| |
| |||||||
Log-Analyse und Auswertung: EXP/2012-0507.DD.2 bei Avira gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.09.2012, 20:01
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  EXP/2012-0507.DD.2 bei Avira gefunden Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-2022557686-3778486112-1133305940-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O32 - HKLM CDRom: AutoRun - 1
:Files
C:\Users\Sandra\Downloads\SoftonicDownloader_fuer_pc-inspector-smart-recovery.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.09.2012, 20:14
| #17 |
 | EXP/2012-0507.DD.2 bei Avira gefundenCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\PROGRA~2\SPYBOT~1\SDHelper.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2022557686-3778486112-1133305940-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
C:\Users\Sandra\Downloads\SoftonicDownloader_fuer_pc-inspector-smart-recovery.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Sandra\Downloads\cmd.bat deleted successfully.
C:\Users\Sandra\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Sandra
->Temp folder emptied: 145015 bytes
->Temporary Internet Files folder emptied: 125650453 bytes
->Java cache emptied: 515 bytes
->Flash cache emptied: 59770 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 215624 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 13960850 bytes
Total Files Cleaned = 134.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.3 log created on 09122012_210616
Files\Folders moved on Reboot...
C:\Users\Sandra\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
:-) |
|
13.09.2012, 13:07
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/2012-0507.DD.2 bei Avira gefunden Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
13.09.2012, 13:30
| #19 |
| | EXP/2012-0507.DD.2 bei Avira gefunden Hallo cosinus! Hier das neue Log: Code:
ATTFilter 14:25:49.0098 0984 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:25:49.0847 0984 ============================================================
14:25:49.0847 0984 Current date / time: 2012/09/13 14:25:49.0847
14:25:49.0847 0984 SystemInfo:
14:25:49.0847 0984
14:25:49.0847 0984 OS Version: 6.1.7601 ServicePack: 1.0
14:25:49.0847 0984 Product type: Workstation
14:25:49.0847 0984 ComputerName: TOSHIBA
14:25:49.0847 0984 UserName: Sandra
14:25:49.0847 0984 Windows directory: C:\Windows
14:25:49.0847 0984 System windows directory: C:\Windows
14:25:49.0847 0984 Running under WOW64
14:25:49.0847 0984 Processor architecture: Intel x64
14:25:49.0847 0984 Number of processors: 4
14:25:49.0847 0984 Page size: 0x1000
14:25:49.0847 0984 Boot type: Normal boot
14:25:49.0847 0984 ============================================================
14:25:50.0955 0984 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:25:50.0955 0984 ============================================================
14:25:50.0955 0984 \Device\Harddisk0\DR0:
14:25:50.0955 0984 MBR partitions:
14:25:50.0955 0984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x2BA08000
14:25:50.0955 0984 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2BAD0800, BlocksNum 0x2BA75EF0
14:25:50.0955 0984 ============================================================
14:25:51.0002 0984 C: <-> \Device\Harddisk0\DR0\Partition1
14:25:51.0048 0984 D: <-> \Device\Harddisk0\DR0\Partition2
14:25:51.0048 0984 ============================================================
14:25:51.0048 0984 Initialize success
14:25:51.0048 0984 ============================================================
14:26:57.0614 1636 ============================================================
14:26:57.0614 1636 Scan started
14:26:57.0614 1636 Mode: Manual; SigCheck; TDLFS;
14:26:57.0614 1636 ============================================================
14:26:59.0205 1636 ================ Scan system memory ========================
14:26:59.0205 1636 System memory - ok
14:26:59.0205 1636 ================ Scan services =============================
14:26:59.0376 1636 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:26:59.0517 1636 1394ohci - ok
14:26:59.0548 1636 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:26:59.0579 1636 ACPI - ok
14:26:59.0595 1636 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:26:59.0673 1636 AcpiPmi - ok
14:26:59.0751 1636 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:26:59.0782 1636 AdobeARMservice - ok
14:26:59.0891 1636 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:26:59.0922 1636 AdobeFlashPlayerUpdateSvc - ok
14:26:59.0969 1636 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:27:00.0016 1636 adp94xx - ok
14:27:00.0063 1636 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:27:00.0110 1636 adpahci - ok
14:27:00.0141 1636 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:27:00.0172 1636 adpu320 - ok
14:27:00.0203 1636 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:27:00.0359 1636 AeLookupSvc - ok
14:27:00.0406 1636 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:27:00.0468 1636 AFD - ok
14:27:00.0515 1636 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:27:00.0546 1636 agp440 - ok
14:27:00.0578 1636 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:27:00.0640 1636 ALG - ok
14:27:00.0671 1636 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:27:00.0702 1636 aliide - ok
14:27:00.0749 1636 [ E9F172F8067830AB6418FCF13B7C82F1 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:27:00.0827 1636 AMD External Events Utility - ok
14:27:00.0843 1636 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:27:00.0874 1636 amdide - ok
14:27:00.0905 1636 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:27:00.0952 1636 AmdK8 - ok
14:27:01.0155 1636 [ 3EA481540BF571CE2AC422249C4E18A9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:27:01.0420 1636 amdkmdag - ok
14:27:01.0467 1636 [ C5228C5FD5CA78002255089C4E74DC0E ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:27:01.0529 1636 amdkmdap - ok
14:27:01.0576 1636 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:27:01.0607 1636 AmdPPM - ok
14:27:01.0654 1636 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:27:01.0685 1636 amdsata - ok
14:27:01.0716 1636 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:27:01.0748 1636 amdsbs - ok
14:27:01.0779 1636 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:27:01.0810 1636 amdxata - ok
14:27:01.0872 1636 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:27:01.0904 1636 AntiVirSchedulerService - ok
14:27:01.0935 1636 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:27:01.0966 1636 AntiVirService - ok
14:27:02.0013 1636 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:27:02.0184 1636 AppID - ok
14:27:02.0216 1636 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:27:02.0309 1636 AppIDSvc - ok
14:27:02.0356 1636 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:27:02.0418 1636 Appinfo - ok
14:27:02.0465 1636 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:27:02.0481 1636 arc - ok
14:27:02.0496 1636 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:27:02.0512 1636 arcsas - ok
14:27:02.0528 1636 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:27:02.0574 1636 AsyncMac - ok
14:27:02.0606 1636 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:27:02.0606 1636 atapi - ok
14:27:02.0668 1636 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:27:02.0746 1636 athr - ok
14:27:02.0808 1636 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:27:02.0855 1636 AtiHDAudioService - ok
14:27:02.0902 1636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:27:02.0980 1636 AudioEndpointBuilder - ok
14:27:02.0996 1636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:27:03.0042 1636 AudioSrv - ok
14:27:03.0074 1636 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:27:03.0089 1636 avgntflt - ok
14:27:03.0120 1636 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:27:03.0136 1636 avipbb - ok
14:27:03.0152 1636 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:27:03.0167 1636 avkmgr - ok
14:27:03.0214 1636 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:27:03.0261 1636 AxInstSV - ok
14:27:03.0308 1636 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:27:03.0370 1636 b06bdrv - ok
14:27:03.0417 1636 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:27:03.0479 1636 b57nd60a - ok
14:27:03.0542 1636 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:27:03.0588 1636 BDESVC - ok
14:27:03.0620 1636 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:27:03.0682 1636 Beep - ok
14:27:03.0729 1636 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:27:03.0776 1636 BFE - ok
14:27:03.0822 1636 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:27:03.0916 1636 BITS - ok
14:27:03.0947 1636 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:27:03.0994 1636 blbdrive - ok
14:27:04.0025 1636 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:27:04.0072 1636 bowser - ok
14:27:04.0103 1636 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:27:04.0166 1636 BrFiltLo - ok
14:27:04.0181 1636 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:27:04.0228 1636 BrFiltUp - ok
14:27:04.0290 1636 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:27:04.0353 1636 Browser - ok
14:27:04.0384 1636 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:27:04.0462 1636 Brserid - ok
