Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojanische Pferd TR/Drop.Sirefef.but in Qurantäne gesetzt kann ich mein laptop wieder nutzen? (https://www.trojaner-board.de/113491-trojanische-pferd-tr-drop-sirefef-but-qurantaene-gesetzt-laptop-nutzen.html)

webi 11.04.2012 20:19
Trojanische Pferd TR/Drop.Sirefef.but in Qurantäne gesetzt kann ich mein laptop wieder nutzen?
 
Hallo liebes Trojaner Board Team,
mein Avira hat beim wöchentlichen Scan 2 Funde gemacht"Trojanische Pferd TR/Drop.Sirefef.but" die dan gleich in Qurantäne gesetzt wurden.Danach habe ich gleich ESET Online Scaner(hat ein fund gemacht habe aber mit ESET nichts gelöcht sondern nur Scannen lassen)und Malewarebytes durchlauffen lassen(kein Fund). Beide Reports werde ich natürlich mit senden.Mein Toschiba Laptop,funktioniert nach wie vor einwandfrei.Ich habe wie in der checkliste beschrieben alles ausgeführt. Defogger hat nicht funktioniert sende dazu passend den Report.Wenn ich was vergessen haben sollte oder was falsch gemacht haben sollte,tut es mir leid.Meine frage ist ob ich den Laptop jetzt wie gewohnt Benutzen kann oder das lieber bleiben lassen solllte? Da der Lapi Nagel neu ist und ich ihn als dj benutze und bald wieder brauche ist diese frage sehr wichtig für mich? Zur zeit benutze ich ihn nur im abgesicherten Modus aüßer bei den Scans.

Vielen lieben Dank im Voraus

mit freundlichen Grüßen Webi

DEFOGGER DISABLE
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:49 on 11/04/2012 (Mathias Wehpke)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

cosinus 12.04.2012 14:11
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.


Code:
C:\Users\Mathias Wehpke\Downloads\Egyptian Riddim.zip
  [0] Archivtyp: ZIP
  --> Egyptian Riddim.exe
      [FUND]      Ist das Trojanische Pferd TR/Drop.Sirefef.but
Aus welcher Quelle stammt das, was soll Egyptian Riddim.zip eigentlich genau sein?

webi 12.04.2012 14:24
Bei Malewarebytes habe ich nur diesen einen Report drinne...habe auch keinen Scan davor gemacht.Egyptian Riddim.zip ist eine Musik datei also ein riddim mit mehren tunes.
Die Quelle kann ich jetzt im nachhinein nicht mehr wirklich bestimmen da ich soo viele platten und mp3 kaufe und Promo riddims und tunes runterlade.
netter gruß webi

cosinus 12.04.2012 15:26
Zitat:
Die Quelle kann ich jetzt im nachhinein nicht mehr wirklich bestimmen
Merkwürdig, wenn ich nach Egyptian Riddim.zip google bekomm ich fast nur dubiose Filehosting-Quellen! :pfui:

webi 13.04.2012 00:56
Ich glaube egal welchen Riddim du eingibst Military,Antrax,man trifft immer auf dubiose Filehosting....aber man kann diese auch Erwerben oder als Promo Cd for free Runterladen um sie digital zu Mixen wenn man sie auf platte hat und dj ist.Also das is alles freeware oder gekauft!Meine Frage ist is mein Laptop noch infiziert?Da ich mit den nächste Woche Auflegen wollte aber icht weiß ob das gut is wenn er viel noch Vieren drauf hat.

