Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verschlüsselungs Trojaner bitte OTL-log überprüfen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.04.2012, 12:51   #1
nap
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



Liebe Trojaner-Board-Helferinnen und Helfer,

gestern wurde mir ein Laptop mit Windows 7 gebracht, der einen Verschlüsselungstrojaner auf dem klassischen Email-Weg eingefangen hat.

Ich habe mehrere Virenscanner durchlaufen lassen, auch den Malwarebytes Anti-Malware, mit keinem Resultat.
Dann hat Dr. Web CureIT dreimal den trojan.pws.panda.2128 gefunden und gelöscht, seitdem kann ich mich wieder ganz normal anmelden.

Die verschlüsselten Dateien habe ich mit Avira Ransom File Unlocker entschlüsselt, alles scheint wieder in Ordnung zu sein, aber bevor ich den Laptop zurückgebe, könnte jemand bitte mein OTL-logfile anschauen, damit ich sicher sein kann, dass alles Böseartige weg ist?
OTL.txt
Code:
ATTFilter
OTL logfile created on: 29.04.2012 13:31:55 - Run 1
OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\***\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 69,39% Memory free
6,99 Gb Paging File | 5,81 Gb Available in Paging File | 83,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,15 Gb Total Space | 125,02 Gb Free Space | 67,16% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 184,99 Gb Total Space | 177,90 Gb Free Space | 96,16% Space Free | Partition Type: NTFS
 
Computer Name: KERSTIN***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.29 13:30:33 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.28 20:36:51 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.01.23 06:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.11.29 20:54:58 | 000,505,264 | ---- | M] (REINER SCT) -- C:\Windows\System32\cjpcsc.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.05.25 19:16:16 | 000,619,008 | ---- | M] (Nikon Corporation) -- C:\Programme\Nikon\Nikon Message Center 2\NkMC2.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.09.03 16:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009.08.21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009.08.21 10:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009.08.13 13:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009.08.05 15:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009.07.30 00:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.07.30 00:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008.09.26 14:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Programme\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008.04.24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2007.11.21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.07.10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.21 17:58:00 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012.04.11 17:00:10 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012.04.11 16:59:23 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012.04.11 16:59:12 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012.03.28 20:36:51 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.02.17 16:47:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.17 16:46:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.17 16:46:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.17 16:46:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.10.13 16:48:22 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.13 01:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.03.14 00:54:19 | 001,736,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3497.38831__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010.03.14 00:54:19 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010.03.14 00:54:19 | 000,339,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3497.38814__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:19 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.03.14 00:54:19 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3497.38880__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:19 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3497.38863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3497.38828__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.03.14 00:54:19 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3497.38823__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:18 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3497.38822__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:17 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:17 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:17 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.03.14 00:54:17 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3497.38867__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:15 | 000,950,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3497.38923__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:15 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:15 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:15 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3497.38875__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.03.14 00:54:15 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010.03.14 00:54:15 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:15 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3497.38861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:15 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:15 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:15 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3497.38860__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:14 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:14 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:14 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:14 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.03.14 00:54:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.03.14 00:54:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010.03.14 00:54:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010.03.14 00:54:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.03.14 00:54:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.03.14 00:54:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.03.14 00:54:13 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.03.14 00:54:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.03.14 00:54:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.03.14 00:54:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.03.14 00:54:11 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.03.14 00:54:11 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.03.14 00:54:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.03.14 00:54:11 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.03.14 00:54:10 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.03.14 00:54:10 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.03.14 00:54:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.03.14 00:54:10 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010.03.14 00:54:10 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.03.14 00:54:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.03.14 00:54:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.03.14 00:54:09 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3497.38894__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.03.14 00:54:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.03.14 00:54:09 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.03.14 00:54:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3497.38904__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.03.14 00:54:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.03.14 00:54:09 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.03.14 00:54:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.03.14 00:54:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.03.14 00:54:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010.03.14 00:54:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.03.14 00:54:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.03.14 00:54:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.03.14 00:54:09 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3497.38810__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.03.14 00:54:08 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3497.38827__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.03.14 00:54:08 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3497.38892__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.03.14 00:54:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3497.38813__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010.03.14 00:54:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3497.38812__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.03.14 00:54:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.03.14 00:54:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.03.14 00:54:08 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.03.14 00:54:07 | 001,212,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3497.38819__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.03.14 00:54:07 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.03.14 00:54:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.03.14 00:54:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.03.14 00:54:06 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3497.38811__90ba9c70f846762e\APM.Server.dll
MOD - [2010.03.14 00:54:06 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3497.38810__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.03.14 00:54:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.03.14 00:54:06 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3497.38893__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.07.29 16:35:38 | 000,014,648 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2009.07.16 16:27:48 | 000,052,536 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009.07.16 16:27:44 | 007,263,544 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009.05.04 11:45:14 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009.03.12 20:08:04 | 000,049,152 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2006.10.07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.21 17:58:00 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.29 20:54:58 | 000,505,264 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\System32\cjpcsc.exe -- (cjpcsc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.08.21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009.07.30 00:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2007.11.21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.20 12:34:21 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.08 09:54:42 | 000,028,208 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb)
DRV - [2009.09.21 11:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.30 18:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009.07.30 13:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.22 10:30:54 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009.07.14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009.07.07 09:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009.05.05 01:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008.07.15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.02.27 19:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2007.10.17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.05.31 08:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
IE - HKLM\..\SearchScopes,DefaultScope = {4485F25B-48C5-415A-A407-FDC53D14C1AA}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4485F25B-48C5-415A-A407-FDC53D14C1AA}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE;
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {4485F25B-48C5-415A-A407-FDC53D14C1AA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4485F25B-48C5-415A-A407-FDC53D14C1AA}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE;
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7TSEE_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=DxJWcXub-MDkLtFJuFlEYPAzo0A?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.28 20:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.21 18:16:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.29 15:53:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.04.08 19:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.03.14 01:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.08 19:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.04.28 14:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\szp85g3h.default\extensions
[2012.03.28 20:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.03.13 23:48:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.03.28 20:36:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 20:48:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.16 21:20:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.16 21:20:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.16 21:20:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.16 21:20:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.16 21:20:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.16 21:20:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E107494-A329-4CE0-BA88-CC363881EC4C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{8e015357-c16e-11de-8326-001e33c4e2c3}\Shell - "" = AutoRun
O33 - MountPoints2\{8e015357-c16e-11de-8326-001e33c4e2c3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{edc9fadb-2ee7-11df-a542-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{edc9fadb-2ee7-11df-a542-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.29 11:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.04.29 11:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.04.29 10:35:06 | 000,000,000 | ---D | C] -- C:\Users\***\DoctorWeb
[2012.04.28 23:29:10 | 198,547,640 | ---- | C] (T-Online) -- C:\Users\***\Desktop\T-Online_6.0.exe
[2012.04.28 23:09:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Avira-RansomFileUnlocker
[2012.04.28 21:52:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.04.28 21:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.28 21:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.28 21:52:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.28 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.28 18:09:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qkueqfgbdo
[2012.04.21 17:58:00 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.11 10:27:50 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.04.11 10:27:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.11 10:27:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.11 10:27:49 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.11 10:27:49 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.29 15:27:38 | 000,002,005 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012.04.29 15:26:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.29 15:26:38 | 2816,864,256 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.29 13:38:41 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.04.29 13:34:41 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.29 13:34:41 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.29 13:33:03 | 000,672,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.29 13:33:03 | 000,630,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.29 13:33:03 | 000,138,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.29 13:33:03 | 000,113,542 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.29 13:32:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.29 11:10:13 | 000,010,214 | ---- | M] () -- C:\Users\***\Documents\H&M Kundennummer.eml
[2012.04.29 11:10:13 | 000,001,622 | ---- | M] () -- C:\Users\***\Documents\Neues Passwort schlecker.eml
[2012.04.28 23:56:23 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2012.04.28 23:29:23 | 000,000,268 | ---- | M] () -- C:\Users\***\AppData\Roaming\Audio Unit Effect
[2012.04.28 23:29:23 | 000,000,268 | ---- | M] () -- C:\Users\***\AppData\Roaming\Audio
[2012.04.28 23:29:18 | 002,195,352 | ---- | M] () -- C:\Users\***\Desktop\TeamViewerQS.exe
[2012.04.28 23:29:17 | 198,547,640 | ---- | M] (T-Online) -- C:\Users\***\Desktop\T-Online_6.0.exe
[2012.04.28 23:29:10 | 000,135,673 | ---- | M] () -- C:\Users\***\Desktop\Plakat - Foer de Katt - 2012.jpg
[2012.04.28 23:29:10 | 000,000,048 | ---- | M] () -- C:\Users\***\Desktop\Google Maps.URL
[2012.04.28 23:26:05 | 001,059,629 | ---- | M] () -- C:\Users\***\Documents\RN. Telekomm Andre Unfall.pdf
[2012.04.28 23:26:05 | 000,815,000 | ---- | M] () -- C:\Users\***\Documents\Krankenhausbericht Roland Klinik.pdf
[2012.04.28 23:26:05 | 000,558,304 | ---- | M] () -- C:\Users\***\Documents\Zahnbehandlungsschein.pdf
[2012.04.28 23:26:05 | 000,111,550 | ---- | M] () -- C:\Users\***\Documents\Rechnung messerblock.pdf
[2012.04.28 23:26:05 | 000,044,281 | ---- | M] () -- C:\Users\***\Documents\Rechnung M.Bremer.pdf
[2012.04.28 23:26:04 | 000,052,752 | ---- | M] () -- C:\Users\***\Documents\Goldene Hochzeit.mcf
[2012.04.28 23:26:04 | 000,008,023 | ---- | M] () -- C:\Users\***\Documents\29051 jemako rechnung.pdf
[2012.04.28 21:06:18 | 000,000,407 | ---- | M] () -- C:\Users\***\Desktop\Decrypt.jar
[2012.04.28 18:14:17 | 000,558,304 | ---- | M] () -- C:\Users\***\Documents\locked-Zahnbehandlungsschein.pdf.wwcj
[2012.04.28 18:14:09 | 001,059,629 | ---- | M] () -- C:\Users\***\Documents\locked-RN. Telekomm Andre Unfall.pdf.nwpb
[2012.04.28 18:14:05 | 000,111,550 | ---- | M] () -- C:\Users\***\Documents\locked-Rechnung messerblock.pdf.sowf
[2012.04.28 18:14:05 | 000,044,281 | ---- | M] () -- C:\Users\***\Documents\locked-Rechnung M.Bremer.pdf.mwbg
[2012.04.28 18:14:05 | 000,001,622 | ---- | M] () -- C:\Users\***\Documents\locked-Neues Passwort schlecker.eml.vdfm
[2012.04.28 18:14:04 | 000,815,000 | ---- | M] () -- C:\Users\***\Documents\locked-Krankenhausbericht Roland Klinik.pdf.ewld
[2012.04.28 18:13:57 | 000,052,752 | ---- | M] () -- C:\Users\***\Documents\locked-Goldene Hochzeit.mcf.ssfw
[2012.04.28 18:13:57 | 000,010,214 | ---- | M] () -- C:\Users\***\Documents\locked-H&M Kundennummer.eml.cfdc
[2012.04.28 18:13:53 | 198,547,640 | ---- | M] () -- C:\Users\***\Desktop\locked-T-Online_6.0.exe.lkhz
[2012.04.28 18:13:53 | 002,195,352 | ---- | M] () -- C:\Users\***\Desktop\locked-TeamViewerQS.exe.zrnz
[2012.04.28 18:13:53 | 000,008,023 | ---- | M] () -- C:\Users\***\Documents\locked-29051 jemako rechnung.pdf.fywc
[2012.04.28 18:13:52 | 000,135,673 | ---- | M] () -- C:\Users\***\Desktop\locked-Plakat - Foer de Katt - 2012.jpg.arof
[2012.04.28 18:13:51 | 000,000,048 | ---- | M] () -- C:\Users\***\Desktop\locked-Google Maps.URL.anrb
[2012.04.28 18:13:07 | 000,000,268 | ---- | M] () -- C:\Users\***\AppData\Roaming\locked-Audio.ptxt
[2012.04.28 18:13:07 | 000,000,268 | ---- | M] () -- C:\Users\***\AppData\Roaming\locked-Audio Unit Effect.dnrd
[2012.04.28 18:11:01 | 000,000,012 | ---- | M] () -- C:\ProgramData\CMMs
[2012.04.28 18:11:01 | 000,000,012 | ---- | M] () -- C:\ProgramData\Bundle
[2012.04.28 18:11:01 | 000,000,012 | ---- | M] () -- C:\ProgramData\Brother
[2012.04.28 18:10:58 | 000,000,268 | ---- | M] () -- C:\ProgramData\Automator
[2012.04.28 18:10:58 | 000,000,268 | ---- | M] () -- C:\ProgramData\Automatic Filter
[2012.04.28 18:10:58 | 000,000,268 | ---- | M] () -- C:\ProgramData\Authentication
[2012.04.21 17:58:00 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.21 17:58:00 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.29 10:14:24 | 000,002,005 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012.04.28 23:56:23 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat
[2012.04.28 23:29:23 | 000,000,268 | ---- | C] () -- C:\Users\***\AppData\Roaming\Audio Unit Effect
[2012.04.28 23:29:23 | 000,000,268 | ---- | C] () -- C:\Users\***\AppData\Roaming\Audio
[2012.04.28 23:29:17 | 002,195,352 | ---- | C] () -- C:\Users\***\Desktop\TeamViewerQS.exe
[2012.04.28 23:29:10 | 000,135,673 | ---- | C] () -- C:\Users\***\Desktop\Plakat - Foer de Katt - 2012.jpg
[2012.04.28 23:29:10 | 000,000,048 | ---- | C] () -- C:\Users\***\Desktop\Google Maps.URL
[2012.04.28 23:26:05 | 001,059,629 | ---- | C] () -- C:\Users\***\Documents\RN. Telekomm Andre Unfall.pdf
[2012.04.28 23:26:05 | 000,815,000 | ---- | C] () -- C:\Users\***\Documents\Krankenhausbericht Roland Klinik.pdf
[2012.04.28 23:26:05 | 000,558,304 | ---- | C] () -- C:\Users\***\Documents\Zahnbehandlungsschein.pdf
[2012.04.28 23:26:05 | 000,111,550 | ---- | C] () -- C:\Users\***\Documents\Rechnung messerblock.pdf
[2012.04.28 23:26:05 | 000,044,281 | ---- | C] () -- C:\Users\***\Documents\Rechnung M.Bremer.pdf
[2012.04.28 23:26:05 | 000,001,622 | ---- | C] () -- C:\Users\***\Documents\Neues Passwort schlecker.eml
[2012.04.28 23:26:04 | 000,052,752 | ---- | C] () -- C:\Users\***\Documents\Goldene Hochzeit.mcf
[2012.04.28 23:26:04 | 000,010,214 | ---- | C] () -- C:\Users\***\Documents\H&M Kundennummer.eml
[2012.04.28 23:26:04 | 000,008,023 | ---- | C] () -- C:\Users\***\Documents\29051 jemako rechnung.pdf
[2012.04.28 22:53:13 | 000,000,407 | ---- | C] () -- C:\Users\***\Desktop\Decrypt.jar
[2012.04.26 18:04:25 | 000,135,673 | ---- | C] () -- C:\Users\***\Desktop\locked-Plakat - Foer de Katt - 2012.jpg.arof
[2012.04.21 17:58:03 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011.08.14 20:13:19 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Applications
[2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\Users\***\AppData\Roaming\locked-Audio.ptxt
[2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\Users\***\AppData\Roaming\locked-Audio Unit Effect.dnrd
[2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\ProgramData\Automator
[2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\ProgramData\Automatic Filter
[2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\ProgramData\Authentication
[2011.08.14 20:13:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.08.14 20:13:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.08.14 20:13:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.08.14 20:13:19 | 000,000,012 | ---- | C] () -- C:\ProgramData\CMMs
[2011.08.14 20:13:19 | 000,000,012 | ---- | C] () -- C:\ProgramData\Bundle
[2011.08.14 20:13:19 | 000,000,012 | ---- | C] () -- C:\ProgramData\Brother
[2010.12.05 14:10:29 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2010.12.05 14:10:29 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2010.12.05 13:45:28 | 000,000,787 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2010.06.18 20:08:25 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.12.16 17:13:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.04.28 23:30:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\myphotobook
[2012.04.28 23:30:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2012.04.29 11:07:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qkueqfgbdo
[2010.03.13 23:58:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2010.03.13 23:58:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2012.04.28 23:30:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.03.14 01:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.04.08 19:03:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2010.03.13 23:58:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba
[2010.03.14 00:28:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch
[2012.03.30 18:07:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 805 bytes -> C:\Users\***\Documents\Neues Passwort schlecker.eml:OECustomProperty
@Alternate Data Stream - 805 bytes -> C:\Users\***\Documents\locked-Neues Passwort schlecker.eml.vdfm:OECustomProperty
@Alternate Data Stream - 729 bytes -> C:\Users\***\Documents\locked-H&M Kundennummer.eml.cfdc:OECustomProperty
@Alternate Data Stream - 729 bytes -> C:\Users\***\Documents\H&M Kundennummer.eml:OECustomProperty