14:27:04.0493 1636 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:27:04.0540 1636 BrSerWdm - ok
14:27:04.0556 1636 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:27:04.0634 1636 BrUsbMdm - ok
14:27:04.0680 1636 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:27:04.0712 1636 BrUsbSer - ok
14:27:04.0743 1636 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:27:04.0790 1636 BTHMODEM - ok
14:27:04.0836 1636 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:27:04.0914 1636 bthserv - ok
14:27:04.0946 1636 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:27:04.0977 1636 cdfs - ok
14:27:05.0008 1636 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:27:05.0070 1636 cdrom - ok
14:27:05.0102 1636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:27:05.0180 1636 CertPropSvc - ok
14:27:05.0273 1636 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
14:27:05.0304 1636 cfWiMAXService - ok
14:27:05.0336 1636 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:27:05.0382 1636 circlass - ok
14:27:05.0445 1636 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:27:05.0476 1636 CLFS - ok
14:27:05.0554 1636 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:27:05.0570 1636 clr_optimization_v2.0.50727_32 - ok
14:27:05.0648 1636 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:27:05.0663 1636 clr_optimization_v2.0.50727_64 - ok
14:27:05.0726 1636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:27:05.0741 1636 clr_optimization_v4.0.30319_32 - ok
14:27:05.0804 1636 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:27:05.0835 1636 clr_optimization_v4.0.30319_64 - ok
14:27:05.0866 1636 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:27:05.0913 1636 CmBatt - ok
14:27:05.0928 1636 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:27:05.0960 1636 cmdide - ok
14:27:06.0022 1636 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:27:06.0069 1636 CNG - ok
14:27:06.0116 1636 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:27:06.0131 1636 Compbatt - ok
14:27:06.0131 1636 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:27:06.0194 1636 CompositeBus - ok
14:27:06.0209 1636 COMSysApp - ok
14:27:06.0240 1636 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
14:27:06.0272 1636 ConfigFree Service - ok
14:27:06.0287 1636 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:27:06.0318 1636 crcdisk - ok
14:27:06.0350 1636 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:27:06.0412 1636 CryptSvc - ok
14:27:06.0506 1636 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:27:06.0537 1636 cvhsvc - ok
14:27:06.0584 1636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:27:06.0646 1636 DcomLaunch - ok
14:27:06.0693 1636 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:27:06.0771 1636 defragsvc - ok
14:27:06.0786 1636 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:27:06.0880 1636 DfsC - ok
14:27:06.0911 1636 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:27:06.0974 1636 Dhcp - ok
14:27:07.0005 1636 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:27:07.0098 1636 discache - ok
14:27:07.0130 1636 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:27:07.0161 1636 Disk - ok
14:27:07.0192 1636 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:27:07.0270 1636 Dnscache - ok
14:27:07.0286 1636 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:27:07.0379 1636 dot3svc - ok
14:27:07.0426 1636 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:27:07.0473 1636 Dot4 - ok
14:27:07.0504 1636 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:27:07.0551 1636 Dot4Print - ok
14:27:07.0582 1636 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:27:07.0629 1636 dot4usb - ok
14:27:07.0660 1636 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:27:07.0738 1636 DPS - ok
14:27:07.0785 1636 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:27:07.0832 1636 drmkaud - ok
14:27:07.0878 1636 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:27:07.0910 1636 DXGKrnl - ok
14:27:07.0956 1636 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:27:08.0034 1636 EapHost - ok
14:27:08.0128 1636 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:27:08.0253 1636 ebdrv - ok
14:27:08.0284 1636 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:27:08.0331 1636 EFS - ok
14:27:08.0393 1636 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:27:08.0471 1636 ehRecvr - ok
14:27:08.0502 1636 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:27:08.0549 1636 ehSched - ok
14:27:08.0612 1636 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:27:08.0643 1636 elxstor - ok
14:27:08.0658 1636 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:27:08.0705 1636 ErrDev - ok
14:27:08.0768 1636 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:27:08.0846 1636 EventSystem - ok
14:27:08.0908 1636 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:27:09.0002 1636 exfat - ok
14:27:09.0033 1636 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:27:09.0095 1636 fastfat - ok
14:27:09.0142 1636 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:27:09.0204 1636 Fax - ok
14:27:09.0220 1636 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:27:09.0267 1636 fdc - ok
14:27:09.0298 1636 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:27:09.0360 1636 fdPHost - ok
14:27:09.0376 1636 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:27:09.0438 1636 FDResPub - ok
14:27:09.0454 1636 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:27:09.0470 1636 FileInfo - ok
14:27:09.0485 1636 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:27:09.0548 1636 Filetrace - ok
14:27:09.0563 1636 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:27:09.0579 1636 flpydisk - ok
14:27:09.0594 1636 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:27:09.0610 1636 FltMgr - ok
14:27:09.0657 1636 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:27:09.0704 1636 FontCache - ok
14:27:09.0750 1636 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:27:09.0782 1636 FontCache3.0.0.0 - ok
14:27:09.0797 1636 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:27:09.0813 1636 FsDepends - ok
14:27:09.0828 1636 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:27:09.0844 1636 Fs_Rec - ok
14:27:09.0875 1636 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:27:09.0891 1636 fvevol - ok
14:27:09.0938 1636 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:27:09.0953 1636 gagp30kx - ok
14:27:10.0000 1636 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:27:10.0016 1636 GamesAppService - ok
14:27:10.0047 1636 [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe
14:27:10.0062 1636 GFNEXSrv - ok
14:27:10.0109 1636 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:27:10.0156 1636 gpsvc - ok
14:27:10.0218 1636 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:27:10.0250 1636 gupdate - ok
14:27:10.0250 1636 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:27:10.0281 1636 gupdatem - ok
14:27:10.0343 1636 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:27:10.0374 1636 gusvc - ok
14:27:10.0406 1636 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:27:10.0452 1636 hcw85cir - ok
14:27:10.0515 1636 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:27:10.0562 1636 HdAudAddService - ok
14:27:10.0593 1636 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:27:10.0640 1636 HDAudBus - ok
14:27:10.0671 1636 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:27:10.0718 1636 HidBatt - ok
14:27:10.0749 1636 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:27:10.0796 1636 HidBth - ok
14:27:10.0827 1636 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:27:10.0858 1636 HidIr - ok
14:27:10.0889 1636 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:27:10.0983 1636 hidserv - ok
14:27:11.0014 1636 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:27:11.0045 1636 HidUsb - ok
14:27:11.0076 1636 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:27:11.0170 1636 hkmsvc - ok
14:27:11.0201 1636 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:27:11.0232 1636 HomeGroupListener - ok
14:27:11.0264 1636 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:27:11.0295 1636 HomeGroupProvider - ok
14:27:11.0373 1636 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:27:11.0404 1636 hpqcxs08 - ok
14:27:11.0435 1636 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:27:11.0466 1636 hpqddsvc - ok
14:27:11.0482 1636 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:27:11.0513 1636 HpSAMD - ok
14:27:11.0560 1636 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:27:11.0654 1636 HTTP - ok
14:27:11.0685 1636 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:27:11.0685 1636 hwpolicy - ok
14:27:11.0732 1636 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:27:11.0747 1636 i8042prt - ok
14:27:11.0778 1636 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:27:11.0825 1636 iaStorV - ok
14:27:11.0888 1636 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:27:11.0950 1636 idsvc - ok
14:27:11.0981 1636 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:27:12.0012 1636 iirsp - ok
14:27:12.0059 1636 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:27:12.0153 1636 IKEEXT - ok