Vielen Dank im Voraus
janz nette grüße webi

cosinus 13.04.2012 10:48
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

webi 13.04.2012 11:20
Hy hier ist der OTL Text:OTL Logfile:
Code:
OTL logfile created on: 13.04.2012 12:05:06 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Mathias Wehpke\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,63% Memory free
7,95 Gb Paging File | 6,48 Gb Available in Paging File | 81,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 165,97 Gb Free Space | 71,27% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 72,55 Gb Free Space | 31,21% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: MATHIASWEHPKE | User Name: Mathias Wehpke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.13 12:00:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias Wehpke\Desktop\OTL.exe
PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.01 14:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 14:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.03 15:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010.08.16 11:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010.08.04 18:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.10.12 11:55:12 | 005,739,008 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2010.12.09 18:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010.12.08 16:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010.10.20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.02.10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2011.02.01 14:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.01 14:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.11.29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010.08.04 18:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.31 09:56:33 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.01.31 09:56:33 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.12.21 13:51:29 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.10 03:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011.02.03 20:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.01.13 20:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.05 02:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010.12.07 15:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010.12.07 15:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010.12.07 15:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010.12.07 15:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.07.20 18:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109986&tt=050412_30b&babsrc=SP_ss&mntrId=f6cb62df000000000000743170abc6d3
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\..\SearchScopes\{98FB3DFA-DAE1-4DF6-98B9-39D2158E5D75}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q={searchTerms}&locale=&apn_ptnrs=HQ&apn_dtid=YYYYYYYYDE&apn_uid=6e4797b5-9de7-440f-9443-dbac144d08fc&apn_sauid=C1880959-5BC4-408E-8EEC-10568F2C5B98
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109986&tt=050412_30b&babsrc=KW_ss&mntrId=f6cb62df000000000000743170abc6d3&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 14:53:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.02 09:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias Wehpke\AppData\Roaming\mozilla\Extensions
[2012.04.12 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias Wehpke\AppData\Roaming\mozilla\Firefox\Profiles\pdkuzn0h.default\extensions
[2012.01.03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla\Firefox\Profiles\pdkuzn0h.default\searchplugins\askcom.xml
[2012.03.02 09:32:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.18 14:53:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.11 19:34:58 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81C079F3-6C8E-4AD9-96FB-933E495C684D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS -
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS -
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.13 12:00:23 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias Wehpke\Desktop\OTL.exe
[2012.04.13 11:56:28 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{930CF94B-B2B3-436D-8B77-B498D3FDC6EF}
[2012.04.12 10:37:45 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{30D79529-DD88-4143-94AE-1198B9F42A34}
[2012.04.12 08:35:57 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{1A723313-5462-4AD8-8D9A-7C48E8469FF3}
[2012.04.11 19:50:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mathias Wehpke\Desktop\dds.scr
[2012.04.11 19:34:54 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\Babylon
[2012.04.11 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor
[2012.04.11 19:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uncompressor
[2012.04.11 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Roaming\Babylon
[2012.04.11 19:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.04.11 10:32:41 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{F33D3EB1-4488-447B-9653-6FB1033AD65A}
[2012.04.10 21:02:27 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Roaming\Malwarebytes
[2012.04.10 21:02:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.10 21:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.10 21:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.10 18:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.10 11:43:22 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{2199C085-2118-4FC5-8108-BC1D14FDD0D3}
[2012.04.09 23:42:59 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{6C8D77D5-DAB9-4A86-93CB-E4AB3E6EBE88}
[2012.04.09 10:09:25 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{52D17B3E-3B7E-4D00-9AAC-79FBED7F9DCE}
[2012.04.08 18:28:18 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.08 18:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.04.08 18:28:08 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoft
[2012.04.08 18:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.04.08 18:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.04.08 16:35:35 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{3FE0BB59-D8FD-4E5A-B9B2-6AADEF1469D2}
[2012.04.08 01:17:49 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{AA11200A-FC04-4AF8-B549-0077483651D4}
[2012.04.07 08:19:55 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{34EADD9F-5F40-4F21-BC9F-4F09EAA4B0B8}
[2012.04.06 15:16:55 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{A767C658-EA69-49AE-A270-9171C71ACF78}
[2012.04.06 10:06:24 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{33575E26-123E-4921-82CC-97FA15434D9D}
[2012.04.05 19:56:59 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{D33DF28B-7FCD-4BE5-8C4E-DAF996CEAD39}
[2012.04.04 21:03:32 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{5AA3CCF6-6208-4355-87A7-6AA10187293B}
[2012.04.04 09:02:42 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{2A5710F0-B40C-4CA1-BBFD-9AA406DFB365}
[2012.04.02 13:59:16 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{5DCA1FA1-470F-4F32-9CEE-2D0CFC5C82BD}
[2012.04.01 12:16:03 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{899A736D-539B-4D8A-B8D4-F8BF051DD86A}
[2012.03.31 23:48:52 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{331816A4-8B5D-4845-A1D4-853B5CC539BA}
[2012.03.31 11:48:29 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{79865EC3-8ED6-441F-BE13-10A224E04A4C}
[2012.03.30 23:48:05 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{5D6EF785-81F0-4D22-A8F1-FDEF71775D01}
[2012.03.30 08:39:02 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{D16C1EDD-8B48-4519-9D48-6709288329C7}
[2012.03.29 10:23:58 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{A3CF102E-1145-45BA-9315-0EB63699E208}
[2012.03.28 21:31:22 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{2E7068EE-8286-442D-BD27-7686C40C198A}
[2012.03.28 21:31:11 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{5B01307D-C98F-45C9-BA33-0F750EBB1E3E}
[2012.03.27 14:56:30 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{D4097B5C-6168-4738-B8D7-8B32CB2B34B9}
[2012.03.26 13:05:17 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{56A06A09-C346-4E55-BDBC-CB8D9F9267BE}
[2012.03.26 13:04:41 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{52FADD55-F313-42B0-B1F1-151C83697E96}
[2012.03.25 18:02:54 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{CF1A8703-4AA4-405A-8D4A-8E09240702CF}
[2012.03.25 05:45:58 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{BFB0396A-51DB-48DD-B1ED-0457C261B4E2}
[2012.03.25 05:45:47 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{EEC8D146-FEF2-4861-B9D0-7C84BFABE1E7}
[2012.03.24 13:55:26 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{EE81FB16-AB76-4638-BDF4-64A08AB62127}
[2012.03.24 13:55:14 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{CC059663-EF32-4DA9-BCDF-8E6895A2825F}
[2012.03.23 09:47:36 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{D257C4D8-E482-4811-B886-675C40523393}
[2012.03.23 09:47:26 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{974BADEF-215E-496E-8D7B-9A722B90961F}
[2012.03.22 21:46:56 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{6E4C706C-822D-4C75-AD39-6F395DCBDBD5}
[2012.03.22 09:46:29 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{63B9B549-7245-480A-A787-FFB368455D05}
[2012.03.22 09:45:23 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{9527F5DE-D015-48E5-9021-F808480297B0}
[2012.03.21 21:30:14 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{8834DDF2-A958-41CB-A035-872A80FD0989}
[2012.03.21 21:30:04 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{45AA03C8-D238-455E-8717-66F0495B6D21}
[2012.03.21 09:29:28 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{ACBD79F7-5A3D-41FA-9C95-523CBA3C1D8E}
[2012.03.21 09:29:17 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{216424BC-43B7-43D3-BD74-A3008977FBEE}
[2012.03.20 09:41:32 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{4F045D5F-BE28-4C15-90FF-E170E5CD46F5}
[2012.03.20 09:41:22 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{F718F04F-4EF3-4A92-AAFA-3E8955060DF1}
[2012.03.19 09:39:19 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{71658C9D-5AD7-4FA3-BFAC-DD8F55CA7628}
[2012.03.19 09:38:43 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{8AE65FFB-0189-430B-95D4-68E39F279FDD}
[2012.03.19 09:38:43 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{8029399F-8B7D-4299-9F35-7D435D99D6D3}
[2012.03.18 19:43:40 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.03.18 19:28:07 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Documents\music addiction
[2012.03.18 09:59:25 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{0590E6A8-F9B6-435B-A32D-113A54E7FFC6}
[2012.03.18 09:58:18 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{EFDD117B-A518-4558-8C58-91588D14FFD9}
[2012.03.16 09:56:35 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{D4674694-3499-4570-B749-F780E54FDCDC}
[2012.03.16 09:00:44 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{B4984444-D7F9-4766-8067-5DA88E07AD42}
[2012.03.15 19:45:04 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{9BF8F08B-3650-4207-B263-093FBF6EA2C7}
[2012.03.15 19:42:57 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{16250FE9-0C07-443E-896B-1FA2454552BA}
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.13 12:02:55 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.13 12:02:55 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.13 12:02:28 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.13 12:02:28 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.13 12:02:28 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.13 12:02:28 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.13 12:02:28 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.13 12:00:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias Wehpke\Desktop\OTL.exe
[2012.04.13 11:55:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.13 11:55:08 | 3203,735,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.12 10:41:17 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.12 09:41:55 | 000,002,092 | ---- | M] () -- C:\Users\Mathias Wehpke\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.04.12 09:41:55 | 000,002,021 | ---- | M] () -- C:\Users\Mathias Wehpke\Desktop\Avira DE-Cleaner.lnk
[2012.04.12 09:41:24 | 000,883,840 | ---- | M] () -- C:\Users\Mathias Wehpke\Desktop\Avira-DE100-Cleaner.exe
[2012.04.11 21:12:28 | 000,014,649 | ---- | M] () -- C:\Users\Mathias Wehpke\Documents\Reports.zip
[2012.04.11 19:50:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mathias Wehpke\Desktop\dds.scr
[2012.04.11 19:49:02 | 000,000,000 | ---- | M] () -- C:\Users\Mathias Wehpke\defogger_reenable
[2012.04.11 19:46:43 | 000,050,477 | ---- | M] () -- C:\Users\Mathias Wehpke\Desktop\Defogger.exe
[2012.04.11 19:35:05 | 000,000,251 | ---- | M] () -- C:\user.js
[2012.04.10 21:02:18 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.10 18:42:38 | 000,002,046 | ---- | M] () -- C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012.04.05 23:18:04 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.04.12 09:41:55 | 000,002,092 | ---- | C] () -- C:\Users\Mathias Wehpke\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.04.12 09:41:55 | 000,002,021 | ---- | C] () -- C:\Users\Mathias Wehpke\Desktop\Avira DE-Cleaner.lnk
[2012.04.12 09:41:21 | 000,883,840 | ---- | C] () -- C:\Users\Mathias Wehpke\Desktop\Avira-DE100-Cleaner.exe
[2012.04.11 21:11:45 | 000,014,649 | ---- | C] () -- C:\Users\Mathias Wehpke\Documents\Reports.zip
[2012.04.11 19:49:02 | 000,000,000 | ---- | C] () -- C:\Users\Mathias Wehpke\defogger_reenable
[2012.04.11 19:46:43 | 000,050,477 | ---- | C] () -- C:\Users\Mathias Wehpke\Desktop\Defogger.exe
[2012.04.11 19:35:05 | 000,000,251 | ---- | C] () -- C:\user.js
[2012.04.10 21:02:18 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.05 23:18:04 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.06 12:14:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012.03.06 12:14:21 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012.03.01 23:54:40 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.03.01 22:20:43 | 004,014,540 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.21 14:14:17 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011.12.21 14:00:18 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.02.03 20:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010.11.09 13:09:58 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
 