< End of report >
         
Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 29.04.2012 13:31:55 - Run 1
OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\***\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 69,39% Memory free
6,99 Gb Paging File | 5,81 Gb Available in Paging File | 83,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,15 Gb Total Space | 125,02 Gb Free Space | 67,16% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 184,99 Gb Total Space | 177,90 Gb Free Space | 96,16% Space Free | Partition Type: NTFS
 
Computer Name: KERSTIN***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11C8D604-381D-4C6F-94B8-0F0985251712}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{134EFFED-486E-41FE-9CEA-4B059838BA43}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | 
"{2FC48D04-40EF-4983-BA59-B613812EC7D0}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{33DA57ED-0B29-44B1-B9B8-EC437404F792}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3E4DD078-DAE4-44B3-B0B5-53261A2B776C}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{4BFB7EFA-E1DE-4373-B79C-70028E8330F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{70A79385-0211-4AE6-8FB7-C41DBFC356EB}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{78117419-A588-4D00-A420-9E8B42FF0AEC}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0 s-edition\app\starmoney.exe | 
"{799B75C7-71A7-45EC-B229-2A58B859F86E}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0 s-edition\app\starmoney.exe | 
"{8C059C17-32B8-4C3F-9CEA-B0A0C37D3184}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{9C917AF3-031E-4839-8E38-771B4C59A3E0}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | 
"{A66A2360-9A0C-40A1-8920-E07499CD520D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BF86CE8E-F7EC-464D-9221-4DDDA162B71D}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{F34566CE-834E-4E0F-8D2C-8E633426FD46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{47879FA7-BC8F-4D7F-8057-86D0416579FA}" = StarMoney
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{52306338-9945-41A5-A021-25739C852B58}" = StarMoney
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B5A39926-319B-4F86-8447-E764CE92F229}" = StarMoney 8.0 
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E8D82F42-EBD8-478C-917B-28F5BA6EAAAA}" = StarMoney
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F5E9D2B2-2906-4808-97AC-B17A456DFA5B}" = StarMoney 7.0 S-Edition
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"myphotobook" = myphotobook 3.6
"Picasa2" = Picasa 2
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
Vielen Dank schon mal im Voraus!
Gruß
nap

Geändert von nap (29.04.2012 um 12:58 Uhr)

Alt 29.04.2012, 15:46   #2
markusg
/// Malware-holic
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



hi,
1. kommst du an die mail rann?
wenn sie in einem mail programm ist, dieses öffnen, mail öffnen datei speichern unter, typ.
.eml
eine mail an:
http://markusg.trojaner-board.de
senden, dort die so eben gespeicherte datei anhängen.
es ist wichtig, dass ich möglichst viele dieser mails bekomme, da dieser trojaner im moment um funktionen erweitert wird, müssen hersteller von av software da schnell reagieren können.
kannst du außerdem das CureIT ergebniss posten?
__________________

__________________

Alt 29.04.2012, 16:41   #3
nap
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



Hi Markus,

die Mail müsstest du inzwischen bekommen haben und hier ist der log von CureIT. Hab ich leider als csv gespeichert, ich hoffe, es sind keine Infos verlorengegangen.

Code:
ATTFilter
bccxotywbk.pre	C:\Users\KERSTI~1\AppData\Local\Temp	Trojan.PWS.Panda.2128	Gelöscht.
wktrykfffn.pre	C:\Users\KERSTI~1\AppData\Local\Temp	Trojan.PWS.Panda.2128	Gelöscht.
098419d54c558ff26ffe.exe	c:\users\***\appdata\roaming\qkueqfgbdo	Trojan.PWS.Panda.2128	Gelöscht.
         