14:27:12.0262 1636 [ 16C324E22208E6E8336C3F2DA14CFE2D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:27:12.0356 1636 IntcAzAudAddService - ok
14:27:12.0387 1636 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:27:12.0387 1636 intelide - ok
14:27:12.0434 1636 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
14:27:12.0465 1636 intelppm - ok
14:27:12.0512 1636 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:27:12.0574 1636 IPBusEnum - ok
14:27:12.0590 1636 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:27:12.0652 1636 IpFilterDriver - ok
14:27:12.0699 1636 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:27:12.0761 1636 iphlpsvc - ok
14:27:12.0777 1636 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:27:12.0792 1636 IPMIDRV - ok
14:27:12.0808 1636 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:27:12.0855 1636 IPNAT - ok
14:27:12.0886 1636 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:27:12.0933 1636 IRENUM - ok
14:27:12.0964 1636 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:27:12.0980 1636 isapnp - ok
14:27:13.0011 1636 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:27:13.0042 1636 iScsiPrt - ok
14:27:13.0073 1636 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:27:13.0089 1636 kbdclass - ok
14:27:13.0136 1636 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:27:13.0167 1636 kbdhid - ok
14:27:13.0198 1636 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:27:13.0214 1636 KeyIso - ok
14:27:13.0229 1636 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:27:13.0260 1636 KSecDD - ok
14:27:13.0276 1636 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:27:13.0307 1636 KSecPkg - ok
14:27:13.0338 1636 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:27:13.0401 1636 ksthunk - ok
14:27:13.0448 1636 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:27:13.0494 1636 KtmRm - ok
14:27:13.0541 1636 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:27:13.0604 1636 LanmanServer - ok
14:27:13.0619 1636 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:27:13.0713 1636 LanmanWorkstation - ok
14:27:13.0728 1636 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:27:13.0775 1636 lltdio - ok
14:27:13.0806 1636 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:27:13.0869 1636 lltdsvc - ok
14:27:13.0884 1636 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:27:13.0931 1636 lmhosts - ok
14:27:13.0962 1636 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:27:13.0978 1636 LSI_FC - ok
14:27:14.0009 1636 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:27:14.0025 1636 LSI_SAS - ok
14:27:14.0040 1636 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:27:14.0056 1636 LSI_SAS2 - ok
14:27:14.0087 1636 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:27:14.0103 1636 LSI_SCSI - ok
14:27:14.0134 1636 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:27:14.0212 1636 luafv - ok
14:27:14.0259 1636 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:27:14.0290 1636 MBAMProtector - ok
14:27:14.0352 1636 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:27:14.0384 1636 MBAMService - ok
14:27:14.0415 1636 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:27:14.0462 1636 Mcx2Svc - ok
14:27:14.0493 1636 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:27:14.0508 1636 megasas - ok
14:27:14.0555 1636 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:27:14.0586 1636 MegaSR - ok
14:27:14.0618 1636 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:27:14.0696 1636 MMCSS - ok
14:27:14.0711 1636 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:27:14.0774 1636 Modem - ok
14:27:14.0789 1636 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:27:14.0836 1636 monitor - ok
14:27:14.0867 1636 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:27:14.0898 1636 mouclass - ok
14:27:14.0914 1636 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:27:14.0945 1636 mouhid - ok
14:27:14.0961 1636 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:27:14.0976 1636 mountmgr - ok
14:27:15.0008 1636 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:27:15.0023 1636 mpio - ok
14:27:15.0039 1636 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:27:15.0070 1636 mpsdrv - ok
14:27:15.0101 1636 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:27:15.0210 1636 MpsSvc - ok
14:27:15.0226 1636 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:27:15.0273 1636 MRxDAV - ok
14:27:15.0304 1636 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:27:15.0351 1636 mrxsmb - ok
14:27:15.0382 1636 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:27:15.0413 1636 mrxsmb10 - ok
14:27:15.0429 1636 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:27:15.0460 1636 mrxsmb20 - ok
14:27:15.0491 1636 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
14:27:15.0522 1636 msahci - ok
14:27:15.0538 1636 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:27:15.0569 1636 msdsm - ok
14:27:15.0585 1636 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:27:15.0632 1636 MSDTC - ok
14:27:15.0678 1636 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:27:15.0756 1636 Msfs - ok
14:27:15.0772 1636 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:27:15.0803 1636 mshidkmdf - ok
14:27:15.0819 1636 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:27:15.0834 1636 msisadrv - ok
14:27:15.0866 1636 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:27:15.0912 1636 MSiSCSI - ok
14:27:15.0928 1636 msiserver - ok
14:27:15.0959 1636 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:27:16.0053 1636 MSKSSRV - ok
14:27:16.0068 1636 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:27:16.0115 1636 MSPCLOCK - ok
14:27:16.0131 1636 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:27:16.0209 1636 MSPQM - ok
14:27:16.0240 1636 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:27:16.0256 1636 MsRPC - ok
14:27:16.0287 1636 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:27:16.0302 1636 mssmbios - ok
14:27:16.0318 1636 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:27:16.0365 1636 MSTEE - ok
14:27:16.0380 1636 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:27:16.0412 1636 MTConfig - ok
14:27:16.0427 1636 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:27:16.0458 1636 Mup - ok
14:27:16.0490 1636 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:27:16.0552 1636 napagent - ok
14:27:16.0583 1636 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:27:16.0630 1636 NativeWifiP - ok
14:27:16.0692 1636 [ 2989174DF02E0AEF54BAE90674FB445F ] NAUpdate c:\Program Files (x86)\Nero\Update\NASvc.exe
14:27:16.0739 1636 NAUpdate - ok
14:27:16.0786 1636 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:27:16.0817 1636 NDIS - ok
14:27:16.0848 1636 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:27:16.0926 1636 NdisCap - ok
14:27:16.0958 1636 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:27:16.0989 1636 NdisTapi - ok
14:27:17.0004 1636 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:27:17.0051 1636 Ndisuio - ok
14:27:17.0067 1636 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:27:17.0114 1636 NdisWan - ok
14:27:17.0160 1636 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:27:17.0223 1636 NDProxy - ok
14:27:17.0270 1636 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:27:17.0285 1636 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:27:17.0285 1636 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:27:17.0316 1636 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:27:17.0379 1636 NetBIOS - ok
14:27:17.0394 1636 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:27:17.0488 1636 NetBT - ok
14:27:17.0519 1636 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:27:17.0519 1636 Netlogon - ok
14:27:17.0550 1636 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:27:17.0613 1636 Netman - ok
14:27:17.0644 1636 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:27:17.0691 1636 netprofm - ok
14:27:17.0722 1636 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:27:17.0738 1636 NetTcpPortSharing - ok
14:27:17.0784 1636 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:27:17.0800 1636 nfrd960 - ok
14:27:17.0831 1636 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:27:17.0878 1636 NlaSvc - ok
14:27:17.0894 1636 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:27:17.0925 1636 Npfs - ok
14:27:17.0940 1636 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:27:17.0987 1636 nsi - ok
14:27:18.0018 1636 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:27:18.0096 1636 nsiproxy - ok
14:27:18.0159 1636 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:27:18.0221 1636 Ntfs - ok
14:27:18.0252 1636 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:27:18.0315 1636 Null - ok
14:27:18.0346 1636 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:27:18.0393 1636 nvraid - ok
14:27:18.0408 1636 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:27:18.0424 1636 nvstor - ok
14:27:18.0455 1636 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:27:18.0471 1636 nv_agp - ok
14:27:18.0518 1636 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:27:18.0533 1636 odserv - ok
14:27:18.0549 1636 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:27:18.0580 1636 ohci1394 - ok
