| |
| |||||||
Log-Analyse und Auswertung: Polizei Trojaner - nur abgesicherter Modus mit Eingabeaufforderung funktioniertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
20.01.2013, 11:18
| #1 |
| |  Polizei Trojaner - nur abgesicherter Modus mit Eingabeaufforderung funktioniert Hallo Leute, Ich habe mir vor 2 Tagen den (österr.) Polizei Trojaner eingefangen und nun kann ich meinen Computer nur mehr im abgesichterten Modus mit Eingabeaufforderung starten, ohne dass der typische Blockierbildschirm kommt. Ich habe mich hier ein wenig über ähnliche Fälle informiert und mir so eine Reatogo Boot CD gebrannt um OTPLE auszuführen. Den Scan habe ich durchgeführt und wollte hier nun fragen ob mir wer bei der Auswertung der Files helfen kann. Vielen Dank schon mal. Anbei die Log-files otl.txt und extra.txt Code:
ATTFilter
OTL logfile created on: 1/20/2013 10:53:40 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 3.17 Gb Free Space | 2.73% Space Free | Partition Type: NTFS
Drive D: | 115.13 Gb Total Space | 1.26 Gb Free Space | 1.10% Space Free | Partition Type: NTFS
Drive E: | 3.60 Gb Total Space | 2.59 Gb Free Space | 71.97% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/01/18 13:41:28 | 000,143,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Users\Stefan\AppData\Local\Temp\wpbt0.dll -- (Winmgmt)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/08 14:15:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 14:15:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/23 06:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/08 12:30:54 | 000,194,048 | ---- | M] (Telefónica I+D) [Auto] -- C:\Program Files\Movistar\Escritorio Movistar\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010/03/04 16:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008/08/25 02:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/07/18 13:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/05 11:05:55 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) [Auto] -- C:\Program Files\SIMULIA\Documentation\monitor.exe -- (Texis Monitor)
SRV - [2008/04/24 03:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/16 17:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 09:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/03 10:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 10:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 09:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/17 07:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2012/05/08 14:15:38 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 14:15:38 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 10:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/03/23 06:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/12/08 07:19:22 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/12/07 06:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/11/27 10:53:24 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/12 07:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/12 02:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/10/08 10:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/08 21:18:16 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2008/11/16 11:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/18 11:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/15 12:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/06/20 05:37:06 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/04/27 23:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/04/15 03:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/02/15 11:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/10 12:34:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/11/09 07:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/08/08 15:06:40 | 000,023,424 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewdcsc.sys -- (Huawei)
DRV - [2007/07/30 04:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 03:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 10:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 07:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/23 09:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 04:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005/10/18 04:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Stefan_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\Stefan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\Stefan_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\Stefan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\System32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@Senseless.TV: C:\Users\Stefan\AppData\Roaming\SenselessTV\ffextension [2012/12/23 07:33:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/01/01 11:12:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@Senseless.TV: C:\Users\Stefan\AppData\Roaming\SenselessTV\ffextension [2012/12/23 07:33:37 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SenselessTV Video Plugin) - {991D97B8-F0D8-4EA1-9100-7A65EA2D3A63} - C:\Users\Stefan\AppData\Roaming\SenselessTV\bho.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\Stefan_ON_C\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKU\Stefan_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe (Corel Corporation)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SmoothView] File not found
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Stefan_ON_C..\Run: [Spotify Web Helper] C:\Users\Stefan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\Stefan_ON_C..\Run: [TOSCDSPD] File not found
O4 - HKU\Stefan_ON_C..\Run: [Winsweep] C:\Users\Stefan\AppData\Roaming\WinSweep\WinSweep.exe (Software-Entwicklung Frank Oliver Dzewas)
O4 - HKU\Stefan_ON_C..\Run: [Winsweep Popupblocker] File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - Reg Error: Key error. File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/12/18 13:49:28 | 000,000,000 | ---D | M] - E:\Automation -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{31b28bf2-db6d-11de-af48-001e33a8ab28}\Shell - "" = AutoRun
O33 - MountPoints2\{31b28bf2-db6d-11de-af48-001e33a8ab28}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{60bbddc8-6aa9-11e0-b973-001e33a8ab28}\Shell - "" = AutoRun
O33 - MountPoints2\{60bbddc8-6aa9-11e0-b973-001e33a8ab28}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{61ec95a1-2d9e-11df-8907-001e33a8ab28}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\vmfoP.Exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/20 10:49:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/18 12:01:07 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Mozilla
[2013/01/17 12:00:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\MATLAB
[2013/01/17 11:58:42 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\MathWorks
[2013/01/17 11:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
[2013/01/17 11:49:17 | 000,407,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSHFLXGD.OCX
[2013/01/17 11:49:17 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2013/01/17 11:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\MATLAB
[2013/01/17 10:24:41 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Free Download Manager
[2013/01/17 10:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2013/01/17 10:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2013/01/17 10:23:29 | 007,681,100 | ---- | C] (FreeDownloadManager.ORG ) -- C:\Users\Stefan\Desktop\fd88minst.exe
[2012/12/23 07:33:37 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\SenselessTV
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Stefan\Desktop\*.tmp files -> C:\Users\Stefan\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/19 13:09:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/19 12:43:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/19 12:43:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/19 07:00:13 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2013/01/19 06:42:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/19 06:42:54 | 3082,805,248 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/19 06:41:05 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2013/01/18 13:42:19 | 000,001,356 | ---- | M] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat
[2013/01/18 13:41:44 | 000,003,176 | ---- | M] () -- C:\ProgramData\0tbpw.js
[2013/01/18 13:41:44 | 000,000,913 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/18 11:36:07 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/18 11:36:07 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/18 11:36:07 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/18 11:36:07 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/18 10:34:53 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/17 11:50:01 | 000,001,022 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2011b.lnk
[2013/01/17 11:50:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
[2013/01/17 11:26:59 | 000,053,248 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/17 10:24:28 | 000,000,893 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Download Manager.lnk
[2013/01/17 10:24:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2013/01/17 10:23:29 | 007,681,100 | ---- | M] (FreeDownloadManager.ORG ) -- C:\Users\Stefan\Desktop\fd88minst.exe
[2013/01/08 03:18:00 | 002,848,990 | ---- | M] () -- C:\Users\Stefan\Documents\kolbenringe.xps
[2013/01/01 11:12:35 | 000,001,400 | ---- | M] () -- C:\Users\Stefan\Desktop\DivX Movies.lnk
[2013/01/01 11:12:07 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/01/01 11:12:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013/01/01 11:11:50 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/12/27 15:34:52 | 000,084,437 | ---- | M] () -- C:\Users\Stefan\Desktop\115500458.sLMAJs2Q.ViennaOct08133.jpg