========== LOP Check ==========
 
[2012.04.11 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Babylon
[2012.04.08 18:28:26 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoft
[2012.04.08 18:28:19 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.02 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\ImgBurn
[2012.03.30 00:14:31 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\SoftGrid Client
[2012.03.08 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Toshiba
[2012.03.05 13:51:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\TOSHIBA Online Product Information
[2012.03.01 22:22:07 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\TP
[2009.07.14 07:08:49 | 000,030,450 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.01 20:01:50 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Adobe
[2012.03.02 10:53:46 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Avira
[2012.04.11 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Babylon
[2012.04.08 18:28:26 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoft
[2012.04.08 18:28:19 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.01 19:58:20 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Identities
[2012.03.02 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\ImgBurn
[2012.03.01 20:31:25 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Macromedia
[2012.04.10 21:02:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Malwarebytes
[2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Media Center Programs
[2012.03.18 19:29:48 | 000,000,000 | --SD | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft
[2012.03.02 09:33:09 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla
[2012.03.01 22:32:52 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Nero
[2012.04.12 13:44:46 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Skype
[2012.03.30 00:14:31 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\SoftGrid Client
[2012.03.08 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Toshiba
[2012.03.05 13:51:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\TOSHIBA Online Product Information
[2012.03.01 22:22:07 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\TP
[2012.04.12 13:49:30 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
--- --- ---
Vielen Dank und nette grüße Webi

cosinus 13.04.2012 15:29
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109986&tt=050412_30b&babsrc=SP_ss&mntrId=f6cb62df000000000000743170abc6d3
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\..\SearchScopes\{98FB3DFA-DAE1-4DF6-98B9-39D2158E5D75}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q={searchTerms}&locale=&apn_ptnrs=HQ&apn_dtid=YYYYYYYYDE&apn_uid=6e4797b5-9de7-440f-9443-dbac144d08fc&apn_sauid=C1880959-5BC4-408E-8EEC-10568F2C5B98
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109986&tt=050412_30b&babsrc=KW_ss&mntrId=f6cb62df000000000000743170abc6d3&q="
[2012.01.03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla\Firefox\Profiles\pdkuzn0h.default\searchplugins\askcom.xml
[2012.04.11 19:34:58 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2012.04.11 19:34:54 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\Babylon
[2012.04.11 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Roaming\Babylon
[2012.04.11 19:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.04.11 19:35:05 | 000,000,251 | ---- | M] () -- C:\user.js
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

webi 14.04.2012 13:48
Ok hab ich gemacht

All processes killed
========== OTL ==========
HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2962335387-2445119808-2019167956-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
HKEY_USERS\S-1-5-21-2962335387-2445119808-2019167956-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2962335387-2445119808-2019167956-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2962335387-2445119808-2019167956-1000\Software\Microsoft\Internet Explorer\SearchScopes\{98FB3DFA-DAE1-4DF6-98B9-39D2158E5D75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98FB3DFA-DAE1-4DF6-98B9-39D2158E5D75}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=109986&tt=050412_30b&babsrc=KW_ss&mntrId=f6cb62df000000000000743170abc6d3&q=" removed from keyword.URL
C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla\Firefox\Profiles\pdkuzn0h.default\searchplugins\askcom.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\Mathias Wehpke\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\Babylon folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\user.js moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mathias Wehpke
->Temp folder emptied: 214393729 bytes
->Temporary Internet Files folder emptied: 483243 bytes
->FireFox cache emptied: 49685891 bytes
->Flash cache emptied: 509 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18403648 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53187 bytes
RecycleBin emptied: 53546 bytes

Total Files Cleaned = 270,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mathias Wehpke
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.39.2 log created on 04142012_144033

Files\Folders moved on Reboot...
C:\Users\Mathias Wehpke\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