14:27:18.0596 1636 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:27:18.0611 1636 ose - ok
14:27:18.0798 1636 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:27:18.0986 1636 osppsvc - ok
14:27:19.0032 1636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:27:19.0079 1636 p2pimsvc - ok
14:27:19.0110 1636 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:27:19.0157 1636 p2psvc - ok
14:27:19.0204 1636 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:27:19.0235 1636 Parport - ok
14:27:19.0266 1636 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:27:19.0298 1636 partmgr - ok
14:27:19.0313 1636 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:27:19.0376 1636 PcaSvc - ok
14:27:19.0407 1636 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:27:19.0438 1636 pci - ok
14:27:19.0438 1636 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
14:27:19.0454 1636 pciide - ok
14:27:19.0469 1636 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:27:19.0485 1636 pcmcia - ok
14:27:19.0516 1636 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:27:19.0516 1636 pcw - ok
14:27:19.0547 1636 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:27:19.0610 1636 PEAUTH - ok
14:27:19.0672 1636 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:27:19.0719 1636 PerfHost - ok
14:27:19.0766 1636 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
14:27:19.0781 1636 PGEffect - ok
14:27:19.0844 1636 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:27:19.0937 1636 pla - ok
14:27:20.0000 1636 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:27:20.0062 1636 PlugPlay - ok
14:27:20.0140 1636 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:27:20.0156 1636 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:27:20.0156 1636 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:27:20.0187 1636 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:27:20.0234 1636 PNRPAutoReg - ok
14:27:20.0249 1636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:27:20.0296 1636 PNRPsvc - ok
14:27:20.0327 1636 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:27:20.0405 1636 PolicyAgent - ok
14:27:20.0436 1636 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:27:20.0514 1636 Power - ok
14:27:20.0546 1636 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:27:20.0639 1636 PptpMiniport - ok
14:27:20.0655 1636 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:27:20.0686 1636 Processor - ok
14:27:20.0702 1636 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:27:20.0764 1636 ProfSvc - ok
14:27:20.0795 1636 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:27:20.0811 1636 ProtectedStorage - ok
14:27:20.0842 1636 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:27:20.0936 1636 Psched - ok
14:27:21.0014 1636 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:27:21.0076 1636 ql2300 - ok
14:27:21.0092 1636 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:27:21.0107 1636 ql40xx - ok
14:27:21.0138 1636 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:27:21.0185 1636 QWAVE - ok
14:27:21.0232 1636 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:27:21.0279 1636 QWAVEdrv - ok
14:27:21.0310 1636 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:27:21.0388 1636 RasAcd - ok
14:27:21.0435 1636 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:27:21.0513 1636 RasAgileVpn - ok
14:27:21.0544 1636 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:27:21.0591 1636 RasAuto - ok
14:27:21.0622 1636 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:27:21.0669 1636 Rasl2tp - ok
14:27:21.0700 1636 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:27:21.0763 1636 RasMan - ok
14:27:21.0794 1636 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:27:21.0872 1636 RasPppoe - ok
14:27:21.0887 1636 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:27:21.0965 1636 RasSstp - ok
14:27:21.0981 1636 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:27:22.0043 1636 rdbss - ok
14:27:22.0075 1636 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:27:22.0106 1636 rdpbus - ok
14:27:22.0121 1636 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:27:22.0153 1636 RDPCDD - ok
14:27:22.0184 1636 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:27:22.0215 1636 RDPENCDD - ok
14:27:22.0231 1636 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:27:22.0309 1636 RDPREFMP - ok
14:27:22.0324 1636 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:27:22.0387 1636 RDPWD - ok
14:27:22.0418 1636 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:27:22.0449 1636 rdyboost - ok
14:27:22.0480 1636 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:27:22.0558 1636 RemoteAccess - ok
14:27:22.0589 1636 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:27:22.0636 1636 RemoteRegistry - ok
14:27:22.0667 1636 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:27:22.0699 1636 RpcEptMapper - ok
14:27:22.0730 1636 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:27:22.0745 1636 RpcLocator - ok
14:27:22.0777 1636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:27:22.0823 1636 RpcSs - ok
14:27:22.0855 1636 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:27:22.0901 1636 rspndr - ok
14:27:22.0964 1636 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:27:22.0979 1636 RSUSBSTOR - ok
14:27:23.0011 1636 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:27:23.0042 1636 RTL8167 - ok
14:27:23.0104 1636 [ FA088015155C4C6DAB5D1D9E68EB9D6B ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
14:27:23.0151 1636 RTL8192Ce - ok
14:27:23.0151 1636 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:27:23.0167 1636 SamSs - ok
14:27:23.0198 1636 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:27:23.0213 1636 sbp2port - ok
14:27:23.0307 1636 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
14:27:23.0354 1636 SBSDWSCService - ok
14:27:23.0385 1636 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:27:23.0432 1636 SCardSvr - ok
14:27:23.0463 1636 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:27:23.0510 1636 scfilter - ok
14:27:23.0557 1636 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:27:23.0635 1636 Schedule - ok
14:27:23.0666 1636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:27:23.0728 1636 SCPolicySvc - ok
14:27:23.0759 1636 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:27:23.0806 1636 SDRSVC - ok
14:27:23.0837 1636 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:27:23.0869 1636 secdrv - ok
14:27:23.0900 1636 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:27:23.0931 1636 seclogon - ok
14:27:23.0962 1636 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:27:24.0009 1636 SENS - ok
14:27:24.0040 1636 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:27:24.0087 1636 SensrSvc - ok
14:27:24.0118 1636 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
14:27:24.0165 1636 Serenum - ok
14:27:24.0212 1636 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
14:27:24.0259 1636 Serial - ok
14:27:24.0290 1636 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:27:24.0321 1636 sermouse - ok
14:27:24.0368 1636 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:27:24.0430 1636 SessionEnv - ok
14:27:24.0461 1636 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:27:24.0508 1636 sffdisk - ok
14:27:24.0508 1636 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:27:24.0555 1636 sffp_mmc - ok
14:27:24.0586 1636 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:27:24.0633 1636 sffp_sd - ok
14:27:24.0649 1636 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:27:24.0695 1636 sfloppy - ok
14:27:24.0758 1636 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
14:27:24.0805 1636 Sftfs - ok
14:27:24.0851 1636 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:27:24.0883 1636 sftlist - ok
14:27:24.0914 1636 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:27:24.0929 1636 Sftplay - ok
14:27:24.0976 1636 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:27:24.0992 1636 Sftredir - ok
14:27:25.0023 1636 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
14:27:25.0054 1636 Sftvol - ok
14:27:25.0085 1636 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:27:25.0101 1636 sftvsa - ok
14:27:25.0132 1636 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:27:25.0226 1636 SharedAccess - ok
14:27:25.0273 1636 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:27:25.0335 1636 ShellHWDetection - ok
14:27:25.0366 1636 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:27:25.0397 1636 SiSRaid2 - ok
14:27:25.0429 1636 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:27:25.0460 1636 SiSRaid4 - ok
14:27:25.0491 1636 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:27:25.0522 1636 SkypeUpdate - ok
14:27:25.0553 1636 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:27:25.0600 1636 Smb - ok
14:27:25.0663 1636 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:27:25.0709 1636 SNMPTRAP - ok
14:27:25.0725 1636 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:27:25.0741 1636 spldr - ok
14:27:25.0787 1636 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:27:25.0850 1636 Spooler - ok
14:27:25.0959 1636 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:27:26.0115 1636 sppsvc - ok
14:27:26.0131 1636 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:27:26.0193 1636 sppuinotify - ok