Gruß
nap
__________________

Geändert von nap (29.04.2012 um 16:54 Uhr)

Alt 29.04.2012, 16:46   #4
markusg
/// Malware-holic
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



danke,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.04.2012, 17:32   #5
nap
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



Hi Markus,

danke! 5 threats gefunden, siehe:

Code:
ATTFilter
18:22:29.0411 2448	TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:22:29.0943 2448	============================================================
18:22:29.0943 2448	Current date / time: 2012/04/29 18:22:29.0943
18:22:29.0943 2448	SystemInfo:
18:22:29.0943 2448	
18:22:29.0943 2448	OS Version: 6.1.7601 ServicePack: 1.0
18:22:29.0943 2448	Product type: Workstation
18:22:29.0943 2448	ComputerName: KERSTIN***-PC
18:22:29.0944 2448	UserName: Kerstin ***
18:22:29.0944 2448	Windows directory: C:\Windows
18:22:29.0944 2448	System windows directory: C:\Windows
18:22:29.0944 2448	Processor architecture: Intel x86
18:22:29.0944 2448	Number of processors: 2
18:22:29.0944 2448	Page size: 0x1000
18:22:29.0944 2448	Boot type: Normal boot
18:22:29.0944 2448	============================================================
18:22:32.0920 2448	Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:22:32.0924 2448	Drive \Device\Harddisk1\DR1 - Size: 0x3F140000 (0.99 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:22:32.0925 2448	============================================================
18:22:32.0925 2448	\Device\Harddisk0\DR0:
18:22:32.0925 2448	MBR partitions:
18:22:32.0925 2448	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1744D000
18:22:32.0925 2448	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1773B800, BlocksNum 0x171FD0B0
18:22:32.0925 2448	\Device\Harddisk1\DR1:
18:22:32.0927 2448	MBR partitions:
18:22:32.0927 2448	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1F8999
18:22:32.0927 2448	============================================================
18:22:32.0952 2448	C: <-> \Device\Harddisk0\DR0\Partition0
18:22:33.0036 2448	E: <-> \Device\Harddisk0\DR0\Partition1
18:22:33.0037 2448	============================================================
18:22:33.0038 2448	Initialize success
18:22:33.0038 2448	============================================================
18:24:32.0473 2220	============================================================
18:24:32.0473 2220	Scan started
18:24:32.0473 2220	Mode: Manual; SigCheck; TDLFS; 
18:24:32.0473 2220	============================================================
18:24:34.0407 2220	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:24:34.0563 2220	1394ohci - ok
18:24:34.0782 2220	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:24:35.0421 2220	ACDaemon - ok
18:24:35.0530 2220	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:24:35.0577 2220	ACPI - ok
18:24:35.0640 2220	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:24:35.0827 2220	AcpiPmi - ok
18:24:35.0967 2220	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:24:36.0045 2220	AdobeFlashPlayerUpdateSvc - ok
18:24:36.0170 2220	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:24:36.0279 2220	adp94xx - ok
18:24:36.0326 2220	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:24:36.0357 2220	adpahci - ok
18:24:36.0420 2220	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:24:36.0482 2220	adpu320 - ok
18:24:36.0513 2220	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:24:36.0654 2220	AeLookupSvc - ok
18:24:36.0778 2220	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:24:37.0090 2220	AFD - ok
18:24:37.0137 2220	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:24:37.0153 2220	agp440 - ok
18:24:37.0200 2220	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:24:37.0215 2220	aic78xx - ok
18:24:37.0278 2220	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:24:37.0402 2220	ALG - ok
18:24:37.0449 2220	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:24:37.0496 2220	aliide - ok
18:24:37.0558 2220	AMD External Events Utility (0bc6704f6fb4c63cdcb85401e8263a1b) C:\Windows\system32\atiesrxx.exe
18:24:37.0668 2220	AMD External Events Utility - ok
18:24:37.0699 2220	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:24:37.0730 2220	amdagp - ok
18:24:37.0777 2220	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:24:37.0808 2220	amdide - ok
18:24:37.0855 2220	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:24:37.0964 2220	AmdK8 - ok
18:24:38.0011 2220	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:24:38.0073 2220	AmdPPM - ok
18:24:38.0136 2220	amdsata         (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
18:24:38.0198 2220	amdsata - ok
18:24:38.0245 2220	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:24:38.0307 2220	amdsbs - ok
18:24:38.0323 2220	amdxata         (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
18:24:38.0338 2220	amdxata - ok
18:24:38.0479 2220	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:24:38.0526 2220	AntiVirSchedulerService - ok
18:24:38.0572 2220	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:24:38.0604 2220	AntiVirService - ok
18:24:38.0666 2220	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:24:38.0838 2220	AppID - ok
18:24:38.0884 2220	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:24:39.0025 2220	AppIDSvc - ok
18:24:39.0072 2220	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:24:39.0134 2220	Appinfo - ok
18:24:39.0243 2220	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:24:39.0290 2220	Apple Mobile Device - ok
18:24:39.0337 2220	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:24:39.0384 2220	arc - ok
18:24:39.0399 2220	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:24:39.0430 2220	arcsas - ok
18:24:39.0540 2220	aspnet_state    (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:24:39.0602 2220	aspnet_state - ok
18:24:39.0633 2220	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:24:39.0820 2220	AsyncMac - ok
18:24:39.0852 2220	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:24:39.0883 2220	atapi - ok
18:24:40.0054 2220	athr            (ac4adac154563ab41cc79b0257bc685a) C:\Windows\system32\DRIVERS\athr.sys
18:24:40.0148 2220	athr - ok
18:24:40.0382 2220	atikmdag        (c97be8350fbcb1960b22fad2e6c2b514) C:\Windows\system32\DRIVERS\atikmdag.sys
18:24:40.0569 2220	atikmdag - ok
18:24:40.0756 2220	AtiPcie         (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:24:40.0819 2220	AtiPcie - ok
18:24:40.0912 2220	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:24:41.0006 2220	AudioEndpointBuilder - ok
18:24:41.0022 2220	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:24:41.0068 2220	Audiosrv - ok
18:24:41.0131 2220	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
18:24:41.0178 2220	avgntflt - ok
18:24:41.0256 2220	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
18:24:41.0302 2220	avipbb - ok
18:24:41.0349 2220	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:24:41.0396 2220	avkmgr - ok
18:24:41.0458 2220	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:24:41.0599 2220	AxInstSV - ok
18:24:41.0692 2220	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:24:41.0786 2220	b06bdrv - ok
18:24:41.0848 2220	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:24:41.0911 2220	b57nd60x - ok
18:24:41.0958 2220	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:24:42.0067 2220	BDESVC - ok
18:24:42.0098 2220	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:24:42.0145 2220	Beep - ok
18:24:42.0238 2220	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
18:24:42.0316 2220	BFE - ok
18:24:42.0363 2220	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:24:42.0457 2220	BITS - ok
18:24:42.0504 2220	bizVSerial      (66f655b08eed3230e059d197c8a1969b) C:\Windows\system32\drivers\bizVSerialNT.sys
18:24:42.0550 2220	bizVSerial ( UnsignedFile.Multi.Generic ) - warning
18:24:42.0550 2220	bizVSerial - detected UnsignedFile.Multi.Generic (1)
18:24:42.0582 2220	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:24:42.0675 2220	blbdrive - ok
18:24:42.0894 2220	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:24:42.0940 2220	Bonjour Service - ok
18:24:42.0987 2220	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:24:43.0081 2220	bowser - ok
18:24:43.0112 2220	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:24:43.0237 2220	BrFiltLo - ok
18:24:43.0252 2220	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:24:43.0330 2220	BrFiltUp - ok
18:24:43.0424 2220	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:24:43.0518 2220	Browser - ok
18:24:43.0580 2220	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:24:43.0705 2220	Brserid - ok
18:24:43.0705 2220	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:24:43.0767 2220	BrSerWdm - ok
18:24:43.0783 2220	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:24:43.0814 2220	BrUsbMdm - ok
18:24:43.0845 2220	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:24:43.0892 2220	BrUsbSer - ok
18:24:43.0908 2220	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:24:43.0939 2220	BTHMODEM - ok
18:24:44.0001 2220	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:24:44.0157 2220	bthserv - ok
18:24:44.0204 2220	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:24:44.0313 2220	cdfs - ok
18:24:44.0376 2220	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:24:44.0469 2220	cdrom - ok
18:24:44.0532 2220	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:24:44.0625 2220	CertPropSvc - ok
18:24:44.0750 2220	cfWiMAXService  (1f8a319d29394f9ce1b7ae020df2ebbf) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
18:24:44.0781 2220	cfWiMAXService - ok
18:24:44.0828 2220	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:24:44.0859 2220	circlass - ok
18:24:44.0984 2220	cjpcsc          (7f6768f8ba1d3a17a67a0758d999325a) C:\Windows\system32\cjpcsc.exe
18:24:45.0015 2220	cjpcsc - ok
18:24:45.0062 2220	cjusb           (46241991510a23dc759291918178fff9) C:\Windows\system32\DRIVERS\cjusb.sys
18:24:45.0093 2220	cjusb - ok
18:24:45.0140 2220	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:24:45.0187 2220	CLFS - ok
18:24:45.0280 2220	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:24:45.0358 2220	clr_optimization_v2.0.50727_32 - ok
18:24:45.0390 2220	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:24:45.0421 2220	CmBatt - ok
18:24:45.0452 2220	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:24:45.0483 2220	cmdide - ok
18:24:45.0514 2220	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:24:45.0592 2220	CNG - ok
18:24:45.0639 2220	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:24:45.0670 2220	Compbatt - ok
18:24:45.0702 2220	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:24:45.0748 2220	CompositeBus - ok
18:24:45.0764 2220	COMSysApp - ok
18:24:45.0873 2220	ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:24:45.0920 2220	ConfigFree Service - ok
18:24:45.0967 2220	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:24:45.0982 2220	crcdisk - ok
18:24:46.0060 2220	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:24:46.0138 2220	CryptSvc - ok
18:24:46.0185 2220	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:24:46.0310 2220	DcomLaunch - ok
18:24:46.0357 2220	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:24:46.0435 2220	defragsvc - ok
18:24:46.0482 2220	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:24:46.0575 2220	DfsC - ok
18:24:46.0638 2220	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:24:46.0747 2220	Dhcp - ok
18:24:46.0762 2220	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:24:46.0856 2220	discache - ok
18:24:46.0934 2220	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:24:46.0996 2220	Disk - ok
18:24:47.0028 2220	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:24:47.0121 2220	Dnscache - ok
18:24:47.0168 2220	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:24:47.0246 2220	dot3svc - ok
18:24:47.0308 2220	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:24:47.0386 2220	DPS - ok
18:24:47.0433 2220	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:24:47.0480 2220	drmkaud - ok
18:24:47.0542 2220	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:24:47.0605 2220	DXGKrnl - ok
18:24:47.0652 2220	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:24:47.0714 2220	EapHost - ok
18:24:47.0886 2220	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:24:48.0010 2220	ebdrv - ok
18:24:48.0151 2220	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:24:48.0244 2220	EFS - ok
18:24:48.0354 2220	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
18:24:48.0447 2220	ehRecvr - ok
18:24:48.0478 2220	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:24:48.0588 2220	ehSched - ok
18:24:48.0712 2220	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:24:48.0790 2220	elxstor - ok
18:24:48.0822 2220	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:24:48.0900 2220	ErrDev - ok
18:24:49.0009 2220	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:24:49.0134 2220	EventSystem - ok
18:24:49.0180 2220	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:24:49.0305 2220	exfat - ok
18:24:49.0336 2220	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:24:49.0430 2220	fastfat - ok
18:24:49.0539 2220	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:24:49.0633 2220	Fax - ok
18:24:49.0680 2220	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:24:49.0758 2220	fdc - ok
18:24:49.0789 2220	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:24:49.0882 2220	fdPHost - ok
18:24:49.0945 2220	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:24:50.0038 2220	FDResPub - ok
18:24:50.0070 2220	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:24:50.0101 2220	FileInfo - ok
18:24:50.0132 2220	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:24:50.0179 2220	Filetrace - ok
18:24:50.0194 2220	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:24:50.0272 2220	flpydisk - ok
18:24:50.0319 2220	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:24:50.0350 2220	FltMgr - ok
18:24:50.0444 2220	FontCache       (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
18:24:50.0506 2220	FontCache - ok
18:24:50.0616 2220	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:24:50.0662 2220	FontCache3.0.0.0 - ok
18:24:50.0709 2220	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:24:50.0740 2220	FsDepends - ok
18:24:50.0787 2220	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
18:24:50.0834 2220	Fs_Rec - ok
18:24:50.0881 2220	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:24:50.0943 2220	fvevol - ok
18:24:50.0974 2220	FwLnk           (0f76e205bdc60364f08a5949082771ca) C:\Windows\system32\DRIVERS\FwLnk.sys
18:24:51.0052 2220	FwLnk - ok
18:24:51.0099 2220	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:24:51.0146 2220	gagp30kx - ok
18:24:51.0177 2220	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:24:51.0193 2220	GEARAspiWDM - ok
18:24:51.0286 2220	GoogleDesktopManager-110309-193829 (f0187e45268e86aaaa932cbd9087bea8) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
18:24:51.0333 2220	GoogleDesktopManager-110309-193829 - ok
18:24:51.0427 2220	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:24:51.0505 2220	gpsvc - ok
18:24:51.0567 2220	gusvc           (649f407a844dde2b97bc086af97d663b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:24:51.0598 2220	gusvc - ok
18:24:51.0630 2220	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:24:51.0708 2220	hcw85cir - ok
18:24:51.0786 2220	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:24:51.0895 2220	HdAudAddService - ok
18:24:51.0957 2220	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:24:52.0020 2220	HDAudBus - ok
18:24:52.0051 2220	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:24:52.0082 2220	HidBatt - ok
18:24:52.0098 2220	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:24:52.0160 2220	HidBth - ok
18:24:52.0191 2220	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:24:52.0238 2220	HidIr - ok
18:24:52.0269 2220	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:24:52.0363 2220	hidserv - ok
18:24:52.0425 2220	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:24:52.0456 2220	HidUsb - ok
18:24:52.0503 2220	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:24:52.0581 2220	hkmsvc - ok
18:24:52.0612 2220	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:24:52.0706 2220	HomeGroupListener - ok
18:24:52.0753 2220	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:24:52.0815 2220	HomeGroupProvider - ok
18:24:52.0862 2220	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:24:52.0878 2220	HpSAMD - ok