nette grüße und vielen dank webi

cosinus 15.04.2012 15:41
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

webi 15.04.2012 19:51
ok hier der report

20:37:37.0783 4376 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:37:38.0037 4376 ============================================================
20:37:38.0038 4376 Current date / time: 2012/04/15 20:37:38.0037
20:37:38.0038 4376 SystemInfo:
20:37:38.0038 4376
20:37:38.0038 4376 OS Version: 6.1.7601 ServicePack: 1.0
20:37:38.0038 4376 Product type: Workstation
20:37:38.0038 4376 ComputerName: MATHIASWEHPKE
20:37:38.0038 4376 UserName: Mathias Wehpke
20:37:38.0038 4376 Windows directory: C:\Windows
20:37:38.0039 4376 System windows directory: C:\Windows
20:37:38.0039 4376 Running under WOW64
20:37:38.0039 4376 Processor architecture: Intel x64
20:37:38.0039 4376 Number of processors: 4
20:37:38.0039 4376 Page size: 0x1000
20:37:38.0039 4376 Boot type: Normal boot
20:37:38.0039 4376 ============================================================
20:37:38.0768 4376 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:37:38.0775 4376 \Device\Harddisk0\DR0:
20:37:38.0775 4376 MBR used
20:37:38.0775 4376 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1D1C3000
20:37:38.0775 4376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D28B800, BlocksNum 0x1D0FA800
20:37:38.0829 4376 Initialize success
20:37:38.0829 4376 ============================================================
20:43:01.0181 4956 ============================================================
20:43:01.0181 4956 Scan started
20:43:01.0181 4956 Mode: Manual; SigCheck; TDLFS;
20:43:01.0181 4956 ============================================================
20:43:01.0511 4956 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:43:01.0714 4956 1394ohci - ok
20:43:01.0826 4956 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:43:01.0858 4956 ACPI - ok
20:43:01.0965 4956 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:43:02.0056 4956 AcpiPmi - ok
20:43:02.0135 4956 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:43:02.0199 4956 AdobeARMservice - ok
20:43:02.0337 4956 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:43:02.0384 4956 adp94xx - ok
20:43:02.0508 4956 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:43:02.0545 4956 adpahci - ok
20:43:02.0679 4956 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:43:02.0717 4956 adpu320 - ok
20:43:02.0754 4956 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:43:02.0944 4956 AeLookupSvc - ok
20:43:03.0059 4956 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:43:03.0118 4956 AFD - ok
20:43:03.0237 4956 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:43:03.0267 4956 agp440 - ok
20:43:03.0367 4956 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:43:03.0434 4956 ALG - ok
20:43:03.0552 4956 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:43:03.0582 4956 aliide - ok
20:43:03.0685 4956 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:43:03.0709 4956 amdide - ok
20:43:03.0817 4956 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:43:03.0870 4956 AmdK8 - ok
20:43:03.0973 4956 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:43:04.0037 4956 AmdPPM - ok
20:43:04.0143 4956 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:43:04.0180 4956 amdsata - ok
20:43:04.0295 4956 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:43:04.0337 4956 amdsbs - ok
20:43:04.0460 4956 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:43:04.0508 4956 amdxata - ok
20:43:04.0613 4956 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys
20:43:04.0681 4956 Andbus - ok
20:43:04.0831 4956 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys
20:43:04.0887 4956 AndDiag - ok
20:43:04.0990 4956 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys
20:43:05.0024 4956 AndGps - ok
20:43:05.0131 4956 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys
20:43:05.0217 4956 ANDModem - ok
20:43:05.0353 4956 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:43:05.0415 4956 AntiVirSchedulerService - ok
20:43:05.0489 4956 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:43:05.0534 4956 AntiVirService - ok
20:43:05.0651 4956 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:43:05.0805 4956 AppID - ok
20:43:05.0873 4956 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:43:05.0968 4956 AppIDSvc - ok
20:43:06.0067 4956 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:43:06.0168 4956 Appinfo - ok
20:43:06.0275 4956 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:43:06.0312 4956 arc - ok
20:43:06.0422 4956 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:43:06.0450 4956 arcsas - ok
20:43:06.0566 4956 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:43:06.0659 4956 AsyncMac - ok
20:43:06.0767 4956 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:43:06.0796 4956 atapi - ok
20:43:06.0892 4956 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:43:06.0955 4956 AudioEndpointBuilder - ok
20:43:06.0964 4956 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:43:06.0998 4956 AudioSrv - ok
20:43:07.0100 4956 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
20:43:07.0192 4956 avgntflt - ok
20:43:07.0296 4956 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
20:43:07.0329 4956 avipbb - ok
20:43:07.0350 4956 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:43:07.0379 4956 avkmgr - ok
20:43:07.0465 4956 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:43:07.0574 4956 AxInstSV - ok
20:43:07.0716 4956 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:43:07.0785 4956 b06bdrv - ok
20:43:07.0890 4956 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:43:07.0960 4956 b57nd60a - ok
20:43:08.0059 4956 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:43:08.0130 4956 BDESVC - ok
20:43:08.0236 4956 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:43:08.0333 4956 Beep - ok
20:43:08.0437 4956 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:43:08.0529 4956 BFE - ok
20:43:08.0636 4956 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:43:08.0748 4956 BITS - ok
20:43:08.0853 4956 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
20:43:08.0916 4956 blbdrive - ok
20:43:09.0027 4956 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:43:09.0078 4956 bowser - ok
20:43:09.0192 4956 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:43:09.0243 4956 BrFiltLo - ok
20:43:09.0348 4956 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:43:09.0402 4956 BrFiltUp - ok
20:43:09.0495 4956 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:43:09.0598 4956 Browser - ok
20:43:09.0651 4956 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:43:09.0729 4956 Brserid - ok
20:43:09.0830 4956 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:43:09.0883 4956 BrSerWdm - ok
20:43:09.0994 4956 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:43:10.0039 4956 BrUsbMdm - ok
20:43:10.0134 4956 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:43:10.0177 4956 BrUsbSer - ok
20:43:10.0290 4956 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:43:10.0355 4956 BTHMODEM - ok
20:43:10.0464 4956 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:43:10.0532 4956 bthserv - ok
20:43:10.0592 4956 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:43:10.0680 4956 cdfs - ok
20:43:10.0786 4956 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:43:10.0860 4956 cdrom - ok
20:43:10.0969 4956 CeKbFilter (a965b206921c55f2d1481789d609b711) C:\Windows\system32\DRIVERS\CeKbFilter.sys
20:43:11.0013 4956 CeKbFilter - ok
20:43:11.0095 4956 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:43:11.0187 4956 CertPropSvc - ok
20:43:11.0303 4956 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
20:43:11.0324 4956 cfWiMAXService - ok
20:43:11.0430 4956 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:43:11.0476 4956 circlass - ok
20:43:11.0572 4956 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:43:11.0598 4956 CLFS - ok
20:43:11.0656 4956 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:43:11.0700 4956 clr_optimization_v2.0.50727_32 - ok
20:43:11.0784 4956 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:43:11.0818 4956 clr_optimization_v2.0.50727_64 - ok
20:43:11.0927 4956 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:43:11.0953 4956 clr_optimization_v4.0.30319_32 - ok
20:43:12.0024 4956 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:43:12.0044 4956 clr_optimization_v4.0.30319_64 - ok
20:43:12.0150 4956 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:43:12.0194 4956 CmBatt - ok
20:43:12.0255 4956 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:43:12.0284 4956 cmdide - ok
20:43:12.0342 4956 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:43:12.0396 4956 CNG - ok
20:43:12.0501 4956 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:43:12.0543 4956 Compbatt - ok
20:43:12.0665 4956 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:43:12.0735 4956 CompositeBus - ok
20:43:12.0802 4956 COMSysApp - ok
20:43:12.0917 4956 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
20:43:12.0938 4956 ConfigFree Service - ok
20:43:13.0048 4956 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:43:13.0074 4956 crcdisk - ok
20:43:13.0170 4956 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:43:13.0253 4956 CryptSvc - ok
20:43:13.0358 4956 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:43:13.0398 4956 cvhsvc - ok
20:43:13.0511 4956 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:43:13.0600 4956 DcomLaunch - ok
20:43:13.0693 4956 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:43:13.0784 4956 defragsvc - ok
20:43:13.0895 4956 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:43:13.0973 4956 DfsC - ok
20:43:14.0080 4956 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:43:14.0186 4956 Dhcp - ok
20:43:14.0294 4956 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:43:14.0373 4956 discache - ok
20:43:14.0465 4956 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:43:14.0502 4956 Disk - ok
20:43:14.0523 4956 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:43:14.0579 4956 Dnscache - ok
20:43:14.0693 4956 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:43:14.0785 4956 dot3svc - ok
20:43:14.0868 4956 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:43:14.0937 4956 DPS - ok
20:43:15.0031 4956 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:43:15.0072 4956 drmkaud - ok
20:43:15.0106 4956 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:43:15.0144 4956 DXGKrnl - ok
20:43:15.0232 4956 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:43:15.0319 4956 EapHost - ok
20:43:15.0495 4956 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:43:15.0571 4956 ebdrv - ok
20:43:15.0661 4956 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:43:15.0716 4956 EFS - ok
20:43:15.0805 4956 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:43:15.0904 4956 ehRecvr - ok
20:43:15.0977 4956 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:43:16.0045 4956 ehSched - ok
20:43:16.0159 4956 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:43:16.0202 4956 elxstor - ok
20:43:16.0221 4956 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:43:16.0237 4956 ErrDev - ok
20:43:16.0333 4956 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:43:16.0445 4956 EventSystem - ok
20:43:16.0549 4956 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:43:16.0646 4956 exfat - ok
20:43:16.0726 4956 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:43:16.0799 4956 fastfat - ok