14:27:26.0209 1636 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:27:26.0255 1636 srv - ok
14:27:26.0287 1636 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:27:26.0318 1636 srv2 - ok
14:27:26.0349 1636 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:27:26.0380 1636 srvnet - ok
14:27:26.0411 1636 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:27:26.0474 1636 SSDPSRV - ok
14:27:26.0489 1636 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:27:26.0536 1636 SstpSvc - ok
14:27:26.0645 1636 [ E8606BF6BE3B7481D95F1DD2E4F3FCBA ] StarMoney 7.0 OnlineUpdate C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
14:27:26.0692 1636 StarMoney 7.0 OnlineUpdate - ok
14:27:26.0708 1636 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:27:26.0739 1636 stexstor - ok
14:27:26.0801 1636 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:27:26.0848 1636 stisvc - ok
14:27:26.0879 1636 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:27:26.0895 1636 swenum - ok
14:27:26.0926 1636 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:27:27.0004 1636 swprv - ok
14:27:27.0067 1636 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:27:27.0113 1636 SynTP - ok
14:27:27.0176 1636 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:27:27.0254 1636 SysMain - ok
14:27:27.0285 1636 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:27:27.0316 1636 TabletInputService - ok
14:27:27.0332 1636 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:27:27.0394 1636 TapiSrv - ok
14:27:27.0410 1636 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:27:27.0457 1636 TBS - ok
14:27:27.0535 1636 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:27:27.0597 1636 Tcpip - ok
14:27:27.0675 1636 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:27:27.0737 1636 TCPIP6 - ok
14:27:27.0784 1636 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:27:27.0862 1636 tcpipreg - ok
14:27:27.0893 1636 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
14:27:27.0909 1636 tdcmdpst - ok
14:27:27.0940 1636 TDEIO - ok
14:27:27.0971 1636 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:27:28.0018 1636 TDPIPE - ok
14:27:28.0049 1636 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:27:28.0065 1636 TDTCP - ok
14:27:28.0096 1636 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:27:28.0174 1636 tdx - ok
14:27:28.0221 1636 [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
14:27:28.0237 1636 TemproMonitoringService - ok
14:27:28.0268 1636 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:27:28.0283 1636 TermDD - ok
14:27:28.0315 1636 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:27:28.0393 1636 TermService - ok
14:27:28.0408 1636 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:27:28.0471 1636 Themes - ok
14:27:28.0486 1636 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:27:28.0517 1636 THREADORDER - ok
14:27:28.0580 1636 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
14:27:28.0595 1636 TMachInfo - ok
14:27:28.0627 1636 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\Windows\system32\TODDSrv.exe
14:27:28.0658 1636 TODDSrv - ok
14:27:28.0720 1636 [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
14:27:28.0751 1636 TosCoSrv - ok
14:27:28.0798 1636 [ 2ECC833EA37CECE0052D4D9ADC184177 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
14:27:28.0829 1636 TOSHIBA eco Utility Service - ok
14:27:28.0876 1636 [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
14:27:28.0907 1636 TOSHIBA HDD SSD Alert Service - ok
14:27:28.0970 1636 [ 9F8410CCC72B3470C96DA415BE0CF423 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
14:27:29.0032 1636 TPCHSrv - ok
14:27:29.0048 1636 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:27:29.0095 1636 TrkWks - ok
14:27:29.0157 1636 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:27:29.0219 1636 TrustedInstaller - ok
14:27:29.0266 1636 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:27:29.0329 1636 tssecsrv - ok
14:27:29.0360 1636 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:27:29.0438 1636 TsUsbFlt - ok
14:27:29.0453 1636 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:27:29.0485 1636 TsUsbGD - ok
14:27:29.0531 1636 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:27:29.0609 1636 tunnel - ok
14:27:29.0656 1636 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
14:27:29.0656 1636 TVALZ - ok
14:27:29.0687 1636 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
14:27:29.0703 1636 TVALZFL - ok
14:27:29.0719 1636 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:27:29.0734 1636 uagp35 - ok
14:27:29.0765 1636 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:27:29.0875 1636 udfs - ok
14:27:29.0890 1636 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:27:29.0906 1636 UI0Detect - ok
14:27:29.0937 1636 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:27:29.0953 1636 uliagpkx - ok
14:27:29.0984 1636 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:27:30.0015 1636 umbus - ok
14:27:30.0031 1636 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:27:30.0077 1636 UmPass - ok
14:27:30.0124 1636 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:27:30.0202 1636 upnphost - ok
14:27:30.0249 1636 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:27:30.0280 1636 usbccgp - ok
14:27:30.0327 1636 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:27:30.0374 1636 usbcir - ok
14:27:30.0405 1636 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:27:30.0436 1636 usbehci - ok
14:27:30.0483 1636 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:27:30.0514 1636 usbhub - ok
14:27:30.0545 1636 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:27:30.0561 1636 usbohci - ok
14:27:30.0592 1636 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:27:30.0639 1636 usbprint - ok
14:27:30.0670 1636 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:27:30.0717 1636 usbscan - ok
14:27:30.0748 1636 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:27:30.0811 1636 USBSTOR - ok
14:27:30.0842 1636 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:27:30.0873 1636 usbuhci - ok
14:27:30.0920 1636 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:27:30.0967 1636 usbvideo - ok
14:27:30.0998 1636 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:27:31.0091 1636 UxSms - ok
14:27:31.0107 1636 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:27:31.0123 1636 VaultSvc - ok
14:27:31.0138 1636 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:27:31.0154 1636 vdrvroot - ok
14:27:31.0169 1636 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:27:31.0232 1636 vds - ok
14:27:31.0263 1636 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:27:31.0279 1636 vga - ok
14:27:31.0294 1636 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:27:31.0325 1636 VgaSave - ok
14:27:31.0341 1636 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:27:31.0357 1636 vhdmp - ok
14:27:31.0388 1636 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:27:31.0388 1636 viaide - ok
14:27:31.0419 1636 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:27:31.0450 1636 volmgr - ok
14:27:31.0466 1636 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:27:31.0513 1636 volmgrx - ok
14:27:31.0528 1636 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:27:31.0575 1636 volsnap - ok
14:27:31.0606 1636 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:27:31.0637 1636 vsmraid - ok
14:27:31.0684 1636 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:27:31.0762 1636 VSS - ok
14:27:31.0778 1636 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:27:31.0809 1636 vwifibus - ok
14:27:31.0825 1636 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:27:31.0856 1636 vwififlt - ok
14:27:31.0887 1636 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:27:31.0934 1636 W32Time - ok
14:27:31.0965 1636 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:27:31.0981 1636 WacomPen - ok
14:27:32.0012 1636 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:27:32.0105 1636 WANARP - ok
14:27:32.0105 1636 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:27:32.0137 1636 Wanarpv6 - ok
14:27:32.0215 1636 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:27:32.0293 1636 wbengine - ok
14:27:32.0324 1636 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:27:32.0355 1636 WbioSrvc - ok
14:27:32.0386 1636 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:27:32.0449 1636 wcncsvc - ok
14:27:32.0480 1636 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:27:32.0542 1636 WcsPlugInService - ok
14:27:32.0558 1636 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:27:32.0573 1636 Wd - ok
14:27:32.0605 1636 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:27:32.0636 1636 Wdf01000 - ok
14:27:32.0651 1636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:27:32.0745 1636 WdiServiceHost - ok
14:27:32.0745 1636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:27:32.0792 1636 WdiSystemHost - ok
14:27:32.0823 1636 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:27:32.0854 1636 WebClient - ok
14:27:32.0870 1636 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:27:32.0963 1636 Wecsvc - ok
14:27:32.0995 1636 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:27:33.0041 1636 wercplsupport - ok