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Stefan\Desktop\*.tmp files -> C:\Users\Stefan\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/19 06:42:54 | 3082,805,248 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/18 13:41:44 | 000,003,176 | ---- | C] () -- C:\ProgramData\0tbpw.js
[2013/01/18 13:41:44 | 000,000,913 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/18 13:41:35 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2013/01/17 11:50:01 | 000,001,022 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2011b.lnk
[2013/01/17 11:49:41 | 000,000,548 | ---- | C] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2013/01/17 11:48:55 | 000,645,120 | ---- | C] () -- C:\Windows\System32\config.gms
[2013/01/17 10:24:28 | 000,000,893 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Download Manager.lnk
[2013/01/08 03:18:00 | 002,848,990 | ---- | C] () -- C:\Users\Stefan\Documents\kolbenringe.xps
[2013/01/01 11:12:35 | 000,001,400 | ---- | C] () -- C:\Users\Stefan\Desktop\DivX Movies.lnk
[2013/01/01 11:12:07 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/01/01 11:11:50 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/12/27 15:34:52 | 000,084,437 | ---- | C] () -- C:\Users\Stefan\Desktop\115500458.sLMAJs2Q.ViennaOct08133.jpg
[2012/10/16 15:00:20 | 000,108,544 | ---- | C] () -- C:\ProgramData\ucekgypa.exe
[2012/10/16 15:00:15 | 000,074,137 | ---- | C] () -- C:\ProgramData\mvcdhudzfiqcpwe
[2011/05/29 16:58:44 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/05/29 16:57:02 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2010/10/30 06:58:51 | 000,010,709 | ---- | C] () -- C:\Windows\hpwscr19.dat
[2010/10/30 06:57:42 | 000,202,713 | ---- | C] () -- C:\Windows\hpwins19.dat
[2010/10/30 06:57:42 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat
[2010/09/04 01:30:41 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/07/24 10:49:25 | 000,001,356 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat
[2010/06/08 08:19:24 | 000,692,224 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2010/06/08 08:19:24 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2010/03/23 06:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009/05/22 04:34:38 | 000,000,016 | -H-- | C] () -- C:\Users\Stefan\AppData\Roaming\mxfilerelatedcache.mxc2
[2009/05/22 04:34:38 | 000,000,016 | -H-- | C] () -- C:\Users\Stefan\AppData\mxfilerelatedcache.mxc2
[2009/05/22 04:34:38 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2009/05/22 04:34:36 | 000,000,016 | -H-- | C] () -- C:\Users\Stefan\AppData\Local\mxfilerelatedcache.mxc2
[2009/05/22 04:19:30 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll
[2009/05/22 04:19:30 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll
[2009/05/09 06:33:43 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/05/09 06:33:40 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/09 06:33:39 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/09 06:33:38 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/02 05:42:39 | 000,006,504 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\PrimoPDFSet.xml
[2009/05/02 05:41:57 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/04/08 18:10:59 | 000,053,248 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 04:19:49 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/08 04:19:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/08 02:20:37 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/04/08 02:20:37 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/04/08 02:20:37 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/04/08 02:20:37 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/10/07 03:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 03:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/04 05:30:01 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/08/04 05:30:01 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/04 05:29:59 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/08/04 05:29:59 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/08/04 05:29:58 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/07/03 04:34:43 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/07/03 04:27:11 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008/07/03 04:17:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/07/03 04:17:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/07/03 04:17:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/07/03 04:17:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/07/03 04:17:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/07/03 04:17:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/07/03 03:51:19 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat
[2008/07/03 03:51:19 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat
[2008/07/03 03:51:19 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/07/03 03:51:19 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/07/03 03:51:19 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/07/03 03:51:19 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/07/03 02:57:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/28 11:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2008/01/21 02:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 02:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/12/21 09:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/05/09 18:39:28 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLdNL.DLL
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,419,840 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/18 04:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2005/09/28 10:26:34 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini
[2005/07/22 14:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
========== LOP Check ==========
[2012/08/21 02:16:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\A1 Servicecenter
[2012/12/27 16:03:52 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Azureus
[2012/03/01 02:43:48 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Babylon
[2010/09/04 01:30:55 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Canneverbe Limited
[2013/01/17 11:14:24 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DAEMON Tools Lite
[2011/10/08 07:26:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoft
[2011/10/08 07:25:11 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/01/17 11:12:02 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Free Download Manager
[2011/10/23 16:16:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GetRight
[2012/03/23 09:18:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GetRightToGo
[2011/09/18 11:12:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\gtk-2.0
[2011/10/17 02:38:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Mobipocket
[2012/08/21 02:21:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\mquadr.at
[2009/07/04 12:39:20 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\myphotobook
[2009/04/08 04:34:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Opera
[2012/12/23 07:33:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SenselessTV
[2011/03/14 11:19:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Softplicity
[2012/11/21 13:54:17 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Spotify
[2011/04/19 16:28:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Telefónica
[2009/05/14 09:19:58 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Toshiba
[2010/11/27 06:32:44 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TuneUp Software
[2011/09/27 03:10:25 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\WinSweep
[2011/10/21 10:03:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\XMedia Recode
[2009/04/08 02:12:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/03/01 02:43:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2010/09/04 01:30:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2009/05/19 15:30:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2009/11/27 10:52:28 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/04/08 02:12:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/04/08 02:12:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/04/08 03:46:26 | 000,000,000 | ---D | M] -- C:\ProgramData\IsolatedStorage
[2012/08/21 02:21:29 | 000,000,000 | ---D | M] -- C:\ProgramData\m2backup
[2012/08/21 02:16:58 | 000,000,000 | ---D | M] -- C:\ProgramData\m2portal
[2008/07/03 04:28:40 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2012/08/21 02:20:33 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2009/11/19 12:44:15 | 000,000,000 | ---D | M] -- C:\ProgramData\National Instruments
[2012/10/16 15:00:20 | 000,000,000 | ---D | M] -- C:\ProgramData\nhyiupfubrtlidq
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/04/08 02:12:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/10/20 01:52:30 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/04/08 02:19:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba
[2009/04/08 02:17:09 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2010/11/27 06:32:35 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2008/07/03 04:17:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2009/04/08 02:12:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/09/06 13:03:20 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/07/03 08:05:54 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2012/08/21 02:18:24 | 000,000,000 | -H-D | M] -- C:\ProgramData\{605AE1A0-14F6-482E-99EB-62B6E9D9474E}