18:24:53.0002 2220	HSF_DPV         (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:24:53.0112 2220	HSF_DPV - ok
18:24:53.0158 2220	HSXHWAZL        (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:24:53.0205 2220	HSXHWAZL - ok
18:24:53.0299 2220	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:24:53.0377 2220	HTTP - ok
18:24:53.0392 2220	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:24:53.0408 2220	hwpolicy - ok
18:24:53.0470 2220	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:24:53.0517 2220	i8042prt - ok
18:24:53.0580 2220	iaStorV         (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
18:24:53.0626 2220	iaStorV - ok
18:24:53.0751 2220	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:24:53.0814 2220	IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:24:53.0814 2220	IDriverT - detected UnsignedFile.Multi.Generic (1)
18:24:53.0954 2220	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:24:54.0048 2220	idsvc - ok
18:24:54.0219 2220	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:24:54.0266 2220	iirsp - ok
18:24:54.0328 2220	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:24:54.0438 2220	IKEEXT - ok
18:24:54.0500 2220	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:24:54.0531 2220	intelide - ok
18:24:54.0562 2220	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:24:54.0640 2220	intelppm - ok
18:24:54.0687 2220	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:24:54.0796 2220	IPBusEnum - ok
18:24:54.0828 2220	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:24:54.0890 2220	IpFilterDriver - ok
18:24:54.0999 2220	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
18:24:55.0077 2220	iphlpsvc - ok
18:24:55.0140 2220	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:24:55.0202 2220	IPMIDRV - ok
18:24:55.0249 2220	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:24:55.0311 2220	IPNAT - ok
18:24:55.0639 2220	iPod Service    (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
18:24:55.0686 2220	iPod Service - ok
18:24:55.0748 2220	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:24:55.0779 2220	IRENUM - ok
18:24:55.0826 2220	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:24:55.0888 2220	isapnp - ok
18:24:55.0935 2220	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:24:55.0982 2220	iScsiPrt - ok
18:24:56.0216 2220	jswpsapi        (957135960e7533ea5c7ea0bfb34f8efd) C:\Program Files\Jumpstart\jswpsapi.exe
18:24:56.0403 2220	jswpsapi ( UnsignedFile.Multi.Generic ) - warning
18:24:56.0403 2220	jswpsapi - detected UnsignedFile.Multi.Generic (1)
18:24:56.0434 2220	jswpslwf        (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
18:24:56.0544 2220	jswpslwf - ok
18:24:56.0622 2220	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:24:56.0715 2220	kbdclass - ok
18:24:56.0778 2220	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:24:56.0824 2220	kbdhid - ok
18:24:56.0887 2220	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:24:56.0918 2220	KeyIso - ok
18:24:56.0980 2220	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:24:57.0012 2220	KSecDD - ok
18:24:57.0012 2220	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:24:57.0043 2220	KSecPkg - ok
18:24:57.0152 2220	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:24:57.0230 2220	KtmRm - ok
18:24:57.0308 2220	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
18:24:57.0355 2220	LanmanServer - ok
18:24:57.0417 2220	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:24:57.0480 2220	LanmanWorkstation - ok
18:24:57.0542 2220	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:24:57.0651 2220	lltdio - ok
18:24:57.0714 2220	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:24:57.0776 2220	lltdsvc - ok
18:24:57.0807 2220	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:24:57.0854 2220	lmhosts - ok
18:24:57.0932 2220	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:24:57.0994 2220	LSI_FC - ok
18:24:58.0041 2220	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:24:58.0072 2220	LSI_SAS - ok
18:24:58.0104 2220	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:24:58.0135 2220	LSI_SAS2 - ok
18:24:58.0150 2220	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:24:58.0166 2220	LSI_SCSI - ok
18:24:58.0197 2220	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:24:58.0228 2220	luafv - ok
18:24:58.0306 2220	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
18:24:58.0338 2220	MBAMProtector - ok
18:24:58.0494 2220	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:24:58.0525 2220	MBAMService - ok
18:24:58.0556 2220	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
18:24:58.0603 2220	Mcx2Svc - ok
18:24:58.0665 2220	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:24:58.0681 2220	mdmxsdk - ok
18:24:58.0743 2220	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:24:58.0759 2220	megasas - ok
18:24:58.0790 2220	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:24:58.0821 2220	MegaSR - ok
18:24:58.0915 2220	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:24:59.0071 2220	MMCSS - ok
18:24:59.0106 2220	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:24:59.0168 2220	Modem - ok
18:24:59.0215 2220	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:24:59.0293 2220	monitor - ok
18:24:59.0356 2220	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:24:59.0418 2220	mouclass - ok
18:24:59.0465 2220	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:24:59.0512 2220	mouhid - ok
18:24:59.0558 2220	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:24:59.0574 2220	mountmgr - ok
18:24:59.0621 2220	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:24:59.0652 2220	mpio - ok
18:24:59.0683 2220	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:24:59.0808 2220	mpsdrv - ok
18:24:59.0886 2220	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
18:24:59.0964 2220	MpsSvc - ok
18:25:00.0011 2220	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:25:00.0073 2220	MRxDAV - ok
18:25:00.0136 2220	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:25:00.0292 2220	mrxsmb - ok
18:25:00.0338 2220	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:25:00.0401 2220	mrxsmb10 - ok
18:25:00.0432 2220	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:25:00.0479 2220	mrxsmb20 - ok
18:25:00.0510 2220	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:25:00.0541 2220	msahci - ok
18:25:00.0588 2220	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:25:00.0635 2220	msdsm - ok
18:25:00.0666 2220	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:25:00.0728 2220	MSDTC - ok
18:25:00.0775 2220	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:25:00.0853 2220	Msfs - ok
18:25:00.0869 2220	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:25:00.0962 2220	mshidkmdf - ok
18:25:01.0025 2220	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:25:01.0072 2220	msisadrv - ok
18:25:01.0165 2220	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:25:01.0212 2220	MSiSCSI - ok
18:25:01.0228 2220	msiserver - ok
18:25:01.0290 2220	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:25:01.0415 2220	MSKSSRV - ok
18:25:01.0430 2220	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:25:01.0555 2220	MSPCLOCK - ok
18:25:01.0602 2220	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:25:01.0711 2220	MSPQM - ok
18:25:01.0742 2220	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:25:01.0789 2220	MsRPC - ok
18:25:01.0883 2220	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:25:01.0930 2220	mssmbios - ok
18:25:01.0976 2220	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:25:02.0023 2220	MSTEE - ok
18:25:02.0023 2220	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:25:02.0070 2220	MTConfig - ok
18:25:02.0086 2220	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:25:02.0117 2220	Mup - ok
18:25:02.0242 2220	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:25:02.0304 2220	napagent - ok
18:25:02.0366 2220	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:25:02.0398 2220	NativeWifiP - ok
18:25:02.0538 2220	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:25:02.0600 2220	NDIS - ok
18:25:02.0710 2220	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:25:02.0772 2220	NdisCap - ok
18:25:02.0803 2220	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:25:02.0866 2220	NdisTapi - ok
18:25:02.0944 2220	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:25:03.0006 2220	Ndisuio - ok
18:25:03.0068 2220	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:25:03.0209 2220	NdisWan - ok
18:25:03.0271 2220	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:25:03.0380 2220	NDProxy - ok
18:25:03.0443 2220	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:25:03.0552 2220	NetBIOS - ok
18:25:03.0599 2220	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:25:03.0692 2220	NetBT - ok
18:25:03.0724 2220	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:25:03.0739 2220	Netlogon - ok
18:25:03.0802 2220	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:25:03.0864 2220	Netman - ok
18:25:03.0942 2220	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:25:04.0004 2220	netprofm - ok
18:25:04.0145 2220	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:25:04.0192 2220	NetTcpPortSharing - ok
18:25:04.0254 2220	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:25:04.0301 2220	nfrd960 - ok
18:25:04.0348 2220	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:25:04.0410 2220	NlaSvc - ok
18:25:04.0426 2220	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:25:04.0488 2220	Npfs - ok
18:25:04.0566 2220	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:25:04.0597 2220	nsi - ok
18:25:04.0644 2220	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:25:04.0800 2220	nsiproxy - ok
18:25:04.0940 2220	Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
18:25:05.0065 2220	Ntfs - ok
18:25:05.0112 2220	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:25:05.0159 2220	Null - ok
18:25:05.0221 2220	nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
18:25:05.0252 2220	nvraid - ok
18:25:05.0299 2220	nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
18:25:05.0346 2220	nvstor - ok
18:25:05.0377 2220	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:25:05.0440 2220	nv_agp - ok
18:25:05.0689 2220	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:25:05.0720 2220	odserv - ok
18:25:05.0767 2220	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:25:05.0845 2220	ohci1394 - ok
18:25:05.0939 2220	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:25:06.0017 2220	ose - ok
18:25:06.0095 2220	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:25:06.0173 2220	p2pimsvc - ok
18:25:06.0251 2220	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:25:06.0282 2220	p2psvc - ok
18:25:06.0422 2220	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:25:06.0485 2220	Parport - ok
18:25:06.0532 2220	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:25:06.0578 2220	partmgr - ok
18:25:06.0610 2220	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:25:06.0656 2220	Parvdm - ok
18:25:06.0688 2220	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:25:06.0719 2220	PcaSvc - ok
18:25:06.0781 2220	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:25:06.0828 2220	pci - ok
18:25:06.0844 2220	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:25:06.0890 2220	pciide - ok
18:25:06.0984 2220	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:25:07.0015 2220	pcmcia - ok
18:25:07.0062 2220	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:25:07.0093 2220	pcw - ok
18:25:07.0140 2220	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:25:07.0234 2220	PEAUTH - ok
18:25:07.0483 2220	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:25:07.0686 2220	pla - ok
18:25:07.0967 2220	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:25:08.0029 2220	PlugPlay - ok
18:25:08.0076 2220	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:25:08.0154 2220	PNRPAutoReg - ok
18:25:08.0201 2220	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:25:08.0248 2220	PNRPsvc - ok
18:25:08.0294 2220	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:25:08.0372 2220	PolicyAgent - ok
18:25:08.0450 2220	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:25:08.0497 2220	Power - ok
18:25:08.0591 2220	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:25:08.0684 2220	PptpMiniport - ok
18:25:08.0716 2220	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:25:08.0825 2220	Processor - ok
18:25:08.0918 2220	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
18:25:08.0965 2220	ProfSvc - ok
18:25:09.0043 2220	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:25:09.0074 2220	ProtectedStorage - ok
18:25:09.0137 2220	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:25:09.0230 2220	Psched - ok
18:25:09.0293 2220	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
18:25:09.0324 2220	PxHelp20 - ok
18:25:09.0496 2220	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:25:09.0589 2220	ql2300 - ok
18:25:09.0854 2220	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:25:09.0886 2220	ql40xx - ok
18:25:09.0932 2220	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:25:10.0010 2220	QWAVE - ok
18:25:10.0042 2220	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:25:10.0073 2220	QWAVEdrv - ok
18:25:10.0088 2220	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:25:10.0135 2220	RasAcd - ok
18:25:10.0229 2220	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:25:10.0291 2220	RasAgileVpn - ok
18:25:10.0338 2220	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:25:10.0385 2220	RasAuto - ok
18:25:10.0416 2220	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:25:10.0494 2220	Rasl2tp - ok
18:25:10.0572 2220	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:25:10.0666 2220	RasMan - ok
18:25:10.0697 2220	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:25:10.0759 2220	RasPppoe - ok
18:25:10.0853 2220	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:25:10.0931 2220	RasSstp - ok
18:25:10.0993 2220	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:25:11.0071 2220	rdbss - ok
18:25:11.0102 2220	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:25:11.0165 2220	rdpbus - ok
18:25:11.0212 2220	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:25:11.0352 2220	RDPCDD - ok
18:25:11.0399 2220	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:25:11.0477 2220	RDPENCDD - ok
18:25:11.0508 2220	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:25:11.0555 2220	RDPREFMP - ok
18:25:11.0695 2220	RDPWD           (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
18:25:11.0773 2220	RDPWD - ok
18:25:11.0882 2220	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:25:11.0929 2220	rdyboost - ok
18:25:12.0007 2220	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:25:12.0054 2220	RemoteAccess - ok
18:25:12.0101 2220	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:25:12.0179 2220	RemoteRegistry - ok
18:25:12.0226 2220	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:25:12.0272 2220	RpcEptMapper - ok
18:25:12.0319 2220	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:25:12.0366 2220	RpcLocator - ok
18:25:12.0428 2220	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:25:12.0475 2220	RpcSs - ok
18:25:12.0506 2220	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:25:12.0600 2220	rspndr - ok
18:25:12.0616 2220	RSUSBSTOR - ok
18:25:12.0740 2220	RTHDMIAzAudService (c853ae16ccf5033c0cba0855390f5c7f) C:\Windows\system32\drivers\RtHDMIV.sys
18:25:12.0834 2220	RTHDMIAzAudService - ok
18:25:12.0912 2220	RTL8169         (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:25:13.0037 2220	RTL8169 - ok
18:25:13.0037 2220	RtsUIR - ok
18:25:13.0130 2220	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:25:13.0162 2220	SamSs - ok
18:25:13.0224 2220	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:25:13.0255 2220	sbp2port - ok
18:25:13.0302 2220	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:25:13.0411 2220	SCardSvr - ok
18:25:13.0427 2220	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:25:13.0489 2220	scfilter - ok
18:25:13.0567 2220	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:25:13.0645 2220	Schedule - ok
18:25:13.0708 2220	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:25:13.0723 2220	SCPolicySvc - ok
18:25:13.0786 2220	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:25:13.0879 2220	SDRSVC - ok
18:25:13.0926 2220	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:25:14.0035 2220	secdrv - ok