14:27:33.0041 1636 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:27:33.0088 1636 WerSvc - ok
14:27:33.0119 1636 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:27:33.0151 1636 WfpLwf - ok
14:27:33.0182 1636 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:27:33.0197 1636 WIMMount - ok
14:27:33.0229 1636 WinDefend - ok
14:27:33.0229 1636 WinHttpAutoProxySvc - ok
14:27:33.0307 1636 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:27:33.0385 1636 Winmgmt - ok
14:27:33.0431 1636 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:27:33.0509 1636 WinRM - ok
14:27:33.0572 1636 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:27:33.0619 1636 Wlansvc - ok
14:27:33.0665 1636 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:27:33.0665 1636 wlcrasvc - ok
14:27:33.0821 1636 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:27:33.0884 1636 wlidsvc - ok
14:27:33.0899 1636 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:27:33.0915 1636 WmiAcpi - ok
14:27:33.0946 1636 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:27:33.0977 1636 wmiApSrv - ok
14:27:34.0009 1636 WMPNetworkSvc - ok
14:27:34.0040 1636 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:27:34.0071 1636 WPCSvc - ok
14:27:34.0102 1636 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:27:34.0149 1636 WPDBusEnum - ok
14:27:34.0165 1636 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:27:34.0243 1636 ws2ifsl - ok
14:27:34.0274 1636 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
14:27:34.0289 1636 wscsvc - ok
14:27:34.0305 1636 WSearch - ok
14:27:34.0383 1636 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:27:34.0461 1636 wuauserv - ok
14:27:34.0477 1636 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:27:34.0508 1636 WudfPf - ok
14:27:34.0539 1636 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:27:34.0648 1636 WUDFRd - ok
14:27:34.0711 1636 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:27:34.0804 1636 wudfsvc - ok
14:27:34.0851 1636 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:27:34.0898 1636 WwanSvc - ok
14:27:34.0945 1636 ================ Scan global ===============================
14:27:34.0960 1636 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:27:34.0991 1636 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:27:35.0007 1636 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:27:35.0038 1636 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:27:35.0069 1636 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:27:35.0069 1636 [Global] - ok
14:27:35.0069 1636 ================ Scan MBR ==================================
14:27:35.0085 1636 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:27:35.0428 1636 \Device\Harddisk0\DR0 - ok
14:27:35.0428 1636 ================ Scan VBR ==================================
14:27:35.0459 1636 [ 0DF23B2D8CD7C2E04D7484BBD976BD5F ] \Device\Harddisk0\DR0\Partition1
14:27:35.0459 1636 \Device\Harddisk0\DR0\Partition1 - ok
14:27:35.0491 1636 [ 6CD1FEA9066E8B7174767A2F0C31E777 ] \Device\Harddisk0\DR0\Partition2
14:27:35.0491 1636 \Device\Harddisk0\DR0\Partition2 - ok
14:27:35.0491 1636 ============================================================
14:27:35.0491 1636 Scan finished
14:27:35.0491 1636 ============================================================
14:27:35.0522 1968 Detected object count: 2
14:27:35.0522 1968 Actual detected object count: 2
14:27:59.0873 1968 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:59.0873 1968 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:27:59.0873 1968 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:27:59.0873 1968 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
13.09.2012, 20:31
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/2012-0507.DD.2 bei Avira gefunden Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.09.2012, 21:52
| #21 |
| | EXP/2012-0507.DD.2 bei Avira gefunden Hallo cosinus! Ich hab nun alles so gemacht wie Du es beschrieben hast. Auf dem Desktop habe ich nun ein Icon "Music Place" ??? Ich trau mich gar nicht draufklicken.... Es tut mir leid, dass Du soviel Arbeit hast mit mir.... Combofix Logfile: Code:
ATTFilter ComboFix 12-09-13.03 - Sandra 13.09.2012 21:49:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.5610.3695 [GMT 2:00]
ausgeführt von:: c:\users\Sandra\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Toshiba
c:\programdata\Toshiba\TSS\AlertItems.xml
c:\programdata\Toshiba\TSS\SwUpdateItems.xml
c:\programdata\Toshiba\TSS\ToshibaUpdates.xml
c:\users\Sandra\AppData\Roaming\Toshiba
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\BoardDataDownload.log
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards.xml
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards.xml.bak
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.icon.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.icon.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.icon.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.icon.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.icon.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.icon.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.xml
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.xml.bak
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.icon.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.icon.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.icon.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.icon.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.icon.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.icon.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.icon.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\Board.xml
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.icon.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\board1.xml
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r2_c110.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r2_c20.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r2_c50.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r4_c70.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r5_c100.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r5_c40.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\Help_Top000000.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Boards\IMG_2866000000.jpg
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\BulletinBoardLog.txt
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\EvernoteSettings.xml
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\EvernoteSettings.xml.bak
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\GettingStartedData.xml
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\screenshot.png
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Settings.xml
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Settings.xml.bak
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\Share.xml
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\TOSHIBABoard\UpInfo.xml
c:\users\Sandra\AppData\Roaming\Toshiba\BulletinBoard\ToshibaBoardSettings.xml
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\1\1.xml
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\0.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\1.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\2.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\3.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\4.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\5.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\music.png
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\1\News\7810\Content\css\styles.css
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\1\News\7810\Content\de\index.html
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\1\News\7810\Content\img\Aupeo.jpg
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\2.xml
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\Content\css\styles.css
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\Content\de\index.html
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\Icons\0.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\Icons\1.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\Icons\2.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\Icons\3.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\Icons\4.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\Icons\5.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\Icons\logo.png
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\News\7839\Content\de\css\styles.css
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\News\7839\Content\de\img\friendsbenefits_DE.jpg
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\News\7839\Content\de\img\Thumbs.db
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\News\7839\Content\de\index.html
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\2\News\7839\Content\de\js\scripts.js
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\3.xml
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\Content\css\styles.css
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\Content\de\index.html