[2012/08/21 02:18:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\{6789B11A-FBE5-4DBD-8487-E346A9DBDCD0}
[2012/08/21 02:19:41 | 000,000,000 | -H-D | M] -- C:\ProgramData\{8E6CEEA5-9AE9-4FCA-83CB-ADBFDD856DC6}
[2012/02/20 06:01:46 | 000,000,000 | -H-D | M] -- C:\ProgramData\{AA8ED54A-22C1-4CAF-809C-EF137A8D3C2E}
[2011/10/17 02:46:57 | 000,000,000 | -H-D | M] -- C:\ProgramData\{AACD5E81-4AE2-4E76-847B-315E24090C4C}
[2010/11/27 06:31:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/01/19 07:00:13 | 000,000,548 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
[2013/01/18 01:31:05 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\Stefan\Desktop\Rebeca 1940.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Stefan\Desktop\1962.flv:TOC.WMV
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:7631EA83
< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 1/20/2013 10:53:40 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 3.17 Gb Free Space | 2.73% Space Free | Partition Type: NTFS
Drive D: | 115.13 Gb Total Space | 1.26 Gb Free Space | 1.10% Space Free | Partition Type: NTFS
Drive E: | 3.60 Gb Total Space | 2.59 Gb Free Space | 71.97% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpid.exe" = C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpid.exe:LocalSubNet:Enabled:mpid.exe -- ()
"C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpirun.exe" = C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpirun.exe:LocalSubNet:Enabled:mpirun.exe -- ()
"C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpidiag.exe" = C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpidiag.exe:LocalSubNet:Enabled:mpidiag.exe
"C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpisrvutil.exe" = C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpisrvutil.exe:LocalSubNet:Enabled:mpisrvutil.exe
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{291A06BB-7145-443F-9257-8913A928BD40}" = A1 Webassistent
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{743EE0D1-9E28-4410-AFDA-19DA9ED4CE09}_is1" = WinSweep 7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E4FBD52-148F-49EE-AFCC-96FB498F4D7D}" = A1 Servicecenter
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EEA1427-5C0D-469F-9FC6-A622A99D98EB}" = Trixie
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{905A7A49-C6AE-4F77-8E69-AE8B9629D719}" = A1 Internet Software
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B27154AB-89DD-4A3C-9A98-6834C2646E31}" = UniLex Pro
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE9B7817-E580-445c-ADD7-3D9C76124A0F}" = PONS Deutsch-Spanisch
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC1F1209-E48D-38B0-BE25-B37C6BFCF676}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4967)
"{EC1F1209-E48D-38B0-BE25-B37C6BFCF676}.vc_x86runtime_30729_4967" = Visual C++ 2008 x86 Runtime - v9.0.30729.4967
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"A1 Internet Software" = A1 Internet Software
"A1 Servicecenter" = A1 Servicecenter
"A1 Webassistent" = A1 Webassistent
"Abaqus 6.11 Student Edition" = Abaqus 6.11 Student Edition
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Buensoft Alemán_is1" = Buensoft Alemán 2004
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Derive 6 Trial Edition" = Derive 6 Trial Edition
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Download Manager_is1" = Free Download Manager 3.9.2
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"GetRight_is1" = GetRight
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP PrecisionScan LTX" = HP PrecisionScan LTX
"HP-MPI_is1" = HP-MPI 1.1
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 3.10.02.00
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.0 (Full)
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Matlab R2011b" = MATLAB R2011b
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"movistarES" = Escritorio Movistar
"myphotobook" = myphotobook 3.5
"Opera 12.12.1707" = Opera 12.12
"Picasa 3" = Picasa 3
"PONS Deutsch-Spanisch" = PONS Deutsch-Spanisch
"PrimoPDF4.1.0.9" = PrimoPDF
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"Scan-To-Web" = HP Scan-to-Web Wizard
"Scribus 1.3.3.14" = Scribus 1.3.3.14
"Selingua" = Selingua
"Senseless.TV Video Plugin" = Senseless.TV Video Plugin 1.0
"SopCast" = SopCast 3.0.3
"Spotify" = Spotify
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Total Audio Converter_is1" = TotalAudioConverter
"TVAnts 1.0" = TVAnts 1.0
"UniLex Pro" = UniLex Pro
"VLC media player" = VLC media player 1.1.11
"vShare" = vShare Plugin
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 3.0.3.4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\Stefan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam
< End of report >
|
|
20.01.2013, 14:32
| #2 |
| /// Malware-holic   | Polizei Trojaner - nur abgesicherter Modus mit Eingabeaufforderung funktioniert hi
__________________kein Wunder, wenn du dein System nicht mit Updates versorgst! auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
[2013/01/18 13:41:44 | 000,003,176 | ---- | C] () -- C:\ProgramData\0tbpw.js
[2013/01/18 13:41:44 | 000,000,913 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/18 13:41:35 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2013/01/17 11:50:01 | 000,001,022 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2011b.lnk
:Files
C:\Users\Stefan\AppData\Local\Temp\wpbt0.dll
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
20.01.2013, 22:29
| #3 |
| | Polizei Trojaner - nur abgesicherter Modus mit Eingabeaufforderung funktioniert Hallo Markus,
__________________Vielen Dank! Ich kann jetzt wieder normal starten und der Blockierbildschirm kommt nicht. Den Moved_files.zip-Ordner konnte ich ohne Probleme uploaden. Welche weiteren Schritte gibt es nun? |
|
21.01.2013, 12:45
| #4 |
| /// Malware-holic | Polizei Trojaner - nur abgesicherter Modus mit Eingabeaufforderung funktioniert hi, upload hat geklappt. 1.: http://download.bleepingcomputer.com...ta/Winmgmt.reg laden, doppelklicken, nachfrage bestätigen, neustarten. 2. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2013, 14:24
| #5 |
| | Polizei Trojaner - nur abgesicherter Modus mit Eingabeaufforderung funktioniert So, hab alles weitere durchgeführt. Anbei das LOG des TDSS Killers: Code:
ATTFilter
14:19:00.0524 4184 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:19:00.0613 4184 ============================================================
14:19:00.0613 4184 Current date / time: 2013/01/21 14:19:00.0613
14:19:00.0613 4184 SystemInfo:
14:19:00.0613 4184
14:19:00.0613 4184 OS Version: 6.0.6001 ServicePack: 1.0
14:19:00.0613 4184 Product type: Workstation
14:19:00.0613 4184 ComputerName: STEFAN-PC
14:19:00.0613 4184 UserName: Stefan
14:19:00.0613 4184 Windows directory: C:\Windows
14:19:00.0613 4184 System windows directory: C:\Windows
14:19:00.0613 4184 Processor architecture: Intel x86
14:19:00.0613 4184 Number of processors: 2
14:19:00.0614 4184 Page size: 0x1000
14:19:00.0614 4184 Boot type: Normal boot
14:19:00.0614 4184 ============================================================
14:19:01.0338 4184 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:19:01.0340 4184 ============================================================
14:19:01.0340 4184 \Device\Harddisk0\DR0:
14:19:01.0340 4184 MBR partitions:
14:19:01.0340 4184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xE893000
14:19:01.0340 4184 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEB81800, BlocksNum 0xE643970
14:19:01.0340 4184 ============================================================
14:19:01.0415 4184 C: <-> \Device\Harddisk0\DR0\Partition1
14:19:01.0467 4184 E: <-> \Device\Harddisk0\DR0\Partition2
14:19:01.0468 4184 ============================================================
14:19:01.0468 4184 Initialize success
14:19:01.0468 4184 ============================================================
14:21:21.0009 5508 ============================================================
14:21:21.0009 5508 Scan started
14:21:21.0009 5508 Mode: Manual; SigCheck; TDLFS;
14:21:21.0009 5508 ============================================================
14:21:21.0985 5508 ================ Scan system memory ========================
14:21:21.0985 5508 System memory - ok
14:21:21.0985 5508 ================ Scan services =============================
14:21:22.0149 5508 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
14:21:22.0265 5508 ACPI - ok
14:21:22.0334 5508 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:21:22.0380 5508 adp94xx - ok
14:21:22.0445 5508 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:21:22.0479 5508 adpahci - ok
14:21:22.0514 5508 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:21:22.0533 5508 adpu160m - ok
14:21:22.0575 5508 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:21:22.0594 5508 adpu320 - ok
14:21:22.0652 5508 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:21:22.0735 5508 AeLookupSvc - ok
14:21:22.0814 5508 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
14:21:22.0895 5508 AFD - ok
14:21:22.0933 5508 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
14:21:22.0987 5508 AgereModemAudio - ok
14:21:23.0044 5508 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
14:21:23.0184 5508 AgereSoftModem - ok
14:21:23.0224 5508 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:21:23.0241 5508 agp440 - ok
14:21:23.0274 5508 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:21:23.0293 5508 aic78xx - ok
14:21:23.0335 5508 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
14:21:23.0367 5508 ALG - ok
14:21:23.0393 5508 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