20:43:16.0880 4956 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:43:16.0945 4956 Fax - ok
20:43:16.0999 4956 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:43:17.0047 4956 fdc - ok
20:43:17.0128 4956 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:43:17.0189 4956 fdPHost - ok
20:43:17.0270 4956 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:43:17.0363 4956 FDResPub - ok
20:43:17.0460 4956 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:43:17.0491 4956 FileInfo - ok
20:43:17.0516 4956 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:43:17.0579 4956 Filetrace - ok
20:43:17.0668 4956 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:43:17.0702 4956 flpydisk - ok
20:43:17.0733 4956 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:43:17.0756 4956 FltMgr - ok
20:43:17.0874 4956 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:43:17.0933 4956 FontCache - ok
20:43:18.0026 4956 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:43:18.0055 4956 FontCache3.0.0.0 - ok
20:43:18.0122 4956 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:43:18.0152 4956 FsDepends - ok
20:43:18.0209 4956 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:43:18.0240 4956 Fs_Rec - ok
20:43:18.0323 4956 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:43:18.0359 4956 fvevol - ok
20:43:18.0468 4956 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:43:18.0505 4956 gagp30kx - ok
20:43:18.0553 4956 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:43:18.0602 4956 gpsvc - ok
20:43:18.0688 4956 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:43:18.0749 4956 hcw85cir - ok
20:43:18.0860 4956 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:43:18.0922 4956 HdAudAddService - ok
20:43:19.0010 4956 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:43:19.0063 4956 HDAudBus - ok
20:43:19.0078 4956 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:43:19.0106 4956 HidBatt - ok
20:43:19.0194 4956 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:43:19.0248 4956 HidBth - ok
20:43:19.0352 4956 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:43:19.0393 4956 HidIr - ok
20:43:19.0418 4956 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:43:19.0472 4956 hidserv - ok
20:43:19.0571 4956 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:43:19.0600 4956 HidUsb - ok
20:43:19.0626 4956 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:43:19.0712 4956 hkmsvc - ok
20:43:19.0801 4956 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:43:19.0868 4956 HomeGroupListener - ok
20:43:19.0948 4956 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:43:19.0991 4956 HomeGroupProvider - ok
20:43:20.0089 4956 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:43:20.0125 4956 HpSAMD - ok
20:43:20.0171 4956 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:43:20.0240 4956 HTTP - ok
20:43:20.0317 4956 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:43:20.0340 4956 hwpolicy - ok
20:43:20.0372 4956 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:43:20.0391 4956 i8042prt - ok
20:43:20.0497 4956 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
20:43:20.0533 4956 iaStor - ok
20:43:20.0650 4956 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:43:20.0702 4956 iaStorV - ok
20:43:20.0840 4956 IconMan_R (dabfbe88774a3c1a8cea198348e02740) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
20:43:20.0896 4956 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
20:43:20.0896 4956 IconMan_R - detected UnsignedFile.Multi.Generic (1)
20:43:20.0983 4956 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:43:21.0041 4956 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:43:21.0041 4956 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:43:21.0157 4956 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:43:21.0214 4956 idsvc - ok
20:43:21.0313 4956 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:43:21.0345 4956 iirsp - ok
20:43:21.0393 4956 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:43:21.0485 4956 IKEEXT - ok
20:43:21.0664 4956 IntcAzAudAddService (2cc2f7c5990bb76767038f4b16d17a56) C:\Windows\system32\drivers\RTKVHD64.sys
20:43:21.0730 4956 IntcAzAudAddService - ok
20:43:21.0824 4956 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:43:21.0849 4956 intelide - ok
20:43:21.0929 4956 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:43:21.0967 4956 intelppm - ok
20:43:22.0006 4956 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:43:22.0082 4956 IPBusEnum - ok
20:43:22.0172 4956 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:43:22.0255 4956 IpFilterDriver - ok
20:43:22.0360 4956 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:43:22.0436 4956 iphlpsvc - ok
20:43:22.0529 4956 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:43:22.0585 4956 IPMIDRV - ok
20:43:22.0670 4956 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:43:22.0769 4956 IPNAT - ok
20:43:22.0789 4956 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:43:22.0825 4956 IRENUM - ok
20:43:22.0912 4956 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:43:22.0938 4956 isapnp - ok
20:43:22.0960 4956 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:43:22.0988 4956 iScsiPrt - ok
20:43:23.0079 4956 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:43:23.0113 4956 kbdclass - ok
20:43:23.0170 4956 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:43:23.0207 4956 kbdhid - ok
20:43:23.0261 4956 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:43:23.0289 4956 KeyIso - ok
20:43:23.0354 4956 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:43:23.0383 4956 KSecDD - ok
20:43:23.0429 4956 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:43:23.0465 4956 KSecPkg - ok
20:43:23.0560 4956 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:43:23.0641 4956 ksthunk - ok
20:43:23.0734 4956 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:43:23.0834 4956 KtmRm - ok
20:43:23.0931 4956 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:43:24.0034 4956 LanmanServer - ok
20:43:24.0109 4956 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:43:24.0203 4956 LanmanWorkstation - ok
20:43:24.0316 4956 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:43:24.0412 4956 lltdio - ok
20:43:24.0497 4956 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:43:24.0561 4956 lltdsvc - ok
20:43:24.0653 4956 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:43:24.0725 4956 lmhosts - ok
20:43:24.0813 4956 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:43:24.0836 4956 LMS - ok
20:43:24.0961 4956 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\Windows\system32\DRIVERS\LPCFilter.sys
20:43:24.0984 4956 LPCFilter - ok
20:43:25.0065 4956 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:43:25.0097 4956 LSI_FC - ok
20:43:25.0141 4956 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:43:25.0156 4956 LSI_SAS - ok
20:43:25.0222 4956 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:43:25.0254 4956 LSI_SAS2 - ok
20:43:25.0306 4956 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:43:25.0335 4956 LSI_SCSI - ok
20:43:25.0416 4956 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:43:25.0501 4956 luafv - ok
20:43:25.0536 4956 McAWFwk - ok
20:43:25.0622 4956 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:43:25.0673 4956 Mcx2Svc - ok
20:43:25.0709 4956 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:43:25.0738 4956 megasas - ok
20:43:25.0820 4956 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:43:25.0858 4956 MegaSR - ok
20:43:25.0905 4956 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:43:25.0932 4956 MEIx64 - ok
20:43:26.0021 4956 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:43:26.0090 4956 MMCSS - ok
20:43:26.0129 4956 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:43:26.0165 4956 Modem - ok
20:43:26.0261 4956 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:43:26.0309 4956 monitor - ok
20:43:26.0432 4956 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:43:26.0468 4956 mouclass - ok
20:43:26.0500 4956 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:43:26.0532 4956 mouhid - ok
20:43:26.0639 4956 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:43:26.0663 4956 mountmgr - ok
20:43:26.0682 4956 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:43:26.0711 4956 mpio - ok
20:43:26.0807 4956 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:43:26.0890 4956 mpsdrv - ok
20:43:26.0992 4956 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:43:27.0053 4956 MpsSvc - ok
20:43:27.0155 4956 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:43:27.0216 4956 MRxDAV - ok
20:43:27.0305 4956 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:43:27.0370 4956 mrxsmb - ok
20:43:27.0473 4956 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:43:27.0531 4956 mrxsmb10 - ok
20:43:27.0622 4956 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:43:27.0669 4956 mrxsmb20 - ok
20:43:27.0690 4956 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
20:43:27.0715 4956 msahci - ok
20:43:27.0802 4956 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:43:27.0832 4956 msdsm - ok
20:43:27.0859 4956 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:43:27.0899 4956 MSDTC - ok
20:43:27.0995 4956 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:43:28.0061 4956 Msfs - ok
20:43:28.0162 4956 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:43:28.0239 4956 mshidkmdf - ok
20:43:28.0322 4956 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:43:28.0351 4956 msisadrv - ok
20:43:28.0408 4956 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:43:28.0468 4956 MSiSCSI - ok
20:43:28.0536 4956 msiserver - ok
20:43:28.0591 4956 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:43:28.0654 4956 MSKSSRV - ok
20:43:28.0725 4956 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:43:28.0793 4956 MSPCLOCK - ok
20:43:28.0829 4956 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:43:28.0903 4956 MSPQM - ok
20:43:28.0974 4956 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:43:29.0013 4956 MsRPC - ok
20:43:29.0047 4956 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:43:29.0056 4956 mssmbios - ok
20:43:29.0158 4956 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:43:29.0248 4956 MSTEE - ok
20:43:29.0334 4956 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:43:29.0376 4956 MTConfig - ok
20:43:29.0447 4956 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:43:29.0473 4956 Mup - ok
20:43:29.0512 4956 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:43:29.0575 4956 napagent - ok
20:43:29.0697 4956 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:43:29.0769 4956 NativeWifiP - ok
20:43:29.0882 4956 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:43:29.0922 4956 NDIS - ok
20:43:30.0013 4956 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:43:30.0090 4956 NdisCap - ok
20:43:30.0118 4956 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:43:30.0158 4956 NdisTapi - ok
20:43:30.0260 4956 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:43:30.0330 4956 Ndisuio - ok
20:43:30.0356 4956 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:43:30.0405 4956 NdisWan - ok
20:43:30.0494 4956 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:43:30.0573 4956 NDProxy - ok
20:43:30.0673 4956 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:43:30.0779 4956 NetBIOS - ok
20:43:30.0884 4956 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:43:30.0960 4956 NetBT - ok
20:43:31.0052 4956 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:43:31.0081 4956 Netlogon - ok