18:25:14.0098 2220	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:25:14.0160 2220	seclogon - ok
18:25:14.0191 2220	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:25:14.0238 2220	SENS - ok
18:25:14.0332 2220	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:25:14.0488 2220	SensrSvc - ok
18:25:14.0503 2220	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:25:14.0550 2220	Serenum - ok
18:25:14.0597 2220	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:25:14.0675 2220	Serial - ok
18:25:14.0737 2220	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:25:14.0831 2220	sermouse - ok
18:25:14.0909 2220	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:25:15.0049 2220	SessionEnv - ok
18:25:15.0080 2220	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:25:15.0158 2220	sffdisk - ok
18:25:15.0190 2220	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:25:15.0268 2220	sffp_mmc - ok
18:25:15.0314 2220	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:25:15.0361 2220	sffp_sd - ok
18:25:15.0392 2220	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:25:15.0424 2220	sfloppy - ok
18:25:15.0548 2220	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:25:15.0611 2220	SharedAccess - ok
18:25:15.0673 2220	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:25:15.0751 2220	ShellHWDetection - ok
18:25:15.0782 2220	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:25:15.0829 2220	sisagp - ok
18:25:15.0876 2220	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:25:15.0892 2220	SiSRaid2 - ok
18:25:15.0923 2220	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:25:15.0954 2220	SiSRaid4 - ok
18:25:16.0141 2220	SmartFaceVWatchSrv (8eb3988c74fd9d0e0934977e36b5f9e6) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
18:25:16.0172 2220	SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
18:25:16.0172 2220	SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
18:25:16.0219 2220	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:25:16.0266 2220	Smb - ok
18:25:16.0313 2220	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:25:16.0344 2220	SNMPTRAP - ok
18:25:16.0375 2220	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:25:16.0406 2220	spldr - ok
18:25:16.0484 2220	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:25:16.0547 2220	Spooler - ok
18:25:16.0828 2220	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:25:17.0030 2220	sppsvc - ok
18:25:17.0233 2220	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:25:17.0296 2220	sppuinotify - ok
18:25:17.0420 2220	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:25:17.0545 2220	srv - ok
18:25:17.0717 2220	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:25:17.0810 2220	srv2 - ok
18:25:17.0857 2220	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:25:17.0873 2220	srvnet - ok
18:25:17.0920 2220	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:25:17.0998 2220	SSDPSRV - ok
18:25:18.0091 2220	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:25:18.0107 2220	ssmdrv - ok
18:25:18.0138 2220	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:25:18.0185 2220	SstpSvc - ok
18:25:18.0403 2220	StarMoney 7.0 OnlineUpdate (e8606bf6be3b7481d95f1dd2e4f3fcba) C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
18:25:18.0434 2220	StarMoney 7.0 OnlineUpdate - ok
18:25:18.0793 2220	StarMoney 8.0 OnlineUpdate (7e784dc5c7ce2c6f3c392ad320f5f2c0) C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
18:25:18.0824 2220	StarMoney 8.0 OnlineUpdate - ok
18:25:18.0887 2220	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:25:18.0918 2220	stexstor - ok
18:25:18.0980 2220	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:25:19.0027 2220	StiSvc - ok
18:25:19.0058 2220	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:25:19.0090 2220	swenum - ok
18:25:19.0199 2220	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:25:19.0261 2220	swprv - ok
18:25:19.0370 2220	SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
18:25:19.0448 2220	SynTP - ok
18:25:19.0604 2220	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:25:19.0682 2220	SysMain - ok
18:25:19.0760 2220	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:25:19.0807 2220	TabletInputService - ok
18:25:19.0870 2220	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:25:19.0979 2220	TapiSrv - ok
18:25:20.0088 2220	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:25:20.0135 2220	TBS - ok
18:25:20.0322 2220	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:25:20.0494 2220	Tcpip - ok
18:25:20.0525 2220	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:25:20.0556 2220	TCPIP6 - ok
18:25:20.0618 2220	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:25:20.0728 2220	tcpipreg - ok
18:25:20.0774 2220	tdcmdpst        (4084ea00d50c858d6f9038f86ae2e2d0) C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:25:20.0790 2220	tdcmdpst - ok
18:25:20.0899 2220	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:25:20.0977 2220	TDPIPE - ok
18:25:21.0149 2220	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:25:21.0227 2220	TDTCP - ok
18:25:21.0258 2220	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:25:21.0305 2220	tdx - ok
18:25:21.0352 2220	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:25:21.0414 2220	TermDD - ok
18:25:21.0508 2220	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:25:21.0586 2220	TermService - ok
18:25:21.0664 2220	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:25:21.0742 2220	Themes - ok
18:25:21.0804 2220	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:25:21.0866 2220	THREADORDER - ok
18:25:21.0913 2220	TODDSrv         (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
18:25:21.0929 2220	TODDSrv - ok
18:25:22.0038 2220	TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
18:25:22.0069 2220	TomTomHOMEService - ok
18:25:22.0366 2220	TosCoSrv        (66c35016e01746715f8f606a9f081bf9) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
18:25:22.0381 2220	TosCoSrv - ok
18:25:22.0631 2220	tos_sps32       (969377943fe7284609babbab4e06b93c) C:\Windows\system32\DRIVERS\tos_sps32.sys
18:25:22.0678 2220	tos_sps32 - ok
18:25:22.0740 2220	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:25:22.0834 2220	TrkWks - ok
18:25:23.0036 2220	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:25:23.0208 2220	TrustedInstaller - ok
18:25:23.0270 2220	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:25:23.0317 2220	tssecsrv - ok
18:25:23.0458 2220	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:25:23.0598 2220	TsUsbFlt - ok
18:25:23.0676 2220	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:25:23.0754 2220	tunnel - ok
18:25:23.0801 2220	TVALZ           (fc24015b4052600c324c43e3a79c0664) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:25:23.0816 2220	TVALZ - ok
18:25:23.0848 2220	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:25:23.0879 2220	uagp35 - ok
18:25:23.0941 2220	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:25:24.0019 2220	udfs - ok
18:25:24.0128 2220	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:25:24.0222 2220	UI0Detect - ok
18:25:24.0487 2220	UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:25:24.0550 2220	UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
18:25:24.0550 2220	UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
18:25:24.0628 2220	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:25:24.0659 2220	uliagpkx - ok
18:25:24.0706 2220	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:25:24.0752 2220	umbus - ok
18:25:24.0768 2220	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:25:24.0784 2220	UmPass - ok
18:25:24.0862 2220	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:25:24.0986 2220	upnphost - ok
18:25:25.0049 2220	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:25:25.0127 2220	USBAAPL - ok
18:25:25.0174 2220	usbccgp         (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
18:25:25.0252 2220	usbccgp - ok
18:25:25.0267 2220	USBCCID - ok
18:25:25.0314 2220	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:25:25.0392 2220	usbcir - ok
18:25:25.0423 2220	usbehci         (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
18:25:25.0470 2220	usbehci - ok
18:25:25.0518 2220	usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
18:25:25.0565 2220	usbhub - ok
18:25:25.0596 2220	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
18:25:25.0643 2220	usbohci - ok
18:25:25.0689 2220	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:25:25.0721 2220	usbprint - ok
18:25:25.0752 2220	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:25:25.0783 2220	usbscan - ok
18:25:25.0845 2220	USBSTOR         (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:25:25.0908 2220	USBSTOR - ok
18:25:25.0939 2220	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
18:25:26.0095 2220	usbuhci - ok
18:25:26.0157 2220	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
18:25:26.0235 2220	usbvideo - ok
18:25:26.0282 2220	UVCFTR          (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
18:25:26.0329 2220	UVCFTR - ok
18:25:26.0391 2220	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:25:26.0423 2220	UxSms - ok
18:25:26.0454 2220	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:25:26.0469 2220	VaultSvc - ok
18:25:26.0563 2220	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:25:26.0625 2220	vdrvroot - ok
18:25:26.0719 2220	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:25:26.0828 2220	vds - ok
18:25:26.0906 2220	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:25:26.0984 2220	vga - ok
18:25:27.0031 2220	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:25:27.0125 2220	VgaSave - ok
18:25:27.0187 2220	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:25:27.0218 2220	vhdmp - ok
18:25:27.0249 2220	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:25:27.0281 2220	viaagp - ok
18:25:27.0312 2220	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:25:27.0374 2220	ViaC7 - ok
18:25:27.0421 2220	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:25:27.0452 2220	viaide - ok
18:25:27.0483 2220	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:25:27.0499 2220	volmgr - ok
18:25:27.0577 2220	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:25:27.0624 2220	volmgrx - ok
18:25:27.0671 2220	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:25:27.0733 2220	volsnap - ok
18:25:27.0795 2220	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:25:27.0858 2220	vsmraid - ok
18:25:27.0967 2220	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:25:28.0061 2220	VSS - ok
18:25:28.0107 2220	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:25:28.0154 2220	vwifibus - ok
18:25:28.0185 2220	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:25:28.0248 2220	vwififlt - ok
18:25:28.0357 2220	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:25:28.0419 2220	W32Time - ok
18:25:28.0466 2220	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:25:28.0513 2220	WacomPen - ok
18:25:28.0575 2220	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:25:28.0653 2220	WANARP - ok
18:25:28.0669 2220	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:25:28.0685 2220	Wanarpv6 - ok
18:25:28.0778 2220	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:25:28.0903 2220	wbengine - ok
18:25:28.0997 2220	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:25:29.0059 2220	WbioSrvc - ok
18:25:29.0106 2220	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:25:29.0168 2220	wcncsvc - ok
18:25:29.0199 2220	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:25:29.0277 2220	WcsPlugInService - ok
18:25:29.0355 2220	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:25:29.0387 2220	Wd - ok
18:25:29.0496 2220	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:25:29.0527 2220	Wdf01000 - ok
18:25:29.0574 2220	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:25:29.0730 2220	WdiServiceHost - ok
18:25:29.0745 2220	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:25:29.0761 2220	WdiSystemHost - ok
18:25:29.0839 2220	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:25:29.0933 2220	WebClient - ok
18:25:30.0011 2220	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:25:30.0057 2220	Wecsvc - ok
18:25:30.0073 2220	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:25:30.0151 2220	wercplsupport - ok
18:25:30.0213 2220	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:25:30.0276 2220	WerSvc - ok
18:25:30.0369 2220	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:25:30.0416 2220	WfpLwf - ok
18:25:30.0432 2220	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:25:30.0463 2220	WIMMount - ok
18:25:30.0572 2220	winachsf        (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:25:30.0681 2220	winachsf - ok
18:25:30.0822 2220	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:25:31.0196 2220	WinDefend - ok
18:25:31.0227 2220	WinHttpAutoProxySvc - ok
18:25:31.0524 2220	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:25:31.0602 2220	Winmgmt - ok
18:25:32.0085 2220	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:25:32.0148 2220	WinRM - ok
18:25:32.0241 2220	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:25:32.0335 2220	WinUsb - ok
18:25:32.0491 2220	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:25:32.0647 2220	Wlansvc - ok
18:25:32.0694 2220	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:25:32.0756 2220	WmiAcpi - ok
18:25:32.0912 2220	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:25:32.0975 2220	wmiApSrv - ok
18:25:33.0162 2220	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:25:33.0209 2220	WMPNetworkSvc - ok
18:25:33.0240 2220	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:25:33.0318 2220	WPCSvc - ok
18:25:33.0365 2220	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:25:33.0411 2220	WPDBusEnum - ok
18:25:33.0536 2220	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:25:33.0614 2220	ws2ifsl - ok
18:25:33.0723 2220	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
18:25:33.0755 2220	wscsvc - ok
18:25:33.0770 2220	WSearch - ok
18:25:33.0926 2220	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
18:25:34.0035 2220	wuauserv - ok
18:25:34.0550 2220	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:25:34.0659 2220	WudfPf - ok
18:25:34.0769 2220	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:25:34.0847 2220	WUDFRd - ok
18:25:34.0956 2220	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:25:35.0003 2220	wudfsvc - ok
18:25:35.0127 2220	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:25:35.0205 2220	WwanSvc - ok
18:25:35.0237 2220	XAudio          (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
18:25:35.0299 2220	XAudio - ok
18:25:35.0315 2220	XAudioService   (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
18:25:35.0346 2220	XAudioService - ok
18:25:35.0424 2220	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:25:35.0751 2220	\Device\Harddisk0\DR0 - ok
18:25:35.0767 2220	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:25:35.0907 2220	\Device\Harddisk1\DR1 - ok
18:25:35.0939 2220	Boot (0x1200)   (8ffb76cc5ffd56f16ca5ea595b849d39) \Device\Harddisk0\DR0\Partition0
18:25:35.0939 2220	\Device\Harddisk0\DR0\Partition0 - ok
18:25:35.0970 2220	Boot (0x1200)   (b6fa7e703d790ca126c41836ac0e9cbd) \Device\Harddisk0\DR0\Partition1
18:25:35.0970 2220	\Device\Harddisk0\DR0\Partition1 - ok
18:25:35.0985 2220	Boot (0x1200)   (f1a724a2bd5124507a328eddf4aab056) \Device\Harddisk1\DR1\Partition0
18:25:35.0985 2220	\Device\Harddisk1\DR1\Partition0 - ok
18:25:35.0985 2220	============================================================
18:25:35.0985 2220	Scan finished
18:25:35.0985 2220	============================================================
18:25:36.0017 2224	Detected object count: 5
18:25:36.0017 2224	Actual detected object count: 5
18:26:02.0506 2224	bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0506 2224	bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:02.0522 2224	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0522 2224	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:02.0522 2224	jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0522 2224	jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:02.0522 2224	SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0522 2224	SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:02.0522 2224	UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0522 2224	UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 30.04.2012, 19:01   #6
markusg
/// Malware-holic
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Verschlüsselungs Trojaner bitte OTL-log überprüfen