14:21:23.0408 5508 aliide - ok
14:21:23.0452 5508 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:21:23.0468 5508 amdagp - ok
14:21:23.0509 5508 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
14:21:23.0524 5508 amdide - ok
14:21:23.0563 5508 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:21:23.0618 5508 AmdK7 - ok
14:21:23.0625 5508 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:21:23.0661 5508 AmdK8 - ok
14:21:23.0777 5508 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:21:23.0789 5508 AntiVirSchedulerService - ok
14:21:23.0852 5508 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:21:23.0861 5508 AntiVirService - ok
14:21:23.0919 5508 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
14:21:23.0960 5508 Appinfo - ok
14:21:23.0981 5508 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
14:21:23.0999 5508 arc - ok
14:21:24.0055 5508 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:21:24.0073 5508 arcsas - ok
14:21:24.0103 5508 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:21:24.0156 5508 AsyncMac - ok
14:21:24.0172 5508 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys
14:21:24.0188 5508 atapi - ok
14:21:24.0212 5508 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:21:24.0253 5508 AudioEndpointBuilder - ok
14:21:24.0279 5508 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:21:24.0306 5508 Audiosrv - ok
14:21:24.0364 5508 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:21:24.0412 5508 avgntflt - ok
14:21:24.0492 5508 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:21:24.0512 5508 avipbb - ok
14:21:24.0546 5508 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:21:24.0561 5508 avkmgr - ok
14:21:24.0611 5508 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:21:24.0652 5508 Beep - ok
14:21:24.0709 5508 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
14:21:24.0757 5508 BFE - ok
14:21:24.0810 5508 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
14:21:24.0884 5508 BITS - ok
14:21:24.0898 5508 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:21:24.0948 5508 blbdrive - ok
14:21:24.0981 5508 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:21:25.0039 5508 bowser - ok
14:21:25.0096 5508 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:21:25.0140 5508 BrFiltLo - ok
14:21:25.0164 5508 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:21:25.0211 5508 BrFiltUp - ok
14:21:25.0243 5508 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
14:21:25.0298 5508 Browser - ok
14:21:25.0321 5508 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:21:25.0515 5508 Brserid - ok
14:21:25.0545 5508 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:21:25.0620 5508 BrSerWdm - ok
14:21:25.0642 5508 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:21:25.0712 5508 BrUsbMdm - ok
14:21:25.0730 5508 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:21:25.0799 5508 BrUsbSer - ok
14:21:25.0832 5508 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:21:25.0890 5508 BTHMODEM - ok
14:21:25.0907 5508 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:21:25.0947 5508 cdfs - ok
14:21:25.0986 5508 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:21:26.0030 5508 cdrom - ok
14:21:26.0069 5508 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
14:21:26.0104 5508 CertPropSvc - ok
14:21:26.0129 5508 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
14:21:26.0171 5508 circlass - ok
14:21:26.0199 5508 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
14:21:26.0231 5508 CLFS - ok
14:21:26.0315 5508 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:21:26.0333 5508 clr_optimization_v2.0.50727_32 - ok
14:21:26.0428 5508 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:21:26.0440 5508 clr_optimization_v4.0.30319_32 - ok
14:21:26.0483 5508 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:21:26.0529 5508 CmBatt - ok
14:21:26.0551 5508 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:21:26.0566 5508 cmdide - ok
14:21:26.0588 5508 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:21:26.0603 5508 Compbatt - ok
14:21:26.0609 5508 COMSysApp - ok
14:21:26.0712 5508 [ D10D01B2DFCD8D2F32A32ED29E8DA1C2 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
14:21:26.0727 5508 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
14:21:26.0727 5508 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
14:21:26.0733 5508 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:21:26.0749 5508 crcdisk - ok
14:21:26.0772 5508 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:21:26.0824 5508 Crusoe - ok
14:21:26.0871 5508 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:21:26.0897 5508 CryptSvc - ok
14:21:26.0958 5508 [ DBD89BC0DBE00DCD245BE8F61DBEE291 ] cvintdrv C:\Windows\system32\drivers\cvintdrv.sys
14:21:26.0984 5508 cvintdrv ( UnsignedFile.Multi.Generic ) - warning
14:21:26.0984 5508 cvintdrv - detected UnsignedFile.Multi.Generic (1)
14:21:27.0032 5508 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
14:21:27.0072 5508 CVirtA - ok
14:21:27.0185 5508 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
14:21:27.0270 5508 CVPND - ok
14:21:27.0302 5508 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
14:21:27.0356 5508 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
14:21:27.0356 5508 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
14:21:27.0412 5508 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:21:27.0454 5508 DcomLaunch - ok
14:21:27.0500 5508 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:21:27.0540 5508 DfsC - ok
14:21:27.0632 5508 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
14:21:27.0880 5508 DFSR - ok
14:21:27.0941 5508 [ 7F19DBA1A467B838CCB23124A2C55568 ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
14:21:27.0959 5508 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
14:21:27.0959 5508 DgiVecp - detected UnsignedFile.Multi.Generic (1)
14:21:28.0036 5508 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:21:28.0079 5508 Dhcp - ok
14:21:28.0109 5508 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
14:21:28.0127 5508 disk - ok
14:21:28.0195 5508 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
14:21:28.0204 5508 DNE - ok
14:21:28.0242 5508 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:21:28.0294 5508 Dnscache - ok
14:21:28.0331 5508 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
14:21:28.0367 5508 dot3svc - ok
14:21:28.0439 5508 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:21:28.0496 5508 Dot4 - ok
14:21:28.0536 5508 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:21:28.0581 5508 Dot4Print - ok
14:21:28.0606 5508 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:21:28.0650 5508 dot4usb - ok
14:21:28.0670 5508 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
14:21:28.0714 5508 DPS - ok
14:21:28.0759 5508 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:21:28.0798 5508 drmkaud - ok
14:21:28.0839 5508 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:21:28.0945 5508 DXGKrnl - ok
14:21:28.0987 5508 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:21:29.0032 5508 E1G60 - ok
14:21:29.0046 5508 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
14:21:29.0077 5508 EapHost - ok
14:21:29.0105 5508 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:21:29.0129 5508 Ecache - ok
14:21:29.0191 5508 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:21:29.0235 5508 ehRecvr - ok
14:21:29.0252 5508 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
14:21:29.0291 5508 ehSched - ok
14:21:29.0307 5508 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
14:21:29.0330 5508 ehstart - ok
14:21:29.0373 5508 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:21:29.0408 5508 elxstor - ok
14:21:29.0452 5508 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:21:29.0555 5508 EMDMgmt - ok
14:21:29.0574 5508 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:21:29.0613 5508 ErrDev - ok
14:21:29.0671 5508 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
14:21:29.0711 5508 EventSystem - ok
14:21:29.0750 5508 [ 4B36D96340200512C7974307D0F7D8B3 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
14:21:29.0797 5508 ewusbnet - ok
14:21:29.0823 5508 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
14:21:29.0878 5508 exfat - ok
14:21:29.0893 5508 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:21:29.0944 5508 fastfat - ok
14:21:30.0015 5508 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:21:30.0059 5508 fdc - ok
14:21:30.0086 5508 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:21:30.0132 5508 fdPHost - ok
14:21:30.0145 5508 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:21:30.0207 5508 FDResPub - ok
14:21:30.0229 5508 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:21:30.0245 5508 FileInfo - ok
14:21:30.0270 5508 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:21:30.0321 5508 Filetrace - ok
14:21:30.0444 5508 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
14:21:30.0607 5508 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
14:21:30.0607 5508 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
14:21:30.0632 5508 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:21:30.0675 5508 flpydisk - ok
14:21:30.0695 5508 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:21:30.0717 5508 FltMgr - ok
14:21:30.0789 5508 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:21:30.0798 5508 FontCache3.0.0.0 - ok
14:21:30.0812 5508 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:21:30.0849 5508 Fs_Rec - ok
14:21:30.0889 5508 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
14:21:30.0919 5508 FwLnk - ok