20:43:31.0131 4956 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:43:31.0236 4956 Netman - ok
20:43:31.0326 4956 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:43:31.0397 4956 netprofm - ok
20:43:31.0481 4956 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:43:31.0540 4956 NetTcpPortSharing - ok
20:43:31.0640 4956 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:43:31.0665 4956 nfrd960 - ok
20:43:31.0887 4956 NIHardwareService (7c272c9e8696a63a58d3a835fd446212) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
20:43:32.0066 4956 NIHardwareService ( UnsignedFile.Multi.Generic ) - warning
20:43:32.0066 4956 NIHardwareService - detected UnsignedFile.Multi.Generic (1)
20:43:32.0162 4956 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:43:32.0284 4956 NlaSvc - ok
20:43:32.0371 4956 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:43:32.0426 4956 Npfs - ok
20:43:32.0455 4956 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:43:32.0496 4956 nsi - ok
20:43:32.0589 4956 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:43:32.0644 4956 nsiproxy - ok
20:43:32.0710 4956 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:43:32.0777 4956 Ntfs - ok
20:43:32.0855 4956 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:43:32.0936 4956 Null - ok
20:43:33.0049 4956 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
20:43:33.0102 4956 NVHDA - ok
20:43:33.0457 4956 nvlddmkm (fb2dc1985ac763aac1b293441695ba34) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:43:33.0953 4956 nvlddmkm - ok
20:43:34.0056 4956 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:43:34.0094 4956 nvraid - ok
20:43:34.0148 4956 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:43:34.0184 4956 nvstor - ok
20:43:34.0267 4956 NVSvc (0c0ee3e423ae115363e6c497d6d430e1) C:\Windows\system32\nvvsvc.exe
20:43:34.0338 4956 NVSvc - ok
20:43:34.0442 4956 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:43:34.0476 4956 nv_agp - ok
20:43:34.0484 4956 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:43:34.0505 4956 ohci1394 - ok
20:43:34.0584 4956 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:43:34.0635 4956 ose - ok
20:43:34.0796 4956 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:43:35.0035 4956 osppsvc - ok
20:43:35.0141 4956 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:43:35.0216 4956 p2pimsvc - ok
20:43:35.0297 4956 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:43:35.0342 4956 p2psvc - ok
20:43:35.0396 4956 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:43:35.0443 4956 Parport - ok
20:43:35.0490 4956 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:43:35.0519 4956 partmgr - ok
20:43:35.0573 4956 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:43:35.0637 4956 PcaSvc - ok
20:43:35.0705 4956 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:43:35.0742 4956 pci - ok
20:43:35.0776 4956 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:43:35.0805 4956 pciide - ok
20:43:35.0877 4956 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:43:35.0904 4956 pcmcia - ok
20:43:35.0941 4956 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:43:35.0961 4956 pcw - ok
20:43:36.0039 4956 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:43:36.0133 4956 PEAUTH - ok
20:43:36.0234 4956 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:43:36.0322 4956 PerfHost - ok
20:43:36.0434 4956 PGEffect (91111cebbde8015e822c46120ed9537c) C:\Windows\system32\DRIVERS\pgeffect.sys
20:43:36.0462 4956 PGEffect - ok
20:43:36.0519 4956 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:43:36.0611 4956 pla - ok
20:43:36.0721 4956 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:43:36.0800 4956 PlugPlay - ok
20:43:36.0885 4956 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:43:36.0925 4956 PNRPAutoReg - ok
20:43:36.0952 4956 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:43:36.0977 4956 PNRPsvc - ok
20:43:37.0067 4956 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:43:37.0166 4956 PolicyAgent - ok
20:43:37.0250 4956 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:43:37.0350 4956 Power - ok
20:43:37.0448 4956 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:43:37.0518 4956 PptpMiniport - ok
20:43:37.0606 4956 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:43:37.0652 4956 Processor - ok
20:43:37.0731 4956 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:43:37.0824 4956 ProfSvc - ok
20:43:37.0852 4956 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:43:37.0863 4956 ProtectedStorage - ok
20:43:37.0965 4956 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:43:38.0039 4956 Psched - ok
20:43:38.0186 4956 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:43:38.0244 4956 ql2300 - ok
20:43:38.0344 4956 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:43:38.0379 4956 ql40xx - ok
20:43:38.0419 4956 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:43:38.0467 4956 QWAVE - ok
20:43:38.0559 4956 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:43:38.0625 4956 QWAVEdrv - ok
20:43:38.0721 4956 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:43:38.0794 4956 RasAcd - ok
20:43:38.0899 4956 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:43:38.0976 4956 RasAgileVpn - ok
20:43:39.0066 4956 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:43:39.0142 4956 RasAuto - ok
20:43:39.0244 4956 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:43:39.0319 4956 Rasl2tp - ok
20:43:39.0415 4956 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:43:39.0498 4956 RasMan - ok
20:43:39.0598 4956 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:43:39.0678 4956 RasPppoe - ok
20:43:39.0781 4956 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:43:39.0869 4956 RasSstp - ok
20:43:39.0964 4956 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:43:40.0058 4956 rdbss - ok
20:43:40.0154 4956 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:43:40.0203 4956 rdpbus - ok
20:43:40.0309 4956 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:43:40.0379 4956 RDPCDD - ok
20:43:40.0471 4956 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:43:40.0556 4956 RDPENCDD - ok
20:43:40.0653 4956 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:43:40.0702 4956 RDPREFMP - ok
20:43:40.0734 4956 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:43:40.0773 4956 RDPWD - ok
20:43:40.0870 4956 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:43:40.0909 4956 rdyboost - ok
20:43:40.0936 4956 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:43:40.0998 4956 RemoteAccess - ok
20:43:41.0073 4956 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:43:41.0149 4956 RemoteRegistry - ok
20:43:41.0170 4956 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:43:41.0221 4956 RpcEptMapper - ok
20:43:41.0297 4956 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:43:41.0324 4956 RpcLocator - ok
20:43:41.0355 4956 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:43:41.0397 4956 RpcSs - ok
20:43:41.0480 4956 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:43:41.0574 4956 rspndr - ok
20:43:41.0693 4956 RSUSBSTOR (9beb5f18a418ff70659ce2e356829568) C:\Windows\system32\Drivers\RtsUStor.sys
20:43:41.0727 4956 RSUSBSTOR - ok
20:43:41.0813 4956 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:43:41.0860 4956 RTL8167 - ok
20:43:41.0934 4956 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
20:43:42.0000 4956 RTL8192Ce - ok
20:43:42.0086 4956 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:43:42.0109 4956 SamSs - ok
20:43:42.0138 4956 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:43:42.0159 4956 sbp2port - ok
20:43:42.0250 4956 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:43:42.0345 4956 SCardSvr - ok
20:43:42.0438 4956 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:43:42.0515 4956 scfilter - ok
20:43:42.0621 4956 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:43:42.0689 4956 Schedule - ok
20:43:42.0765 4956 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:43:42.0809 4956 SCPolicySvc - ok
20:43:42.0840 4956 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:43:42.0875 4956 SDRSVC - ok
20:43:42.0968 4956 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:43:43.0034 4956 secdrv - ok
20:43:43.0061 4956 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:43:43.0110 4956 seclogon - ok
20:43:43.0182 4956 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:43:43.0259 4956 SENS - ok
20:43:43.0355 4956 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:43:43.0421 4956 SensrSvc - ok
20:43:43.0509 4956 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:43:43.0549 4956 Serenum - ok
20:43:43.0657 4956 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:43:43.0694 4956 Serial - ok
20:43:43.0790 4956 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:43:43.0839 4956 sermouse - ok
20:43:43.0888 4956 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:43:43.0957 4956 SessionEnv - ok
20:43:44.0054 4956 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:43:44.0109 4956 sffdisk - ok
20:43:44.0128 4956 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:43:44.0150 4956 sffp_mmc - ok
20:43:44.0239 4956 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:43:44.0285 4956 sffp_sd - ok
20:43:44.0369 4956 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:43:44.0411 4956 sfloppy - ok
20:43:44.0544 4956 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
20:43:44.0603 4956 Sftfs - ok
20:43:44.0713 4956 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:43:44.0794 4956 sftlist - ok
20:43:44.0902 4956 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:43:44.0944 4956 Sftplay - ok
20:43:44.0970 4956 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:43:44.0983 4956 Sftredir - ok
20:43:45.0063 4956 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
20:43:45.0086 4956 Sftvol - ok
20:43:45.0176 4956 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:43:45.0231 4956 sftvsa - ok
20:43:45.0324 4956 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:43:45.0408 4956 SharedAccess - ok
20:43:45.0491 4956 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:43:45.0594 4956 ShellHWDetection - ok
20:43:45.0695 4956 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:43:45.0740 4956 SiSRaid2 - ok
20:43:45.0830 4956 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:43:45.0867 4956 SiSRaid4 - ok
20:43:45.0977 4956 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:43:46.0072 4956 Smb - ok
20:43:46.0163 4956 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:43:46.0198 4956 SNMPTRAP - ok
20:43:46.0235 4956 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:43:46.0260 4956 spldr - ok
20:43:46.0357 4956 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:43:46.0426 4956 Spooler - ok
20:43:46.0521 4956 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:43:46.0619 4956 sppsvc - ok
20:43:46.0703 4956 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:43:46.0766 4956 sppuinotify - ok
20:43:46.0806 4956 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:43:46.0832 4956 srv - ok
20:43:46.0927 4956 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:43:46.0970 4956 srv2 - ok
20:43:47.0070 4956 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:43:47.0121 4956 srvnet - ok
20:43:47.0211 4956 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:43:47.0296 4956 SSDPSRV - ok
20:43:47.0372 4956 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:43:47.0434 4956 SstpSvc - ok
20:43:47.0469 4956 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:43:47.0497 4956 stexstor - ok