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\Icons\0.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\Icons\1.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\Icons\2.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\Icons\3.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\Icons\4.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\Icons\5.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\Icons\logo.png
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\Icons\Thumbs.db
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\News\7817\Content\css\styles.css
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\News\7817\Content\de\index.html
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\News\7817\Content\img\nero.jpg
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\3\News\7817\Content\img\Thumbs.db
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\6\6.xml
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\6\Content\css\styles.css
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\6\Content\de\index.html
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\6\Icons\0.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\6\Icons\1.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\6\Icons\2.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\6\Icons\3.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\6\Icons\4.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\6\Icons\5.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\6\Icons\logo.png
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\dynamicicon.xml
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place1\7810\Content\css\styles.css
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place1\7810\Content\de\index.html
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place1\7810\Content\img\Aupeo.jpg
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place1\7810_News-de-DE.zip
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place2\7839\Content\de\css\styles.css
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place2\7839\Content\de\img\friendsbenefits_DE.jpg
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place2\7839\Content\de\img\Thumbs.db
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place2\7839\Content\de\index.html
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place2\7839\Content\de\js\scripts.js
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place2\7839_News-de-DE.zip
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place3\7817\Content\css\styles.css
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place3\7817\Content\de\index.html
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place3\7817\Content\img\nero.jpg
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place3\7817\Content\img\Thumbs.db
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\News\News_Of_Place3\7817_News-de-DE.zip
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1063_Place-de-DE.zip
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1063_Place-de-DE\Content\css\styles.css
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1063_Place-de-DE\Content\de\index.html
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1063_Place-de-DE\Icons\0.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1063_Place-de-DE\Icons\1.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1063_Place-de-DE\Icons\2.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1063_Place-de-DE\Icons\3.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1063_Place-de-DE\Icons\4.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1063_Place-de-DE\Icons\5.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1063_Place-de-DE\Icons\logo.png
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1177_Place-de-DE.zip
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1177_Place-de-DE\Content\css\styles.css
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1177_Place-de-DE\Content\de\index.html
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1177_Place-de-DE\Icons\0.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1177_Place-de-DE\Icons\1.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1177_Place-de-DE\Icons\2.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1177_Place-de-DE\Icons\3.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1177_Place-de-DE\Icons\4.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1177_Place-de-DE\Icons\5.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1177_Place-de-DE\Icons\logo.png
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1177_Place-de-DE\Icons\Thumbs.db
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1251_Place-de-DE.zip
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1251_Place-de-DE\Content\css\styles.css
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1251_Place-de-DE\Content\de\index.html
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1251_Place-de-DE\Icons\0.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1251_Place-de-DE\Icons\1.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1251_Place-de-DE\Icons\2.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1251_Place-de-DE\Icons\3.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1251_Place-de-DE\Icons\4.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1251_Place-de-DE\Icons\5.ico
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Places\1251_Place-de-DE\Icons\logo.png
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\Setup.exe
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\tinstallwb.exe
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\WBDJA44I.DLL
c:\users\Sandra\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\WBTOS45I.DLL
c:\users\Sandra\AppData\Roaming\Toshiba\pcdiag\v3.0\wbeminfo.log
c:\users\Sandra\AppData\Roaming\Toshiba\pcdiag\v3.0\wbemQFE.log
c:\users\Sandra\AppData\Roaming\Toshiba\pcdiag\v3.0\wbemSoundDev.log
c:\users\Sandra\AppData\Roaming\Toshiba\ReelTime\Backup\ReelTime.MRUAppData.dat
c:\users\Sandra\AppData\Roaming\Toshiba\ReelTime\Backup\ReelTime.MRUFileData.dat
c:\users\Sandra\AppData\Roaming\Toshiba\ReelTime\Backup\ReelTimeMonitorData.dat
c:\users\Sandra\AppData\Roaming\Toshiba\ReelTime\Exception.log
c:\users\Sandra\AppData\Roaming\Toshiba\ReelTime\ReelTime.MRUAppData.dat
c:\users\Sandra\AppData\Roaming\Toshiba\ReelTime\ReelTime.MRUFileData.dat
c:\users\Sandra\AppData\Roaming\Toshiba\ReelTime\ReelTime.setting.xml
c:\users\Sandra\AppData\Roaming\Toshiba\ReelTime\ReelTimeMonitorData.dat
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-13 bis 2012-09-13 ))))))))))))))))))))))))))))))
.
.
2012-09-13 20:11 . 2012-09-13 20:11 -------- d-----w- c:\programdata\Toshiba
2012-09-13 20:07 . 2012-09-13 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-13 20:00 . 2012-09-13 20:00 -------- d-----w- c:\users\Sandra\AppData\Roaming\TOSHIBA
2012-09-12 19:06 . 2012-09-12 19:06 -------- d-----w- C:\_OTL
2012-09-12 13:05 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:05 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:05 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:05 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 13:05 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:05 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:05 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 12:08 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E19A7BF5-3230-4DA8-9FED-91EE650EBCA0}\mpengine.dll
2012-09-05 22:29 . 2012-09-05 22:29 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-02 22:17 . 2012-09-02 22:17 -------- d-----w- c:\users\Sandra\AppData\Roaming\Malwarebytes
2012-09-02 22:17 . 2012-09-02 22:17 -------- d-----w- c:\programdata\Malwarebytes
2012-09-02 22:17 . 2012-09-02 22:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-02 22:17 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 12:50 . 2012-08-31 12:50 -------- d-----r- c:\users\Sandra\Dropbox
2012-08-31 12:47 . 2012-09-01 00:23 -------- d-----w- c:\users\Sandra\AppData\Roaming\Dropbox
2012-08-17 13:11 . 2012-08-17 13:11 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 21:45 . 2011-10-28 05:25 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-25 00:35 . 2012-04-01 21:55 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-25 00:35 . 2011-11-10 22:06 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-5-18 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 250568]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\Bootprio\tdeio64.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-05 828336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 204288]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-09 162824]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9256960]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 300544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:35]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14 00:11]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14 00:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-12 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-05-18 150992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Sandra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-13 22:42:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-13 20:42
.
Vor Suchlauf: 8 Verzeichnis(se), 300.006.641.664 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 299.849.449.472 Bytes frei
.