Alt 30.04.2012, 22:40   #7
nap
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



Hi Markus,

danke danke. Hier die Log-Datei von combofix
Code:
ATTFilter
ComboFix 12-04-31.02 - Kerstin *** 30.04.2012  23:23:31.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3582.2506 [GMT 2:00]
ausgeführt von:: c:\users\Kerstin ***\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kerstin ***\Favorites\locked-Fussballcup - Dein kostenloser online Fussball Manager!.url.libb
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-28 bis 2012-04-30  ))))))))))))))))))))))))))))))
.
.
2012-04-30 21:31 . 2012-04-30 21:32	--------	d-----w-	c:\users\Kerstin ***\AppData\Local\temp
2012-04-30 21:31 . 2012-04-30 21:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-29 17:06 . 2012-04-29 17:06	476960	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-04-29 09:18 . 2012-04-29 09:18	--------	d-----w-	c:\program files\Microsoft
2012-04-29 08:35 . 2012-04-29 08:35	--------	d-----w-	c:\users\Kerstin ***\DoctorWeb
2012-04-28 22:07 . 2012-04-28 22:07	1233160	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-28 21:30 . 2012-04-28 21:30	57344	----a-w-	c:\users\Kerstin ***\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-04-28 19:52 . 2012-04-28 19:52	--------	d-----w-	c:\users\Kerstin ***\AppData\Roaming\Malwarebytes
2012-04-28 19:52 . 2012-04-28 19:52	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-28 19:52 . 2012-04-28 19:52	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-28 19:52 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-28 17:30 . 2012-04-29 01:56	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF524EF6-4EE3-4B37-B5A4-2990F255F68F}\offreg.dll
2012-04-28 16:09 . 2012-04-29 09:07	--------	d-----w-	c:\users\Kerstin ***\AppData\Roaming\Qkueqfgbdo
2012-04-28 09:48 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF524EF6-4EE3-4B37-B5A4-2990F255F68F}\mpengine.dll
2012-04-21 15:58 . 2012-04-21 15:58	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-11 11:09 . 2012-03-01 05:46	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-11 11:09 . 2012-03-01 05:37	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-04-11 11:09 . 2012-03-01 05:33	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-11 11:09 . 2012-03-01 05:29	5120	----a-w-	c:\windows\system32\wmi.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 17:06 . 2010-12-10 21:34	472864	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-21 15:58 . 2011-05-17 18:03	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2009-10-11 08:43	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-20 10:34 . 2011-10-16 18:09	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-17 05:34 . 2012-03-15 20:07	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-15 20:07	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-15 20:07	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-15 20:08	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02	1070352	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54 . 2012-03-15 20:08	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-28 18:36 . 2011-06-29 16:35	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2009-11-15 15:42 . 2009-11-15 15:42	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-15 30192]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Kerstin ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 253088]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2010-02-08 28208]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-15 30192]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2007-05-31 14949]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [2010-11-29 505264]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-02-23 690352]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 39505073
*Deregistered* - 39505073
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 15:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Kerstin ***\AppData\Roaming\Mozilla\Firefox\Profiles\szp85g3h.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-30  23:34:36
ComboFix-quarantined-files.txt  2012-04-30 21:34
.
Vor Suchlauf: 6 Verzeichnis(se), 135.442.599.936 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 135.696.564.224 Bytes frei
.
- - End Of File - - FA17FB747BA9812BDA7AE43D671274C2
         
Grüße
nap

Alt 01.05.2012, 10:57   #8
markusg
/// Malware-holic
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



läuft alles wie gewünscht?
wenn ja:
lade den CCleaner standard:
CCleaner Download - CCleaner 3.18.1707
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.05.2012, 11:29   #9
nap
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



Hallo,
funktioniert soweit alles, wie gewünscht.
Die Liste müsste ich mit dem Besitzer des Laptops durchgehen, aber auf den ersten Blick sehe ich nichts, was mir verdächtig vorkommt.
Ich werde sie aber bitten, die unnötigen Programme zu löschen.