14:21:30.0941 5508 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:21:30.0958 5508 gagp30kx - ok
14:21:31.0033 5508 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
14:21:31.0147 5508 gpsvc - ok
14:21:31.0265 5508 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:21:31.0273 5508 gupdate - ok
14:21:31.0294 5508 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:21:31.0302 5508 gupdatem - ok
14:21:31.0336 5508 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:21:31.0356 5508 gusvc - ok
14:21:31.0397 5508 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:21:31.0467 5508 HdAudAddService - ok
14:21:31.0495 5508 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:21:31.0532 5508 HDAudBus - ok
14:21:31.0557 5508 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:21:31.0615 5508 HidBth - ok
14:21:31.0636 5508 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:21:31.0696 5508 HidIr - ok
14:21:31.0713 5508 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
14:21:31.0757 5508 hidserv - ok
14:21:31.0786 5508 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:21:31.0833 5508 HidUsb - ok
14:21:31.0857 5508 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:21:31.0884 5508 hkmsvc - ok
14:21:31.0908 5508 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:21:31.0924 5508 HpCISSs - ok
14:21:32.0034 5508 [ B14328CFEEB6B736BE44C2C9DB3B162C ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:21:32.0071 5508 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:21:32.0071 5508 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:21:32.0106 5508 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:21:32.0196 5508 HTTP - ok
14:21:32.0253 5508 [ C1258ADCBE6E51A3C06C234D2BDB81B5 ] Huawei C:\Windows\system32\DRIVERS\ewdcsc.sys
14:21:32.0289 5508 Huawei - ok
14:21:32.0333 5508 [ 1FC7A63148E4F2BD831DAB0DC732026D ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:21:32.0372 5508 hwdatacard - ok
14:21:32.0397 5508 [ A259D3619AA23D4562581067F85E2006 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
14:21:32.0443 5508 hwusbdev - ok
14:21:32.0484 5508 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:21:32.0500 5508 i2omp - ok
14:21:32.0546 5508 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:21:32.0588 5508 i8042prt - ok
14:21:32.0625 5508 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:21:32.0637 5508 iaStor - ok
14:21:32.0662 5508 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:21:32.0695 5508 iaStorV - ok
14:21:32.0775 5508 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:21:32.0868 5508 idsvc - ok
14:21:32.0963 5508 [ 6FB1858D1F0923D122B0331865695041 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
14:21:33.0193 5508 igfx - ok
14:21:33.0218 5508 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:21:33.0233 5508 iirsp - ok
14:21:33.0278 5508 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
14:21:33.0347 5508 IKEEXT - ok
14:21:33.0454 5508 [ B9CBD3DEA7CA02868621173BF7A2AF9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:21:33.0618 5508 IntcAzAudAddService - ok
14:21:33.0652 5508 [ 45C0E97875F0C67B32B814749DF24B30 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
14:21:33.0699 5508 IntcHdmiAddService - ok
14:21:33.0743 5508 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
14:21:33.0758 5508 intelide - ok
14:21:33.0798 5508 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:21:33.0831 5508 intelppm - ok
14:21:33.0862 5508 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:21:33.0895 5508 IPBusEnum - ok
14:21:33.0912 5508 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:21:33.0957 5508 IpFilterDriver - ok
14:21:34.0000 5508 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:21:34.0044 5508 iphlpsvc - ok
14:21:34.0049 5508 IpInIp - ok
14:21:34.0074 5508 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:21:34.0122 5508 IPMIDRV - ok
14:21:34.0149 5508 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:21:34.0202 5508 IPNAT - ok
14:21:34.0222 5508 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:21:34.0271 5508 IRENUM - ok
14:21:34.0292 5508 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:21:34.0309 5508 isapnp - ok
14:21:34.0370 5508 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:21:34.0382 5508 iScsiPrt - ok
14:21:34.0395 5508 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:21:34.0411 5508 iteatapi - ok
14:21:34.0434 5508 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:21:34.0449 5508 iteraid - ok
14:21:34.0478 5508 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:21:34.0494 5508 kbdclass - ok
14:21:34.0522 5508 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:21:34.0571 5508 kbdhid - ok
14:21:34.0602 5508 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
14:21:34.0637 5508 KeyIso - ok
14:21:34.0668 5508 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:21:34.0715 5508 KSecDD - ok
14:21:34.0765 5508 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:21:34.0850 5508 KtmRm - ok
14:21:34.0885 5508 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:21:34.0910 5508 LanmanServer - ok
14:21:34.0953 5508 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:21:34.0999 5508 LanmanWorkstation - ok
14:21:35.0042 5508 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:21:35.0089 5508 lltdio - ok
14:21:35.0124 5508 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:21:35.0160 5508 lltdsvc - ok
14:21:35.0182 5508 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:21:35.0233 5508 lmhosts - ok
14:21:35.0256 5508 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:21:35.0275 5508 LSI_FC - ok
14:21:35.0294 5508 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:21:35.0311 5508 LSI_SAS - ok
14:21:35.0337 5508 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:21:35.0355 5508 LSI_SCSI - ok
14:21:35.0385 5508 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
14:21:35.0411 5508 luafv - ok
14:21:35.0431 5508 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:21:35.0459 5508 Mcx2Svc - ok
14:21:35.0492 5508 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
14:21:35.0507 5508 megasas - ok
14:21:35.0530 5508 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:21:35.0565 5508 MegaSR - ok
14:21:35.0637 5508 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:21:35.0654 5508 Microsoft Office Groove Audit Service - ok
14:21:35.0685 5508 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:21:35.0726 5508 MMCSS - ok
14:21:35.0746 5508 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
14:21:35.0784 5508 Modem - ok
14:21:35.0802 5508 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:21:35.0826 5508 monitor - ok
14:21:35.0835 5508 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:21:35.0850 5508 mouclass - ok
14:21:35.0868 5508 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:21:35.0917 5508 mouhid - ok
14:21:35.0933 5508 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:21:35.0950 5508 MountMgr - ok
14:21:35.0991 5508 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
14:21:36.0011 5508 mpio - ok
14:21:36.0034 5508 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:21:36.0070 5508 mpsdrv - ok
14:21:36.0098 5508 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
14:21:36.0151 5508 MpsSvc - ok
14:21:36.0187 5508 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:21:36.0202 5508 Mraid35x - ok
14:21:36.0224 5508 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:21:36.0278 5508 MRxDAV - ok
14:21:36.0307 5508 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:21:36.0348 5508 mrxsmb - ok
14:21:36.0392 5508 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:21:36.0453 5508 mrxsmb10 - ok
14:21:36.0469 5508 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:21:36.0502 5508 mrxsmb20 - ok
14:21:36.0527 5508 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
14:21:36.0544 5508 msahci - ok
14:21:36.0572 5508 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:21:36.0590 5508 msdsm - ok
14:21:36.0611 5508 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
14:21:36.0645 5508 MSDTC - ok
14:21:36.0680 5508 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:21:36.0725 5508 Msfs - ok
14:21:36.0757 5508 [ 1E00B9B8601F24A96AD71A7D0FC5F136 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:21:36.0771 5508 msisadrv - ok
14:21:36.0813 5508 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:21:36.0865 5508 MSiSCSI - ok
14:21:36.0870 5508 msiserver - ok
14:21:36.0899 5508 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:21:36.0947 5508 MSKSSRV - ok
14:21:36.0963 5508 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:21:36.0991 5508 MSPCLOCK - ok
14:21:37.0010 5508 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:21:37.0039 5508 MSPQM - ok
14:21:37.0068 5508 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:21:37.0089 5508 MsRPC - ok
14:21:37.0100 5508 [ 215634CF935B696E3EBCA813D02E9165 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:21:37.0110 5508 mssmbios - ok
14:21:37.0143 5508 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:21:37.0172 5508 MSTEE - ok
14:21:37.0190 5508 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
14:21:37.0207 5508 Mup - ok
14:21:37.0238 5508 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
14:21:37.0269 5508 napagent - ok
14:21:37.0312 5508 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:21:37.0359 5508 NativeWifiP - ok
14:21:37.0399 5508 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:21:37.0420 5508 NDIS - ok
14:21:37.0457 5508 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:21:37.0491 5508 NdisTapi - ok