- - End Of File - - 6CF1A89E6F50EF5A738314E0C4E19182
cosinus... hab grad gesehen, dass das "Music Place" von Toshiba ist. Man könnte es mit rechter Maustaste "ausblenden". Ich hab jetzt aber trotzdem mal alles so gelassen und nichts verändert. Oh, ich bin Dir ja sooooo dankbar! |
|
14.09.2012, 14:21
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/2012-0507.DD.2 bei Avira gefunden Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.09.2012, 19:06
| #23 |
| | EXP/2012-0507.DD.2 bei Avira gefunden Hallo cosinus! hab alles erledigt. :-) Bei "GMER" kam eine Meldung, dass nichts gefunden wurde. Ein Log wurde gar nicht erst angezeigt... Hier aber die beiden anderen: 1. Osam OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:11:04 on 14.09.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\MLCFG32.CPL "Nero BurnRights 10" - "Nero AG" - c:\Program Files (x86)\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys "Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys "Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys "Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys "TDEIO" (TDEIO) - ? - c:\Windows\SysWOW64\sysprep\Bootprio\tdeio64.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - c:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\OLKFSTUB.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "{7530BFB8-7293-4D34-9923-61A11451AFC5}" - ? - (File not found | COM-object registry key not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} "@C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229" - "TODO: <会社名>" - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? - (File not found | COM-object registry key not found) {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {F3C88694-EFFA-4d78-B409-54B7B2535B14} "TOSHIBA Media Controller Plug-in" - "<TOSHIBA>" - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "Toshiba Places Icon Utility.lnk" - "Toshiba" - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "TOPI.EXE" - "TOSHIBA" - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe "NBAgent" - "Nero AG" - "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "ToshibaServiceStation" - "TOSHIBA Corporation" - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - c:\Program Files (x86)\Nero\Update\NASvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe "Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE "ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe "ConfigFree WiMAX Service" (cfWiMAXService) - "TOSHIBA CORPORATION" - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe "GamesAppService" (GamesAppService) - "WildTangent, Inc." - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe "GFNEX Service" (GFNEXSrv) - ? - C:\Windows\System32\GFNEXSrv.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Notebook Performance Tuning Service (TEMPRO)" (TemproMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe "TMachInfo" (TMachInfo) - "TOSHIBA Corporation" - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe "TOSHIBA eco Utility Service" (TOSHIBA eco Utility Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TECO\TecoService.exe "TOSHIBA HDD SSD Alert Service" (TOSHIBA HDD SSD Alert Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe "TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe "TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe "TPCH Service" (TPCHSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] 2. aswMBR Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 19:28:07
-----------------------------
19:28:07.614 OS Version: Windows x64 6.1.7601 Service Pack 1
19:28:07.614 Number of processors: 4 586 0x100
19:28:07.614 ComputerName: TOSHIBA UserName: Sandra
19:28:09.346 Initialize success
19:29:31.316 AVAST engine defs: 12091400
19:30:39.831 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
19:30:39.847 Disk 0 Vendor: Hitachi_HTS547575A9E384 JE4OA60B Size: 715404MB BusType: 11
19:30:39.862 Disk 0 MBR read successfully
19:30:39.862 Disk 0 MBR scan
19:30:39.878 Disk 0 Windows 7 default MBR code
19:30:39.893 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
19:30:39.909 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 357392 MB offset 821248
19:30:39.925 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 357611 MB offset 732760064
19:30:39.987 Disk 0 scanning C:\Windows\system32\drivers
19:30:49.799 Service scanning
19:31:20.641 Modules scanning
19:31:20.656 Disk 0 trace - called modules:
19:31:20.672 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:31:21.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065b9060]
19:31:21.187 3 CLASSPNP.SYS[fffff8800187343f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa80063241f0]
19:31:22.169 AVAST engine scan C:\Windows
19:31:25.149 AVAST engine scan C:\Windows\system32
19:34:24.518 AVAST engine scan C:\Windows\system32\drivers
19:34:36.561 AVAST engine scan C:\Users\Sandra
19:43:46.946 AVAST engine scan C:\ProgramData
19:47:00.324 Scan finished successfully
20:01:07.967 Disk 0 MBR has been saved successfully to "C:\Users\Sandra\Desktop\MBR.dat"
20:01:07.967 The log file has been saved successfully to "C:\Users\Sandra\Desktop\aswMBR.txt"
|
|
14.09.2012, 23:03
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/2012-0507.DD.2 bei Avira gefunden Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.09.2012, 15:01
| #25 |
| | EXP/2012-0507.DD.2 bei Avira gefunden Hallo cosinus! Hier die aktuellen Logs..... Liebe Grüße und ein schönes Wochenende!!! Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.14.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sandra :: TOSHIBA [Administrator] 15.09.2012 06:23:27 mbam-log-2012-09-15 (06-23-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 371509 Laufzeit: 1 Stunde(n), 2 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) SuperAntiSpyware: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/15/2012 at 03:24 PM
Application Version : 5.5.1016
Core Rules Database Version : 9234
Trace Rules Database Version: 7046
Scan type : Complete Scan
Total Scan Time : 01:05:41
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 884
Memory threats detected : 0
Registry items scanned : 66596
Registry threats detected : 0
File items scanned : 47078
File threats detected : 15
Adware.Tracking Cookie
C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\RNP9AFL3.txt [ /ads.creative-serving.com ]
C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\SHYO3AQE.txt [ /imrworldwide.com ]
C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\04X1GM2I.txt [ /ww251.smartadserver.com ]
C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\82AVXGMZ.txt [ /smartadserver.com ]
C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\KTEE03OV.txt [ /adform.net ]
C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\T52EJ7X6.txt [ /adfarm1.adition.com ]
C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\G4WXKOEO.txt [ /server.adform.net ]
C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\7LY5WF3D.txt [ /invitemedia.com ]
C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\WIL2Q1JT.txt [ /ad1.wochenblatt.de ]
C:\USERS\SANDRA\Cookies\SHYO3AQE.txt [ Cookie:sandra@imrworldwide.com/cgi-bin ]
C:\USERS\SANDRA\Cookies\82AVXGMZ.txt [ Cookie:sandra@smartadserver.com/ ]
C:\USERS\SANDRA\Cookies\KTEE03OV.txt [ Cookie:sandra@adform.net/ ]
C:\USERS\SANDRA\Cookies\T52EJ7X6.txt [ Cookie:sandra@adfarm1.adition.com/ ]
C:\USERS\SANDRA\Cookies\G4WXKOEO.txt [ Cookie:sandra@server.adform.net/ ]
C:\USERS\SANDRA\Cookies\7LY5WF3D.txt [ Cookie:sandra@invitemedia.com/ ]
|
|
16.09.2012, 15:41
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/2012-0507.DD.2 bei Avira gefundenCode:
ATTFilter UAC On - Limited User
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.09.2012, 16:07
| #27 |
| | EXP/2012-0507.DD.2 bei Avira gefunden Hallo Cosinus! Mit rechts als Admin.... denk ich. Hab mir die Anleitung ausgedruckt und Schritt für Schritt gemacht... Soll ich den Scan nochmal machen? |
|
16.09.2012, 18:55
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/2012-0507.DD.2 bei Avira gefunden Offensichtlich bist du dir nicht sicher wie du SUPERAntiSpyware gestartet hast, also mach es bitte nochmal richtig
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.09.2012, 20:25
| #29 |
| | EXP/2012-0507.DD.2 bei Avira gefunden So, ich habs nun nochmal laufen lassen. Also das Programm mit rechter Maustaste als Admin gestartet. Hier das Ergebnis: Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 09/16/2012 bei 09:19 PM
Version der Applikation : 5.5.1016
Version der Kern-Datenbank : 9236
Version der Spur-Datenbank : 7048
Scan Art : kompletter Scann
Totale Scann-Zeit : 02:10:41
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Gescannte Speicherelemente : 865
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 66596
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 151679
Erfasste Datei-Elemente : 0
|
|
17.09.2012, 10:29
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/2012-0507.DD.2 bei Avira gefunden Das Tool hat da offensichtlich einen Bug...es zeigt immer noch limiet user an Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu EXP/2012-0507.DD.2 bei Avira gefunden |
| .dll, administratorrechte, anti-malware, appdata, autostart, avg, avira, bytes, datei, desktop, explorer, free, home, java, löschen, modul, neustart, programm, prozesse, registry, starten, svchost.exe, versteckte, verweise, warnung, windows |
Linear-Darstellung