Schönen 1.Mai noch :-)

Gruß
nap

Code:
ATTFilter
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	12.03.2010		
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	20.04.2012	6,00MB	11.2.202.233
Adobe Flash Player 9 ActiveX	Adobe Systems Incorporated	12.03.2010		9
Adobe Reader 8.1.2 - Deutsch	Adobe Systems Incorporated	06.10.2008	99,6MB	8.1.2
Apple Application Support	Apple Inc.	31.01.2012	61,2MB	2.1.6
Apple Mobile Device Support	Apple Inc.	31.01.2012	24,1MB	4.0.0.97
Apple Software Update	Apple Inc.	22.08.2011	2,38MB	2.1.3.127
ArcSoft Panorama Maker 5	ArcSoft	02.10.2011		5.0.1.71
Atheros Driver Installation Program	Atheros	12.03.2010		5.0
Atheros Wi-Fi Protected Setup Library	Atheros	08.10.2009		
ATI Catalyst Install Manager	ATI Technologies, Inc.	12.03.2010	13,8MB	3.0.732.0
Avira Free Antivirus	Avira	19.02.2012	104,4MB	12.0.0.898
Bonjour	Apple Inc.	11.10.2011	1,06MB	3.0.0.10
Camera Assistant Software for Toshiba	Chicony Electronics Co.,Ltd.	08.10.2009		1.7.231.1126L
Canon MP Navigator EX 1.0		12.03.2010		
Canon MP520 series		12.03.2010		
Canon My Printer		12.03.2010		
Canon Utilities Easy-PhotoPrint EX		12.03.2010		
Canon Utilities Solution Menu		12.03.2010		
CCleaner	Piriform	30.04.2012		3.18
CD/DVD Drive Acoustic Silencer	TOSHIBA	06.10.2008		2.02.03
Compatibility Pack für 2007 Office System	Microsoft Corporation	28.03.2012	215MB	12.0.6612.1000
cyberJack Base Components	REINER SCT	04.12.2010		6.9.8
DHTML Editing Component	Microsoft Corporation	10.10.2009	0,45MB	6.02.0001
DVD MovieFactory for TOSHIBA	Ulead Systems, Inc.	12.03.2010		5.51
Google Desktop	Google	12.03.2010		5.9.0911.03589
HDAUDIO Soft Data Fax Modem with SmartCP	Conexant	12.03.2010		7.70.00.50
iTunes	Apple Inc.	31.01.2012	169,7MB	10.5.3.3
Java(TM) 6 Update 3	Sun Microsystems, Inc.	06.10.2008	168,1MB	1.6.0.30
Java(TM) 6 Update 32	Oracle	28.04.2012	95,7MB	6.0.320
Java(TM) 6 Update 7	Sun Microsystems, Inc.	09.10.2009	136,2MB	1.6.0.70
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	27.04.2012	18,0MB	1.61.0.1400
Microsoft .NET Framework 1.1		12.03.2010		
Microsoft .NET Framework 1.1 German Language Pack		11.10.2009		
Microsoft Office File Validation Add-In	Microsoft Corporation	16.09.2011	7,95MB	14.0.5130.5003
Microsoft Office Home and Student 2007	Microsoft Corporation	28.03.2012		12.0.6612.1000
Microsoft Office Live Add-in 1.5	Microsoft Corporation	28.04.2012	0,50MB	2.0.4024.1
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	28.03.2012	107,9MB	12.0.6612.1000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	10.10.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	17.06.2011	0,29MB	8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	11.10.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	12.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	30.04.2010	0,61MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	15.06.2011	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	09.10.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	14.12.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.06.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	16.10.2011	12,3MB	10.0.40219
Microsoft Works	Microsoft Corporation	10.04.2012	1.044MB	9.7.0621
MobileMe Control Panel	Apple Inc.	23.05.2011	12,0MB	3.1.6.0
Mozilla Firefox 11.0 (x86 de)	Mozilla	27.03.2012	37,5MB	11.0
Mozilla Thunderbird 11.0.1 (x86 de)	Mozilla	03.04.2012	38,9MB	11.0.1
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	06.10.2008	1,28MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	11.10.2009	1,29MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	30.11.2009	1,35MB	4.20.9876.0
myphotobook 3.6	myphotobook	12.03.2010		3.6
NetWaiting	BVRP Software, Inc	08.10.2009		2.5.52
Nikon Message Center 2	Nikon	13.08.2011	5,20MB	2.0.1
OpenOffice.org Installer 1.0	Sun Microsystems	09.10.2009	2,39MB	1.0.9221
Picasa 2	Google, Inc.	12.03.2010		2.0
Picture Control Utility	Nikon	13.08.2011	19,6MB	1.2.2
QuickTime	Apple Inc.	27.12.2010	73,7MB	7.69.80.9
Realtek 8169 8168 8101E 8102E Ethernet Driver	Realtek	06.10.2008		1.00.0000
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	13.03.2010		6.1.7600.30101
Safari	Apple Inc.	31.01.2012	43,3MB	5.34.52.7
SCHLECKER Foto Digital Service		12.03.2010		
StarMoney 7.0 S-Edition	Star Finanz GmbH	04.12.2010		7.0
StarMoney 8.0	Star Finanz GmbH	02.07.2011		8.0
Synaptics Pointing Device Driver	Synaptics	12.03.2010		10.1.8.0
T-Online WLAN-Access Finder		12.03.2010		
TomTom HOME 2.8.3.2499	TomTom	29.02.2012		2.8.3.2499
TomTom HOME Visual Studio Merge Modules	TomTom International B.V.	07.04.2011	1,88MB	1.0.2
TOSHIBA Assist	TOSHIBA	06.10.2008		2.01.04
TOSHIBA Benutzerhandbücher	TOSHIBA	08.10.2009		7.40
TOSHIBA ConfigFree	TOSHIBA Corporation	12.03.2010	72,5MB	8.0.23
TOSHIBA Disc Creator	TOSHIBA Corporation	12.03.2010	9,73MB	2.1.0.1
TOSHIBA DVD PLAYER	TOSHIBA Corporation	12.03.2010		2.50.0.11-AU
TOSHIBA Extended Tiles for Windows Mobility Center	Toshiba	06.10.2008	1,25MB	1.01.00
TOSHIBA Face Recognition	TOSHIBA Corporation	08.10.2009	51,5MB	2.0.17.32
TOSHIBA Hardware Setup	TOSHIBA Corporation	13.03.2010		2.00.11
Toshiba Online Product Information	TOSHIBA	06.10.2008		1.00.0012
TOSHIBA Recovery Disc Creator	TOSHIBA	06.10.2008	2,54MB	2.0.0.1b
TOSHIBA Supervisor Password	TOSHIBA Corporation	13.03.2010		2.00.10
TOSHIBA Value Added Package	TOSHIBA Corporation	12.03.2010	88,7MB	1.2.28
TRDCReminder	TOSHIBA	06.10.2008	0,36MB	1.00.0015
TRORDCLauncher	TOSHIBA	06.10.2008	0,71MB	1.0.0.1
ViewNX 2	Nikon	13.08.2011	64,4MB	2.1.2
Windows Media Encoder 9-Reihe		12.03.2010
         

Alt 01.05.2012, 11:31   #10
markusg
/// Malware-holic
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



dann geh die liste doch bitte mit dem besitzer durch.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.05.2012, 18:03   #11
nap
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



