2015-06-15] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-08] FF HKLM\...\Firefox\Extensions: [litmus-ff@f-secure.com] - C:\Program Files\M-net\Sicherheitspaket\NRS\litmus-ff@f-secure.com FF Extension: Browsing Protection - C:\Program Files\M-net\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012-07-24] Chrome: ======= CHR Profile: C:\Users\Josi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Josi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-16] CHR Extension: (Google Wallet) - C:\Users\Josi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-16] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [619408 2009-11-06] (Acronis) R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION) R2 F-Secure Gatekeeper Handler Starter; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe [221608 2009-11-18] (F-Secure Corporation) R3 FSDFWD; C:\Program Files\M-net\Sicherheitspaket\FWES\Program\fsdfwd.exe [524712 2009-11-18] (F-Secure Corporation) R2 FSMA; C:\Program Files\M-net\Sicherheitspaket\Common\FSMA32.EXE [188840 2009-11-18] (F-Secure Corporation) R3 FSORSPClient; C:\Program Files\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe [60456 2015-03-10] (F-Secure Corporation) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-03-23] (Toshiba Europe GmbH) R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation) R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed] R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed] R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation) R3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [360704 2011-07-04] (TuneUp Software) R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604416 2011-07-04] (TuneUp Software) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 eapihdrv; C:\Users\Josi\AppData\Local\Temp\ehdrv.sys [135760 2015-06-20] (ESET) S4 F-Secure Filter; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys [41640 2009-11-18] () R3 F-Secure Gatekeeper; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys [145856 2013-07-10] (F-Secure Corporation) R1 F-Secure HIPS; C:\Program Files\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys [69928 2009-11-18] (F-Secure Corporation) S4 F-Secure Recognizer; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys [27048 2009-11-18] () R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [43560 2015-06-09] () R1 FSES; C:\Windows\System32\drivers\fses.sys [41552 2012-07-24] (F-Secure Corporation) R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [72904 2009-11-18] (F-Secure Corporation) R1 fsvista; C:\Program Files\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys [14248 2009-11-18] () R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.) R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2009-12-27] (Acronis) R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2009-12-27] (Acronis) R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-20] (TOSHIBA Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\Josi\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-20 12:31 - 2015-06-20 12:31 - 00852639 _____ C:\Users\Josi\Desktop\SecurityCheck.exe 2015-06-20 10:43 - 2015-06-20 10:43 - 02870984 _____ (ESET) C:\Users\Josi\Downloads\esetsmartinstaller_deu.exe 2015-06-19 09:53 - 2015-06-19 09:53 - 00000000 ____D C:\Users\Josi\Documents\KFW 2015-06-19 09:51 - 2015-06-19 09:51 - 00000000 ____D C:\Users\Josi\Documents\KFW Anträge 2015-06-19 09:50 - 2015-06-19 09:50 - 00000000 ____D C:\Users\Josi\Documents\Arbeitsvertrag Beni 2015-06-19 09:50 - 2015-06-19 09:50 - 00000000 ____D C:\Users\Josi\Documents\2015_03_02 2015-06-18 23:31 - 2015-06-20 03:01 - 00000566 _____ C:\Windows\Tasks\Scheduled scanning task.job 2015-06-18 23:15 - 2015-06-18 23:15 - 00001083 _____ C:\Users\Josi\Desktop\JRT.txt 2015-06-18 23:13 - 2015-06-18 23:13 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOSI-NOTEBOOK-Windows-Vista-(TM)-Home-Premium-(32-bit).dat 2015-06-18 23:13 - 2015-06-18 23:13 - 00000000 ____D C:\RegBackup 2015-06-18 23:12 - 2015-06-18 23:12 - 02950477 _____ (Thisisu) C:\Users\Josi\Desktop\JRT.exe 2015-06-18 22:42 - 2015-06-18 22:59 - 00000000 ____D C:\AdwCleaner 2015-06-18 22:42 - 2015-06-18 22:42 - 02231296 _____ C:\Users\Josi\Desktop\AdwCleaner_4.206.exe 2015-06-18 22:33 - 2015-06-18 22:33 - 00007772 _____ C:\Users\Josi\Desktop\mbam.txt 2015-06-18 22:26 - 2015-06-18 23:00 - 00012782 _____ C:\Windows\PFRO.log 2015-06-18 21:36 - 2015-06-18 21:36 - 00000864 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-18 21:36 - 2015-06-18 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-18 21:36 - 2015-06-18 21:36 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2015-06-18 21:36 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-18 21:36 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-18 21:34 - 2015-06-18 21:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Josi\Downloads\mbam-setup-2.1.6.1022.exe 2015-06-17 20:25 - 2015-06-17 20:25 - 00010365 _____ C:\ComboFix.txt 2015-06-17 20:00 - 2015-06-17 20:25 - 00000000 ____D C:\ComboFix 2015-06-17 20:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-06-17 20:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-06-17 20:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-06-17 20:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-06-17 20:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-06-17 20:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-06-17 20:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-06-17 20:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-06-17 19:59 - 2015-06-17 20:25 - 00000000 ____D C:\Qoobox 2015-06-17 19:59 - 2015-06-17 20:21 - 00000000 ____D C:\Windows\erdnt 2015-06-17 09:03 - 2015-06-17 09:03 - 05628161 ____R (Swearware) C:\Users\Josi\Downloads\ComboFix.exe 2015-06-16 13:32 - 2015-06-16 13:32 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Josi\Desktop\tdsskiller.exe 2015-06-16 12:42 - 2015-06-16 13:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-06-16 12:40 - 2015-06-16 13:31 - 00000000 ____D C:\Users\Josi\Desktop\mbar 2015-06-16 12:40 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-16 12:39 - 2015-06-16 12:39 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Josi\Desktop\mbar-1.09.1.1004.exe 2015-06-15 22:54 - 2015-06-15 22:54 - 00086520 _____ C:\Users\Josi\Desktop\Gmer.txt 2015-06-15 22:32 - 2015-06-15 22:32 - 00380416 _____ C:\Users\Josi\Downloads\Gmer-19357.exe 2015-06-15 22:18 - 2015-06-15 22:19 - 00031618 _____ C:\Users\Josi\Downloads\Addition.txt 2015-06-15 22:17 - 2015-06-20 12:49 - 00022934 _____ C:\Users\Josi\Downloads\FRST.txt 2015-06-15 22:17 - 2015-06-20 12:49 - 00000000 ____D C:\FRST 2015-06-15 22:16 - 2015-06-15 22:17 - 01148416 _____ (Farbar) C:\Users\Josi\Downloads\FRST.exe 2015-06-15 22:15 - 2015-06-15 22:15 - 00000470 _____ C:\Users\Josi\Downloads\defogger_disable.log 2015-06-15 22:15 - 2015-06-15 22:15 - 00000000 _____ C:\Users\Josi\defogger_reenable 2015-06-15 22:14 - 2015-06-15 22:14 - 00050477 _____ C:\Users\Josi\Downloads\Defogger.exe 2015-06-15 21:42 - 2015-06-15 21:42 - 00004484 _____ C:\Users\Josi\Documents\cc_20150615_214201.reg 2015-06-15 20:34 - 2015-06-18 22:26 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-06-15 20:28 - 2015-06-15 21:36 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2015-06-11 20:47 - 2015-06-11 20:47 - 00001701 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-09 14:08 - 2015-06-09 14:08 - 06420480 _____ C:\Program Files\GUTB24E.tmp 2015-06-09 14:08 - 2015-06-09 14:08 - 00000000 ____D C:\Program Files\GUMB24D.tmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-20 12:32 - 2012-04-11 07:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-20 12:25 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-20 12:25 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-20 12:17 - 2010-03-13 14:37 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-20 12:00 - 2011-07-04 07:35 - 00000498 _____ C:\Windows\Tasks\1-Klick-Wartung.job 2015-06-20 11:59 - 2012-09-24 10:19 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000UA.job 2015-06-20 11:23 - 2014-08-22 08:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2015-06-20 10:44 - 2008-01-21 09:16 - 01586872 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-20 10:24 - 2014-12-10 18:44 - 01505909 _____ C:\Windows\WindowsUpdate.log 2015-06-19 20:59 - 2012-09-24 10:19 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550289631-3001628655-2886833039-1000Core.job 2015-06-19 10:03 - 2009-06-09 11:27 - 00000000 ____D C:\Program Files\Picasa2 2015-06-18 23:32 - 2010-03-13 14:37 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-18 23:32 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV 2015-06-18 23:29 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-18 23:28 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-18 22:26 - 2012-04-25 13:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-06-18 22:26 - 2009-06-09 11:27 - 00000000 ____D C:\Program Files\Google 2015-06-18 21:36 - 2014-01-17 17:11 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-17 20:25 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default 2015-06-17 20:25 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2015-06-17 20:20 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2015-06-17 20:17 - 2009-12-06 13:16 - 00000000 ____D C:\Users\Josi 2015-06-15 21:47 - 2013-01-08 21:47 - 00000000 ____D C:\Users\Josi\AppData\Roaming\Garmin 2015-06-15 21:45 - 2009-12-06 13:19 - 00000000 ____D C:\Users\Josi\AppData\Local\Google 2015-06-15 21:45 - 2009-06-09 11:27 - 00000000 ____D C:\ProgramData\Google 2015-06-15 21:41 - 2010-05-16 18:10 - 00000000 ____D C:\Windows\Minidump 2015-06-13 14:50 - 2009-12-06 18:05 - 00130560 _____ C:\Users\Josi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-10 21:44 - 2009-06-09 11:35 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-06-10 21:43 - 2013-08-16 17:01 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 