14:21:37.0508 5508 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:21:37.0537 5508 Ndisuio - ok
14:21:37.0574 5508 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:21:37.0607 5508 NdisWan - ok
14:21:37.0619 5508 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:21:37.0645 5508 NDProxy - ok
14:21:37.0673 5508 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:21:37.0678 5508 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:21:37.0678 5508 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:21:37.0691 5508 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:21:37.0734 5508 NetBIOS - ok
14:21:37.0753 5508 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:21:37.0799 5508 netbt - ok
14:21:37.0806 5508 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
14:21:37.0820 5508 Netlogon - ok
14:21:37.0847 5508 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
14:21:37.0937 5508 Netman - ok
14:21:37.0981 5508 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
14:21:38.0011 5508 netprofm - ok
14:21:38.0048 5508 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:21:38.0069 5508 NetTcpPortSharing - ok
14:21:38.0212 5508 [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
14:21:38.0669 5508 NETw5v32 - ok
14:21:38.0698 5508 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:21:38.0714 5508 nfrd960 - ok
14:21:38.0750 5508 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:21:38.0795 5508 NlaSvc - ok
14:21:38.0860 5508 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
14:21:38.0867 5508 NMSAccess - ok
14:21:38.0882 5508 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:21:38.0920 5508 Npfs - ok
14:21:38.0936 5508 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
14:21:38.0964 5508 nsi - ok
14:21:38.0973 5508 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:21:39.0013 5508 nsiproxy - ok
14:21:39.0062 5508 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:21:39.0183 5508 Ntfs - ok
14:21:39.0200 5508 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:21:39.0249 5508 ntrigdigi - ok
14:21:39.0274 5508 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
14:21:39.0302 5508 Null - ok
14:21:39.0329 5508 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:21:39.0347 5508 nvraid - ok
14:21:39.0370 5508 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:21:39.0386 5508 nvstor - ok
14:21:39.0400 5508 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:21:39.0419 5508 nv_agp - ok
14:21:39.0424 5508 NwlnkFlt - ok
14:21:39.0431 5508 NwlnkFwd - ok
14:21:39.0514 5508 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:21:39.0562 5508 odserv - ok
14:21:39.0590 5508 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:21:39.0640 5508 ohci1394 - ok
14:21:39.0677 5508 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:21:39.0696 5508 ose - ok
14:21:39.0754 5508 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:21:39.0867 5508 p2pimsvc - ok
14:21:39.0881 5508 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
14:21:39.0928 5508 p2psvc - ok
14:21:39.0954 5508 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
14:21:40.0025 5508 Parport - ok
14:21:40.0050 5508 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:21:40.0067 5508 partmgr - ok
14:21:40.0086 5508 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:21:40.0133 5508 Parvdm - ok
14:21:40.0157 5508 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
14:21:40.0189 5508 PcaSvc - ok
14:21:40.0205 5508 [ ECA39351296D905BAA4FA3244C152B00 ] pci C:\Windows\system32\drivers\pci.sys
14:21:40.0227 5508 pci - ok
14:21:40.0239 5508 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\DRIVERS\pciide.sys
14:21:40.0254 5508 pciide - ok
14:21:40.0281 5508 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:21:40.0303 5508 pcmcia - ok
14:21:40.0344 5508 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:21:40.0438 5508 PEAUTH - ok
14:21:40.0507 5508 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
14:21:40.0623 5508 pla - ok
14:21:40.0649 5508 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:21:40.0688 5508 PlugPlay - ok
14:21:40.0739 5508 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:21:40.0759 5508 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:21:40.0759 5508 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:21:40.0788 5508 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:21:40.0815 5508 PNRPAutoReg - ok
14:21:40.0877 5508 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:21:40.0918 5508 PNRPsvc - ok
14:21:40.0980 5508 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:21:41.0092 5508 PolicyAgent - ok
14:21:41.0149 5508 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:21:41.0193 5508 PptpMiniport - ok
14:21:41.0219 5508 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
14:21:41.0251 5508 Processor - ok
14:21:41.0282 5508 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
14:21:41.0319 5508 ProfSvc - ok
14:21:41.0339 5508 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:21:41.0363 5508 ProtectedStorage - ok
14:21:41.0394 5508 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:21:41.0434 5508 PSched - ok
14:21:41.0454 5508 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
14:21:41.0472 5508 PxHelp20 - ok
14:21:41.0542 5508 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:21:41.0654 5508 ql2300 - ok
14:21:41.0676 5508 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:21:41.0694 5508 ql40xx - ok
14:21:41.0741 5508 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
14:21:41.0792 5508 QWAVE - ok
14:21:41.0810 5508 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:21:41.0835 5508 QWAVEdrv - ok
14:21:41.0854 5508 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:21:41.0899 5508 RasAcd - ok
14:21:41.0924 5508 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
14:21:41.0958 5508 RasAuto - ok
14:21:41.0978 5508 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:21:42.0010 5508 Rasl2tp - ok
14:21:42.0025 5508 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
14:21:42.0055 5508 RasMan - ok
14:21:42.0074 5508 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:21:42.0104 5508 RasPppoe - ok
14:21:42.0122 5508 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:21:42.0153 5508 RasSstp - ok
14:21:42.0188 5508 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:21:42.0225 5508 rdbss - ok
14:21:42.0239 5508 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:21:42.0279 5508 RDPCDD - ok
14:21:42.0314 5508 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:21:42.0354 5508 rdpdr - ok
14:21:42.0359 5508 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:21:42.0406 5508 RDPENCDD - ok
14:21:42.0434 5508 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:21:42.0469 5508 RDPWD - ok
14:21:42.0509 5508 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:21:42.0547 5508 RemoteAccess - ok
14:21:42.0573 5508 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:21:42.0627 5508 RemoteRegistry - ok
14:21:42.0644 5508 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
14:21:42.0679 5508 rimmptsk - ok
14:21:42.0710 5508 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
14:21:42.0751 5508 rimsptsk - ok
14:21:42.0757 5508 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
14:21:42.0803 5508 rismxdp - ok
14:21:42.0827 5508 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
14:21:42.0867 5508 RpcLocator - ok
14:21:42.0899 5508 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
14:21:42.0939 5508 RpcSs - ok
14:21:42.0982 5508 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:21:43.0013 5508 rspndr - ok
14:21:43.0039 5508 [ 7157E70A90CCE49DEB8885D23A073A39 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
14:21:43.0093 5508 RTL8169 - ok
14:21:43.0107 5508 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
14:21:43.0120 5508 SamSs - ok
14:21:43.0145 5508 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:21:43.0162 5508 sbp2port - ok
14:21:43.0201 5508 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:21:43.0248 5508 SCardSvr - ok
14:21:43.0292 5508 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
14:21:43.0354 5508 Schedule - ok
14:21:43.0368 5508 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
14:21:43.0393 5508 SCPolicySvc - ok
14:21:43.0414 5508 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:21:43.0460 5508 sdbus - ok
14:21:43.0481 5508 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:21:43.0527 5508 SDRSVC - ok
14:21:43.0546 5508 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:21:43.0605 5508 secdrv - ok
14:21:43.0621 5508 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
14:21:43.0654 5508 seclogon - ok
14:21:43.0663 5508 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
14:21:43.0705 5508 SENS - ok
14:21:43.0732 5508 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:21:43.0782 5508 Serenum - ok
14:21:43.0798 5508 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
14:21:43.0850 5508 Serial - ok
14:21:43.0866 5508 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:21:43.0896 5508 sermouse - ok
14:21:43.0934 5508 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
14:21:43.0961 5508 SessionEnv - ok
14:21:43.0978 5508 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:21:44.0001 5508 sffdisk - ok
14:21:44.0021 5508 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:21:44.0050 5508 sffp_mmc - ok
14:21:44.0071 5508 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:21:44.0099 5508 sffp_sd - ok
14:21:44.0106 5508 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:21:44.0175 5508 sfloppy - ok
14:21:44.0212 5508 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:21:44.0275 5508 SharedAccess - ok