Hi Markus,

nun hat die Besitzerin die Liste kommentiert.
Bitte schön:
Code:
ATTFilter
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	12.03.2010	unnötig	
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	20.04.2012	6,00MB	11.2.202.233	notwendig
Adobe Flash Player 9 ActiveX	Adobe Systems Incorporated	12.03.2010		9		notwendig
Adobe Reader 8.1.2 - Deutsch	Adobe Systems Incorporated	06.10.2008	99,6MB	8.1.2   notwendig
Apple Application Support	Apple Inc.	31.01.2012	61,2MB	2.1.6  unnötig
Apple Mobile Device Support	Apple Inc.	31.01.2012	24,1MB	4.0.0.97	unnötig
Apple Software Update	Apple Inc.	22.08.2011	2,38MB	2.1.3.127 	unnötig
ArcSoft Panorama Maker 5	ArcSoft	02.10.2011		5.0.1.71	notwendig
Atheros Driver Installation Program	Atheros	12.03.2010		5.0	nicht bekannt
Atheros Wi-Fi Protected Setup Library	Atheros	08.10.2009			nicht bekannt
ATI Catalyst Install Manager	ATI Technologies, Inc.	12.03.2010	13,8MB	3.0.732.0	 nicht bekannt
Avira Free Antivirus	Avira	19.02.2012	104,4MB	12.0.0.898	notwendig
Bonjour	Apple Inc.	11.10.2011	1,06MB	3.0.0.10 		nicht nötig
Camera Assistant Software for Toshiba	Chicony Electronics Co.,Ltd.	08.10.2009		1.7.231.1126L notwendig
Canon MP Navigator EX 1.0		12.03.2010		notwendig
Canon MP520 series		12.03.2010		notwendig
Canon My Printer		12.03.2010		notwendig
Canon Utilities Easy-PhotoPrint EX		12.03.2010	notwendig		
Canon Utilities Solution Menu		12.03.2010			notwendig
CCleaner	Piriform	30.04.2012		3.18		notwendig
CD/DVD Drive Acoustic Silencer	TOSHIBA	06.10.2008		2.02.03	nicht bekannt
Compatibility Pack für 2007 Office System	Microsoft Corporation	28.03.2012	215MB	12.0.6612.1000 nicht bekannt
cyberJack Base Components	REINER SCT	04.12.2010		6.9.8	notwendig
DHTML Editing Component	Microsoft Corporation	10.10.2009	0,45MB	6.02.0001	nicht bekannt
DVD MovieFactory for TOSHIBA	Ulead Systems, Inc.	12.03.2010		5.51	nicht bekannt
Google Desktop	Google	12.03.2010		5.9.0911.03589				unnötig
HDAUDIO Soft Data Fax Modem with SmartCP	Conexant	12.03.2010		7.70.00.50 nicht bekannt
iTunes	Apple Inc.	31.01.2012	169,7MB	10.5.3.3	notwendig
Java(TM) 6 Update 3	Sun Microsystems, Inc.	06.10.2008	168,1MB	1.6.0.30 notwendig
Java(TM) 6 Update 32	Oracle	28.04.2012	95,7MB	6.0.320				notwendig
Java(TM) 6 Update 7	Sun Microsystems, Inc.	09.10.2009	136,2MB	1.6.0.70 notwendig
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	27.04.2012	18,0MB	1.61.0.1400	notwendig
Microsoft .NET Framework 1.1		12.03.2010		nicht bekannt
Microsoft .NET Framework 1.1 German Language Pack		11.10.2009	nicht bekannt	
Microsoft Office File Validation Add-In	Microsoft Corporation	16.09.2011	7,95MB	14.0.5130.5003	nicht bekannt
Microsoft Office Home and Student 2007	Microsoft Corporation	28.03.2012		12.0.6612.1000	notwendig
Microsoft Office Live Add-in 1.5	Microsoft Corporation	28.04.2012	0,50MB	2.0.4024.1	nicht bekannt
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	28.03.2012	107,9MB	12.0.6612.1000	notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	10.10.2009	0,25MB	8.0.50727.4053 nicht bekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	17.06.2011	0,29MB	8.0.59193	nicht bekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	11.10.2009	0,19MB	9.0.30729.4148 nicht bekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	12.04.2011	0,58MB	9.0.30729.5570	nicht bekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	30.04.2010	0,61MB	9.0.21022	nicht bekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	15.06.2011	0,23MB	9.0.30729	nicht bekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	09.10.2009	0,58MB	9.0.30729	nicht bekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	14.12.2010	0,58MB	9.0.30729.4148	nicht bekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.06.2011	0,59MB	9.0.30729.6161	nicht bekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	16.10.2011	12,3MB	10.0.40219	nicht bekannt
Microsoft Works	Microsoft Corporation	10.04.2012	1.044MB	9.7.0621	nicht bekannt
MobileMe Control Panel	Apple Inc.	23.05.2011	12,0MB	3.1.6.0 nicht bekannt
Mozilla Firefox 11.0 (x86 de)	Mozilla	27.03.2012	37,5MB	11.0 notwendig
Mozilla Thunderbird 11.0.1 (x86 de)	Mozilla	03.04.2012	38,9MB	11.0.1	notwendig
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	06.10.2008	1,28MB	4.20.9849.0 nicht bekannt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	11.10.2009	1,29MB	4.20.9870.0	nicht bekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	30.11.2009	1,35MB	4.20.9876.0	nicht bekannt
myphotobook 3.6	myphotobook	12.03.2010		3.6		unnötig
NetWaiting	BVRP Software, Inc	08.10.2009		2.5.52	nicht bekannt
Nikon Message Center 2	Nikon	13.08.2011	5,20MB	2.0.1	ok
OpenOffice.org Installer 1.0	Sun Microsystems	09.10.2009	2,39MB	1.0.9221  nicht bekannt
Picasa 2	Google, Inc.	12.03.2010		2.0     nicht bekannt
Picture Control Utility	Nikon	13.08.2011	19,6MB	1.2.2  ok
QuickTime	Apple Inc.	27.12.2010	73,7MB	7.69.80.9  nicht bekannt
Realtek 8169 8168 8101E 8102E Ethernet Driver	Realtek	06.10.2008		1.00.0000   nicht bekannt
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	13.03.2010		6.1.7600.30101  nicht bekannt
Safari	Apple Inc.	31.01.2012	43,3MB	5.34.52.7    nicht bekannt
SCHLECKER Foto Digital Service		12.03.2010	ok	
StarMoney 7.0 S-Edition	Star Finanz GmbH	04.12.2010		7.0	ok
StarMoney 8.0	Star Finanz GmbH	02.07.2011		8.0
Synaptics Pointing Device Driver	Synaptics	12.03.2010		10.1.8.0  nicht bekannt
T-Online WLAN-Access Finder		12.03.2010   ok		
TomTom HOME 2.8.3.2499	TomTom	29.02.2012		2.8.3.2499  ok
TomTom HOME Visual Studio Merge Modules	TomTom International B.V.	07.04.2011	1,88MB	1.0.2	ok
TOSHIBA Assist	TOSHIBA	06.10.2008		2.01.04 ok
TOSHIBA Benutzerhandbücher	TOSHIBA	08.10.2009		7.40	ok
TOSHIBA ConfigFree	TOSHIBA Corporation	12.03.2010	72,5MB	8.0.23	ok
TOSHIBA Disc Creator	TOSHIBA Corporation	12.03.2010	9,73MB	2.1.0.1  nicht bekannt
TOSHIBA DVD PLAYER	TOSHIBA Corporation	12.03.2010		2.50.0.11-AU	nicht bekannt
TOSHIBA Extended Tiles for Windows Mobility Center	Toshiba	06.10.2008	1,25MB	1.01.00	nicht bekannt
TOSHIBA Face Recognition	TOSHIBA Corporation	08.10.2009	51,5MB	2.0.17.32	nicht bekannt
TOSHIBA Hardware Setup	TOSHIBA Corporation	13.03.2010		2.00.11	nicht bekannt
Toshiba Online Product Information	TOSHIBA	06.10.2008		1.00.0012	nicht bekannt
TOSHIBA Recovery Disc Creator	TOSHIBA	06.10.2008	2,54MB	2.0.0.1b	nicht bekannt
TOSHIBA Supervisor Password	TOSHIBA Corporation	13.03.2010		2.00.10	nicht bekannt
TOSHIBA Value Added Package	TOSHIBA Corporation	12.03.2010	88,7MB	1.2.28  nicht bekannt
TRDCReminder	TOSHIBA	06.10.2008	0,36MB	1.00.0015	nicht bekannt
TRORDCLauncher	TOSHIBA	06.10.2008	0,71MB	1.0.0.1  	nicht bekannt
ViewNX 2	Nikon	13.08.2011	64,4MB	2.1.2  nicht bekannt
Windows Media Encoder 9-Reihe		12.03.2010	nicht bekannt
         
Gruß
nap

Alt 04.05.2012, 18:09   #12
markusg
/// Malware-holic
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
DVD MovieFactory
Google Desktop
Java(TM) 6 Update 3
Java(TM) 6 Update 7
myphotobook
OpenOffice
Picasa
Safari

öffne CCleaner analysieren CCleaner starten, pc neustarten testen wie der pc läuft.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.05.2012, 20:58   #13
nap
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



Hi,
vielen Dank für deine Tipps und Einschätzung, ich habe alles nach der Anleitung durchgeführt und einige Programme getestet, läuft soweit alles wunschgemäß.

Eine Frage hab ich noch, in welchem der vorherigen Schritte haben wir eigentlich den Trojaner entfernt?

Noch mal Danke!
Gruß
nap

Alt 05.05.2012, 15:34   #14
markusg
/// Malware-holic
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



mit otl.
pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
aus der passage xp:
- automatische updates.
- datenausführungsverhinderung für alle prozesse.
- dienste konfigurieren.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.68

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
Run updateChecker
when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.05.2012, 20:07   #15
nap
 
Verschlüsselungs Trojaner bitte OTL-log überprüfen - Standard

Verschlüsselungs Trojaner bitte OTL-log überprüfen



Hi Markus,

tausend Dank noch mal für Deine Hilfe. Ich habe deine Empfehlungen der Besitzerin weitergegeben, und auch die Nummer Eures Spendenkontos ;-)

Ich werde an einem Wochenende noch mal zu ihr hinfahren und die Sicherungsmechanismen durchchecken, auf jeden Fall sichert sie Ihre Daten schon seit längerer Zeit auf eine externe Platte, zumindest das ist schon mal sicher!
Liebe Grüße
nap

Geändert von nap (12.05.2012 um 20:14 Uhr)

Antwort

Themen zu Verschlüsselungs Trojaner bitte OTL-log überprüfen
adobe, alternate, antivir, autorun, avg, avira, bho, bonjour, branding, defender, desktop, error, firefox, flash player, format, home, install.exe, installation, intranet, kunde, locker, microsoft office word, mozilla, office 2007, realtek, registry, rundll, scan, searchscopes, security, senden, software, starmoney, trojaner, usb 2.0, version=1.0, visual studio, wallpapers, windows



Ähnliche Themen: Verschlüsselungs Trojaner bitte OTL-log überprüfen


  1. Vorgehen beim Verschlüsselungs-Trojaner - Bitte um Hilfestellung
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (6)
  2. Verschlüsselungs-Trojaner: Bitte um Hilfe!!!
    Log-Analyse und Auswertung - 11.06.2012 (2)
  3. Windows-Verschlüsselungs Trojaner Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 17.05.2012 (11)
  4. Bitte Hilfe - Windows Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 28.04.2012 (8)
  5. Bitte Log überprüfen auf Viren/Trojaner
    Log-Analyse und Auswertung - 22.08.2009 (4)
  6. Bitte Log-File überprüfen / Trojaner verdacht
    Log-Analyse und Auswertung - 21.04.2009 (15)
  7. Trojaner, bitte HJT überprüfen
    Mülltonne - 12.11.2008 (0)
  8. Bitte Log-file überprüfen / Trojaner-Befall
    Log-Analyse und Auswertung - 01.09.2008 (8)
  9. Logfile bitte überprüfen/Trojaner-Problem
    Log-Analyse und Auswertung - 09.02.2008 (4)
  10. Bitte auf Trojaner überprüfen
    Log-Analyse und Auswertung - 14.12.2007 (4)
  11. Bitte überprüfen nach Trojaner
    Log-Analyse und Auswertung - 11.12.2007 (1)
  12. Trojaner - Bitte Logfile überprüfen
    Mülltonne - 09.07.2007 (2)
  13. Bitte überprüfen - SEHR WICHTIG! (Trojaner?)
    Log-Analyse und Auswertung - 11.05.2007 (10)
  14. Trojaner laut AntiVir/Bitte Hijacker Logs überprüfen, danke!!!
    Log-Analyse und Auswertung - 29.04.2007 (8)
  15. Trojaner Swizzor - Bitte hijackthis log überprüfen
    Log-Analyse und Auswertung - 01.03.2007 (4)
  16. Hilfe, 100 Trojaner, bitte Logfile überprüfen
    Log-Analyse und Auswertung - 24.02.2007 (4)
  17. HiJackThis-Log bitte überprüfen.... Trojaner etc.
    Log-Analyse und Auswertung - 14.10.2004 (9)

Zum Thema Verschlüsselungs Trojaner bitte OTL-log überprüfen - Liebe Trojaner-Board-Helferinnen und Helfer, gestern wurde mir ein Laptop mit Windows 7 gebracht, der einen Verschlüsselungstrojaner auf dem klassischen Email-Weg eingefangen hat. Ich habe mehrere Virenscanner durchlaufen lassen, auch den - Verschlüsselungs Trojaner bitte OTL-log überprüfen...
Archiv
Du betrachtest: Verschlüsselungs Trojaner bitte OTL-log überprüfen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.