21:35 - 2006-11-02 12:24 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-06-10 21:32 - 2012-04-11 07:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-06-10 21:32 - 2011-08-19 22:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-06-09 20:50 - 2010-11-21 20:17 - 00000008 __RSH C:\Users\Josi\ntuser.pol 2015-06-09 14:12 - 2012-07-24 21:26 - 00043560 _____ C:\Windows\system32\Drivers\fsbts.sys ==================== Files in the root of some directories ======= 2015-06-09 14:08 - 2015-06-09 14:08 - 6420480 _____ () C:\Program Files\GUTB24E.tmp 2014-02-21 15:22 - 2014-02-21 15:22 - 49940480 _____ () C:\Program Files\GUTF415.tmp 2009-12-06 15:51 - 2010-02-10 20:27 - 0000192 _____ () C:\Users\Josi\AppData\Roaming\wklnhst.dat 2009-12-06 23:54 - 2013-04-11 07:26 - 0000680 _____ () C:\Users\Josi\AppData\Local\d3d9caps.dat 2009-12-06 18:05 - 2015-06-13 14:50 - 0130560 _____ () C:\Users\Josi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-12-13 23:38 - 2009-12-13 23:39 - 0000336 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== C:\Users\Josi\AppData\Local\temp\Quarantine.exe C:\Users\Josi\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-18 23:07 ==================== End of log ============================ Ist das gefährlich, wenn ich sie einfach "grob" entferne? OK, nun habe ich die Sticks/die Festplatte entfernt, als der Laptop zugeklappt und auf Standby war. Dann habe ich sie wieder eingesteckt, doch der Laptop erkennt sie nicht. Stecke ich die externe Festplatte am anderen Laptop ein, kann ich sie auch nicht öffnen. "Falscher Parameter" steht da. Liegt das an der externen Festplatte oder noch an den Laptops, die noch nicht wieder ganz sauber arbeiten? LG |
|
22.06.2015, 06:15
| #11 |
| /// the machine /// TB-Ausbilder | Adware und Spyware gefunden von MNet Sicherheitstool Ich denke eher an der Platte, Tabelle zerschossen oder so. Java, Flash und Adobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Beni\AppData\Local\Mozilla\Firefox\Profiles\bj5t1gdk.default\Cache\6\F8\EF3C3d01
C:\Users\Beni\AppData\Local\Mozilla\Firefox\Profiles\bj5t1gdk.default\Cache\F\E5\5D2C9d01
C:\Users\Beni\Downloads\agsetup183se.exe
C:\Users\Beni\Downloads\FreeYouTubeToMP3Converter.exe
C:\Users\Josi\Documents\pcmechanicpm.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-550289631-3001628655-2886833039-1002\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.06.2015, 19:26
| #12 |
| | FixlogCode:
ATTFilter Fix result of Farbar Recovery Scan Tool (x86) Version: 21-06-2015 01
Ran by Josi at 2015-06-22 19:43:41 Run:1
Running from C:\Users\Josi\Downloads
Loaded Profiles: Josi (Available Profiles: Josi & Beni & Gast)
Boot Mode: Normal
==============================================
fixlist content:
*****************
C:\Users\Beni\AppData\Local\Mozilla\Firefox\Profiles\bj5t1gdk.default\Cache\6\F8\EF3C3d01
C:\Users\Beni\AppData\Local\Mozilla\Firefox\Profiles\bj5t1gdk.default\Cache\F\E5\5D2C9d01
C:\Users\Beni\Downloads\agsetup183se.exe
C:\Users\Beni\Downloads\FreeYouTubeToMP3Converter.exe
C:\Users\Josi\Documents\pcmechanicpm.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-550289631-3001628655-2886833039-1002\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
*****************
C:\Users\Beni\AppData\Local\Mozilla\Firefox\Profiles\bj5t1gdk.default\Cache\6\F8\EF3C3d01 => moved successfully.
C:\Users\Beni\AppData\Local\Mozilla\Firefox\Profiles\bj5t1gdk.default\Cache\F\E5\5D2C9d01 => moved successfully.
C:\Users\Beni\Downloads\agsetup183se.exe => moved successfully.
C:\Users\Beni\Downloads\FreeYouTubeToMP3Converter.exe => moved successfully.
C:\Users\Josi\Documents\pcmechanicpm.exe => moved successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-550289631-3001628655-2886833039-1002\User => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
EmptyTemp: => 569.4 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 19:45:18 ====
|
|
23.06.2015, 12:03
| #13 |
| /// the machine /// TB-Ausbilder | Adware und Spyware gefunden von MNet Sicherheitstool Firefox gemacht? Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.06.2015, 13:48
| #14 |
| | Adware und Spyware gefunden von MNet Sicherheitstool Hab Firefox deinstalliert. Beim Versuch, es neu zu installieren kam dieser Fehler: Malwarebytes Anti-Malware hat ein potenziell unerwünschtes Programm blockiert: Hersteller; PUP.Optional.InstallCore.A Pfad: C:\Users... tractorapp_com[1].exe Was nun? :-( |
|
24.06.2015, 06:36
| #15 |
| /// the machine /// TB-Ausbilder | Adware und Spyware gefunden von MNet Sicherheitstool wo hast Du Firefox geladen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Adware und Spyware gefunden von MNet Sicherheitstool |
| adware, antivir, avira, branding, browser, canon, desktop, excel, firefox, firefox 38.0.5, flash player, google, helper, home, homepage, mozilla, object, realtek, registry, rundll, scan, security, software, spyware, svchost.exe, system, werbung, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