14:21:44.0313 5508 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:21:44.0366 5508 ShellHWDetection - ok
14:21:44.0383 5508 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:21:44.0401 5508 sisagp - ok
14:21:44.0411 5508 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:21:44.0427 5508 SiSRaid2 - ok
14:21:44.0447 5508 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:21:44.0464 5508 SiSRaid4 - ok
14:21:44.0544 5508 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:21:44.0553 5508 SkypeUpdate - ok
14:21:44.0638 5508 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
14:21:44.0822 5508 slsvc - ok
14:21:44.0841 5508 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:21:44.0875 5508 SLUINotify - ok
14:21:44.0920 5508 [ 8EB3988C74FD9D0E0934977E36B5F9E6 ] SmartFaceVWatchSrv C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
14:21:44.0933 5508 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
14:21:44.0933 5508 SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
14:21:44.0967 5508 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:21:45.0012 5508 Smb - ok
14:21:45.0029 5508 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:21:45.0043 5508 SNMPTRAP - ok
14:21:45.0057 5508 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
14:21:45.0073 5508 spldr - ok
14:21:45.0101 5508 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
14:21:45.0143 5508 Spooler - ok
14:21:45.0187 5508 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
14:21:45.0188 5508 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
14:21:45.0190 5508 sptd ( LockedFile.Multi.Generic ) - warning
14:21:45.0190 5508 sptd - detected LockedFile.Multi.Generic (1)
14:21:45.0225 5508 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:21:45.0279 5508 srv - ok
14:21:45.0328 5508 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:21:45.0384 5508 srv2 - ok
14:21:45.0417 5508 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:21:45.0453 5508 srvnet - ok
14:21:45.0484 5508 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:21:45.0523 5508 SSDPSRV - ok
14:21:45.0558 5508 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
14:21:45.0570 5508 ssmdrv - ok
14:21:45.0590 5508 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
14:21:45.0615 5508 SSPORT ( UnsignedFile.Multi.Generic ) - warning
14:21:45.0615 5508 SSPORT - detected UnsignedFile.Multi.Generic (1)
14:21:45.0641 5508 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:21:45.0673 5508 SstpSvc - ok
14:21:45.0727 5508 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
14:21:45.0742 5508 StarOpen ( UnsignedFile.Multi.Generic ) - warning
14:21:45.0742 5508 StarOpen - detected UnsignedFile.Multi.Generic (1)
14:21:45.0772 5508 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
14:21:45.0797 5508 stisvc - ok
14:21:45.0831 5508 [ 97E089971A6ABA49AD5592BD6298E416 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:21:45.0845 5508 swenum - ok
14:21:45.0865 5508 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
14:21:45.0922 5508 swprv - ok
14:21:45.0945 5508 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:21:45.0960 5508 Symc8xx - ok
14:21:45.0973 5508 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:21:45.0987 5508 Sym_hi - ok
14:21:46.0006 5508 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:21:46.0021 5508 Sym_u3 - ok
14:21:46.0047 5508 [ 55F6E55CC2430CA8713387106FA79817 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:21:46.0067 5508 SynTP - ok
14:21:46.0093 5508 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
14:21:46.0197 5508 SysMain - ok
14:21:46.0218 5508 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:21:46.0258 5508 TabletInputService - ok
14:21:46.0274 5508 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
14:21:46.0318 5508 TapiSrv - ok
14:21:46.0335 5508 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
14:21:46.0374 5508 TBS - ok
14:21:46.0420 5508 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:21:46.0486 5508 Tcpip - ok
14:21:46.0505 5508 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:21:46.0547 5508 Tcpip6 - ok
14:21:46.0573 5508 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:21:46.0620 5508 tcpipreg - ok
14:21:46.0663 5508 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
14:21:46.0701 5508 tdcmdpst - ok
14:21:46.0717 5508 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:21:46.0761 5508 TDPIPE - ok
14:21:46.0783 5508 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:21:46.0827 5508 TDTCP - ok
14:21:46.0841 5508 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:21:46.0888 5508 tdx - ok
14:21:46.0948 5508 [ CE0B5D587839614A16480D7B8395FFE9 ] TempoMonitoringService C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
14:21:46.0956 5508 TempoMonitoringService - ok
14:21:46.0969 5508 [ 718B2F4355CD8EB2844741ADDAC0E622 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:21:46.0986 5508 TermDD - ok
14:21:47.0031 5508 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
14:21:47.0068 5508 TermService - ok
14:21:47.0100 5508 Texis Monitor - ok
14:21:47.0165 5508 [ F6B82925BC410C0A7DDE5F5FFF0EDE3D ] TGCM_ImportWiFiSvc C:\Program Files\Movistar\Escritorio Movistar\ImpWiFiSvc.exe
14:21:47.0171 5508 TGCM_ImportWiFiSvc ( UnsignedFile.Multi.Generic ) - warning
14:21:47.0171 5508 TGCM_ImportWiFiSvc - detected UnsignedFile.Multi.Generic (1)
14:21:47.0193 5508 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
14:21:47.0210 5508 Themes - ok
14:21:47.0225 5508 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:21:47.0252 5508 THREADORDER - ok
14:21:47.0279 5508 [ 89F74C86523F5E334628DBCE66E6D165 ] TNaviSrv C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
14:21:47.0288 5508 TNaviSrv - ok
14:21:47.0319 5508 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\Windows\system32\TODDSrv.exe
14:21:47.0331 5508 TODDSrv - ok
14:21:47.0376 5508 [ DA6903958CBDC091FFCBBCA70CCFF34C ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
14:21:47.0391 5508 TosCoSrv - ok
14:21:47.0432 5508 [ 22690DFFC7F2A18279A7A0489AA02BAC ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
14:21:47.0448 5508 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
14:21:47.0448 5508 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
14:21:47.0453 5508 Tosrfcom - ok
14:21:47.0466 5508 [ 5C4103544612E5011EF46301B93D1AA6 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
14:21:47.0509 5508 tosrfec - ok
14:21:47.0558 5508 [ 4399A9BF7D8F49991A07FD86590A1619 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
14:21:47.0590 5508 tos_sps32 - ok
14:21:47.0623 5508 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
14:21:47.0652 5508 TrkWks - ok
14:21:47.0720 5508 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:21:47.0763 5508 TrustedInstaller - ok
14:21:47.0782 5508 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:21:47.0822 5508 tssecsrv - ok
14:21:47.0837 5508 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:21:47.0866 5508 tunmp - ok
14:21:47.0898 5508 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:21:47.0911 5508 tunnel - ok
14:21:47.0948 5508 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
14:21:47.0960 5508 TVALZ - ok
14:21:48.0006 5508 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:21:48.0023 5508 uagp35 - ok
14:21:48.0041 5508 [ C985B36E127EA9B8A92396120BFF52D8 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:21:48.0099 5508 udfs - ok
14:21:48.0139 5508 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:21:48.0180 5508 UI0Detect - ok
14:21:48.0254 5508 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
14:21:48.0260 5508 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
14:21:48.0260 5508 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
14:21:48.0279 5508 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:21:48.0296 5508 uliagpkx - ok
14:21:48.0328 5508 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:21:48.0351 5508 uliahci - ok
14:21:48.0374 5508 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:21:48.0392 5508 UlSata - ok
14:21:48.0411 5508 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:21:48.0430 5508 ulsata2 - ok
14:21:48.0451 5508 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:21:48.0496 5508 umbus - ok
14:21:48.0522 5508 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
14:21:48.0552 5508 upnphost - ok
14:21:48.0604 5508 [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:21:48.0636 5508 usbaudio - ok
14:21:48.0666 5508 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:21:48.0691 5508 usbccgp - ok
14:21:48.0718 5508 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:21:48.0771 5508 usbcir - ok
14:21:48.0798 5508 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:21:48.0828 5508 usbehci - ok
14:21:48.0842 5508 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:21:48.0880 5508 usbhub - ok
14:21:48.0903 5508 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:21:48.0950 5508 usbohci - ok
14:21:48.0984 5508 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:21:49.0035 5508 usbprint - ok
14:21:49.0080 5508 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:21:49.0104 5508 usbscan - ok
14:21:49.0129 5508 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:21:49.0161 5508 USBSTOR - ok
14:21:49.0169 5508 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:21:49.0194 5508 usbuhci - ok
14:21:49.0216 5508 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:21:49.0258 5508 usbvideo - ok
14:21:49.0280 5508 [ 237C444FBD1C697A2E3FA60F02C61F22 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
14:21:49.0292 5508 UVCFTR - ok