20:43:47.0590 4956 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:43:47.0661 4956 stisvc - ok
20:43:47.0701 4956 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:43:47.0731 4956 swenum - ok
20:43:47.0821 4956 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:43:47.0906 4956 swprv - ok
20:43:48.0056 4956 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\Windows\system32\DRIVERS\SynTP.sys
20:43:48.0128 4956 SynTP - ok
20:43:48.0258 4956 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:43:48.0319 4956 SysMain - ok
20:43:48.0396 4956 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:43:48.0456 4956 TabletInputService - ok
20:43:48.0481 4956 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:43:48.0532 4956 TapiSrv - ok
20:43:48.0609 4956 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:43:48.0678 4956 TBS - ok
20:43:48.0772 4956 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:43:48.0852 4956 Tcpip - ok
20:43:48.0994 4956 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:43:49.0038 4956 TCPIP6 - ok
20:43:49.0134 4956 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:43:49.0203 4956 tcpipreg - ok
20:43:49.0357 4956 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:43:49.0375 4956 tdcmdpst - ok
20:43:49.0426 4956 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:43:49.0484 4956 TDPIPE - ok
20:43:49.0555 4956 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:43:49.0602 4956 TDTCP - ok
20:43:49.0714 4956 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:43:49.0790 4956 tdx - ok
20:43:49.0866 4956 TemproMonitoringService (1b709733a04dcc41a63f9cd1f76a4ebe) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
20:43:49.0911 4956 TemproMonitoringService - ok
20:43:50.0006 4956 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:43:50.0038 4956 TermDD - ok
20:43:50.0087 4956 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:43:50.0183 4956 TermService - ok
20:43:50.0264 4956 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:43:50.0323 4956 Themes - ok
20:43:50.0391 4956 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:43:50.0447 4956 THREADORDER - ok
20:43:50.0539 4956 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:43:50.0577 4956 TMachInfo - ok
20:43:50.0663 4956 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe
20:43:50.0693 4956 TODDSrv - ok
20:43:50.0773 4956 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:43:50.0815 4956 TosCoSrv - ok
20:43:50.0856 4956 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
20:43:50.0875 4956 TOSHIBA HDD SSD Alert Service - ok
20:43:50.0958 4956 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:43:51.0024 4956 TrkWks - ok
20:43:51.0087 4956 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:43:51.0159 4956 TrustedInstaller - ok
20:43:51.0240 4956 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:43:51.0293 4956 tssecsrv - ok
20:43:51.0314 4956 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:43:51.0352 4956 TsUsbFlt - ok
20:43:51.0432 4956 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:43:51.0467 4956 TsUsbGD - ok
20:43:51.0574 4956 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:43:51.0656 4956 tunnel - ok
20:43:51.0747 4956 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:43:51.0770 4956 TVALZ - ok
20:43:51.0798 4956 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:43:51.0822 4956 uagp35 - ok
20:43:51.0916 4956 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:43:51.0984 4956 udfs - ok
20:43:52.0010 4956 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:43:52.0024 4956 UI0Detect - ok
20:43:52.0117 4956 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:43:52.0152 4956 uliagpkx - ok
20:43:52.0174 4956 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:43:52.0202 4956 umbus - ok
20:43:52.0297 4956 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:43:52.0336 4956 UmPass - ok
20:43:52.0479 4956 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:43:52.0532 4956 UNS - ok
20:43:52.0621 4956 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:43:52.0720 4956 upnphost - ok
20:43:52.0838 4956 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:43:52.0874 4956 usbaudio - ok
20:43:52.0908 4956 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:43:52.0948 4956 usbccgp - ok
20:43:53.0056 4956 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:43:53.0120 4956 usbcir - ok
20:43:53.0208 4956 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:43:53.0251 4956 usbehci - ok
20:43:53.0363 4956 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
20:43:53.0434 4956 usbhub - ok
20:43:53.0530 4956 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:43:53.0574 4956 usbohci - ok
20:43:53.0660 4956 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
20:43:53.0714 4956 usbprint - ok
20:43:53.0730 4956 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:43:53.0760 4956 USBSTOR - ok
20:43:53.0852 4956 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:43:53.0898 4956 usbuhci - ok
20:43:54.0037 4956 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:43:54.0098 4956 usbvideo - ok
20:43:54.0187 4956 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:43:54.0264 4956 UxSms - ok
20:43:54.0298 4956 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:43:54.0307 4956 VaultSvc - ok
20:43:54.0415 4956 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:43:54.0450 4956 vdrvroot - ok
20:43:54.0490 4956 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:43:54.0560 4956 vds - ok
20:43:54.0649 4956 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:43:54.0684 4956 vga - ok
20:43:54.0705 4956 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:43:54.0754 4956 VgaSave - ok
20:43:54.0845 4956 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:43:54.0872 4956 vhdmp - ok
20:43:54.0880 4956 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:43:54.0891 4956 viaide - ok
20:43:54.0914 4956 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:43:54.0926 4956 volmgr - ok
20:43:55.0027 4956 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:43:55.0064 4956 volmgrx - ok
20:43:55.0084 4956 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
20:43:55.0106 4956 volsnap - ok
20:43:55.0217 4956 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:43:55.0258 4956 vsmraid - ok
20:43:55.0333 4956 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:43:55.0422 4956 VSS - ok
20:43:55.0509 4956 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:43:55.0559 4956 vwifibus - ok
20:43:55.0689 4956 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:43:55.0748 4956 vwififlt - ok
20:43:55.0839 4956 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:43:55.0902 4956 W32Time - ok
20:43:55.0939 4956 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:43:55.0995 4956 WacomPen - ok
20:43:56.0090 4956 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:43:56.0173 4956 WANARP - ok
20:43:56.0189 4956 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:43:56.0218 4956 Wanarpv6 - ok
20:43:56.0340 4956 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:43:56.0415 4956 WatAdminSvc - ok
20:43:56.0531 4956 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:43:56.0593 4956 wbengine - ok
20:43:56.0679 4956 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:43:56.0724 4956 WbioSrvc - ok
20:43:56.0735 4956 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:43:56.0769 4956 wcncsvc - ok
20:43:56.0853 4956 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:43:56.0914 4956 WcsPlugInService - ok
20:43:56.0954 4956 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:43:56.0984 4956 Wd - ok
20:43:57.0067 4956 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:43:57.0120 4956 Wdf01000 - ok
20:43:57.0141 4956 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:43:57.0233 4956 WdiServiceHost - ok
20:43:57.0239 4956 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:43:57.0266 4956 WdiSystemHost - ok
20:43:57.0346 4956 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:43:57.0423 4956 WebClient - ok
20:43:57.0448 4956 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:43:57.0501 4956 Wecsvc - ok
20:43:57.0585 4956 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:43:57.0652 4956 wercplsupport - ok
20:43:57.0672 4956 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:43:57.0766 4956 WerSvc - ok
20:43:57.0848 4956 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:43:57.0902 4956 WfpLwf - ok
20:43:57.0919 4956 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:43:57.0930 4956 WIMMount - ok
20:43:57.0967 4956 WinDefend - ok
20:43:57.0972 4956 WinHttpAutoProxySvc - ok
20:43:58.0075 4956 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:43:58.0135 4956 Winmgmt - ok
20:43:58.0274 4956 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:43:58.0352 4956 WinRM - ok
20:43:58.0462 4956 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:43:58.0522 4956 Wlansvc - ok
20:43:58.0593 4956 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:43:58.0631 4956 wlcrasvc - ok
20:43:58.0728 4956 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:43:58.0797 4956 wlidsvc - ok
20:43:58.0898 4956 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:43:58.0948 4956 WmiAcpi - ok
20:43:59.0000 4956 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:43:59.0024 4956 wmiApSrv - ok
20:43:59.0071 4956 WMPNetworkSvc - ok
20:43:59.0149 4956 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:43:59.0194 4956 WPCSvc - ok
20:43:59.0212 4956 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:43:59.0264 4956 WPDBusEnum - ok
20:43:59.0354 4956 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:43:59.0416 4956 ws2ifsl - ok
20:43:59.0451 4956 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:43:59.0470 4956 wscsvc - ok
20:43:59.0529 4956 WSearch - ok
20:43:59.0617 4956 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:43:59.0695 4956 wuauserv - ok
20:43:59.0784 4956 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:43:59.0843 4956 WudfPf - ok
20:43:59.0877 4956 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:43:59.0916 4956 WUDFRd - ok
20:43:59.0989 4956 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:44:00.0044 4956 wudfsvc - ok
20:44:00.0070 4956 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:44:00.0105 4956 WwanSvc - ok
20:44:00.0134 4956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:44:00.0247 4956 \Device\Harddisk0\DR0 - ok
20:44:00.0282 4956 Boot (0x1200) (663c0542b6be61042b4ce6e9991f1a8e) \Device\Harddisk0\DR0\Partition0
20:44:00.0284 4956 \Device\Harddisk0\DR0\Partition0 - ok
20:44:00.0303 4956 Boot (0x1200) (1fe4519ff92fc205b30d159120755fc2) \Device\Harddisk0\DR0\Partition1
20:44:00.0306 4956 \Device\Harddisk0\DR0\Partition1 - ok
20:44:00.0307 4956 ============================================================
20:44:00.0307 4956 Scan finished
20:44:00.0307 4956 ============================================================
20:44:00.0324 4808 Detected object count: 3
20:44:00.0324 4808 Actual detected object count: 3
20:45:17.0282 4808 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
20:45:17.0282 4808 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:45:17.0285 4808 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:45:17.0285 4808 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:45:17.0290 4808 NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user
20:45:17.0290 4808 NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Vielen Dank
nette grüße webi