14:21:49.0325 5508 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
14:21:49.0354 5508 UxSms - ok
14:21:49.0380 5508 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
14:21:49.0465 5508 vds - ok
14:21:49.0489 5508 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:21:49.0536 5508 vga - ok
14:21:49.0548 5508 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
14:21:49.0590 5508 VgaSave - ok
14:21:49.0628 5508 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:21:49.0645 5508 viaagp - ok
14:21:49.0660 5508 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:21:49.0695 5508 ViaC7 - ok
14:21:49.0714 5508 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
14:21:49.0728 5508 viaide - ok
14:21:49.0749 5508 [ BDD98BBE7323FC0975A26373D8050471 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:21:49.0765 5508 volmgr - ok
14:21:49.0776 5508 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:21:49.0801 5508 volmgrx - ok
14:21:49.0813 5508 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:21:49.0845 5508 volsnap - ok
14:21:49.0882 5508 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:21:49.0901 5508 vsmraid - ok
14:21:49.0954 5508 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
14:21:50.0132 5508 VSS - ok
14:21:50.0154 5508 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
14:21:50.0199 5508 W32Time - ok
14:21:50.0225 5508 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:21:50.0273 5508 WacomPen - ok
14:21:50.0294 5508 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:21:50.0338 5508 Wanarp - ok
14:21:50.0345 5508 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:21:50.0370 5508 Wanarpv6 - ok
14:21:50.0395 5508 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:21:50.0465 5508 wcncsvc - ok
14:21:50.0498 5508 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:21:50.0525 5508 WcsPlugInService - ok
14:21:50.0542 5508 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
14:21:50.0556 5508 Wd - ok
14:21:50.0588 5508 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:21:50.0636 5508 Wdf01000 - ok
14:21:50.0650 5508 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:21:50.0693 5508 WdiServiceHost - ok
14:21:50.0698 5508 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:21:50.0727 5508 WdiSystemHost - ok
14:21:50.0748 5508 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
14:21:50.0772 5508 WebClient - ok
14:21:50.0813 5508 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:21:50.0856 5508 Wecsvc - ok
14:21:50.0879 5508 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:21:50.0911 5508 wercplsupport - ok
14:21:50.0945 5508 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
14:21:50.0963 5508 WerSvc - ok
14:21:51.0052 5508 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:21:51.0066 5508 WinDefend - ok
14:21:51.0073 5508 WinHttpAutoProxySvc - ok
14:21:51.0137 5508 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:21:51.0171 5508 Winmgmt - ok
14:21:51.0222 5508 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
14:21:51.0408 5508 WinRM - ok
14:21:51.0486 5508 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:21:51.0561 5508 Wlansvc - ok
14:21:51.0590 5508 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:21:51.0624 5508 WmiAcpi - ok
14:21:51.0662 5508 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:21:51.0713 5508 wmiApSrv - ok
14:21:51.0792 5508 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:21:51.0893 5508 WMPNetworkSvc - ok
14:21:51.0925 5508 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:21:51.0973 5508 WPCSvc - ok
14:21:51.0988 5508 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:21:52.0027 5508 WPDBusEnum - ok
14:21:52.0079 5508 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
14:21:52.0111 5508 WpdUsb - ok
14:21:52.0214 5508 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:21:52.0264 5508 WPFFontCache_v0400 - ok
14:21:52.0294 5508 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:21:52.0322 5508 ws2ifsl - ok
14:21:52.0341 5508 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
14:21:52.0357 5508 wscsvc - ok
14:21:52.0365 5508 WSearch - ok
14:21:52.0444 5508 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
14:21:52.0552 5508 wuauserv - ok
14:21:52.0569 5508 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:21:52.0603 5508 WUDFRd - ok
14:21:52.0612 5508 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:21:52.0657 5508 wudfsvc - ok
14:21:52.0698 5508 ================ Scan global ===============================
14:21:52.0729 5508 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:21:52.0776 5508 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
14:21:52.0809 5508 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
14:21:52.0841 5508 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
14:21:52.0847 5508 [Global] - ok
14:21:52.0848 5508 ================ Scan MBR ==================================
14:21:52.0857 5508 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:21:53.0429 5508 \Device\Harddisk0\DR0 - ok
14:21:53.0429 5508 ================ Scan VBR ==================================
14:21:53.0433 5508 [ BFEC8C3B2E835C252F756C03A4D5405F ] \Device\Harddisk0\DR0\Partition1
14:21:53.0435 5508 \Device\Harddisk0\DR0\Partition1 - ok
14:21:53.0465 5508 [ 8792BA92133463EC91E86C70FDEC51CE ] \Device\Harddisk0\DR0\Partition2
14:21:53.0467 5508 \Device\Harddisk0\DR0\Partition2 - ok
14:21:53.0467 5508 ============================================================
14:21:53.0467 5508 Scan finished
14:21:53.0467 5508 ============================================================
14:21:53.0478 5420 Detected object count: 15
14:21:53.0478 5420 Actual detected object count: 15
14:22:16.0452 5420 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:16.0452 5420 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:16.0454 5420 cvintdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:16.0454 5420 cvintdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:16.0456 5420 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:16.0457 5420 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:16.0457 5420 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:16.0457 5420 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:16.0461 5420 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:16.0461 5420 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:16.0461 5420 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:16.0462 5420 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:16.0464 5420 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:16.0464 5420 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:16.0466 5420 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:16.0466 5420 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:16.0468 5420 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:16.0468 5420 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:16.0470 5420 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:22:16.0470 5420 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:22:16.0472 5420 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:16.0472 5420 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:16.0474 5420 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:16.0474 5420 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:16.0476 5420 TGCM_ImportWiFiSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:16.0476 5420 TGCM_ImportWiFiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:16.0478 5420 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:16.0479 5420 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:16.0481 5420 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:16.0481 5420 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.01.2013, 15:20
| #6 | |
| /// Malware-holic | Polizei Trojaner - nur abgesicherter Modus mit Eingabeaufforderung funktioniert Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Polizei Trojaner - nur abgesicherter Modus mit Eingabeaufforderung funktioniert |
|
22.01.2013, 11:13
| #7 |
| | Polizei Trojaner - nur abgesicherter Modus mit Eingabeaufforderung funktioniert Hallo, Combofix ausgeführt ohne Probleme. Anbei das Log-File: Code:
ATTFilter Combofix Logfile: |
|
22.01.2013, 14:51
| #8 |
| /// Malware-holic | Polizei Trojaner - nur abgesicherter Modus mit Eingabeaufforderung funktioniert Hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.01.2013, 23:52
| #9 |
| | Polizei Trojaner - nur abgesicherter Modus mit Eingabeaufforderung funktioniert Hallo Markus, Hab den Malwarebytes scan durchgeführt, anbei das Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.22.04 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Stefan :: STEFAN-PC [Administrator] 22.01.2013 15:46:37 mbam-log-2013-01-22 (15-46-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 610438 Laufzeit: 3 Stunde(n), 22 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Qoobox\Quarantine\C\ProgramData\ucekgypa.exe.vir (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
23.01.2013, 14:07
| #10 |
| /// Malware-holic | Polizei Trojaner - nur abgesicherter Modus mit Eingabeaufforderung funktioniert Hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Polizei Trojaner - nur abgesicherter Modus mit Eingabeaufforderung funktioniert |
| 32 bit, 7-zip, antivir, autorun, avira, bho, browser, cdburnerxp, computer, desktop, ebay, error, excel, firefox, flash player, frage, free download, home, install.exe, jdownloader, launch, logfile, monitor.exe, nur abgesicherter modus, office 2007, officejet, realtek, registry, rundll, scan, security, software, spotify web helper, starten, trojaner, vista |
Linear-Darstellung