cosinus 15.04.2012 21:11
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

webi 16.04.2012 10:40
Habe Combo Fix ausgeführt,danach war Mozilla Firefox nicht mehr alsStandart Browswer eingestellt aber sonst war alles gut.

hier der log:
Combofix Logfile:
Code:
ComboFix 12-04-16.01 - Mathias Wehpke 16.04.2012  10:08:33.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4074.2772 [GMT 2:00]
ausgeführt von:: c:\users\Mathias Wehpke\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-16 bis 2012-04-16  ))))))))))))))))))))))))))))))
.
.
2012-04-14 12:44 . 2012-04-14 12:44        89944        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\624687c51cd1a3c01\DSETUP.dll
2012-04-14 12:44 . 2012-04-14 12:44        537432        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\624687c51cd1a3c01\DXSETUP.exe
2012-04-14 12:44 . 2012-04-14 12:44        1801048        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\624687c51cd1a3c01\dsetup32.dll
2012-04-14 12:44 . 2012-04-14 12:44        15712        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\62846b8c1cd1a3c02\MeshBetaRemover.exe
2012-04-14 12:40 . 2012-04-14 12:40        --------        d-----w-        C:\_OTL
2012-04-13 13:23 . 2012-04-13 13:23        --------        d-----w-        c:\users\Mathias Wehpke\AppData\Local\ElevatedDiagnostics
2012-04-12 08:00 . 2012-03-01 06:46        23408        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-04-12 08:00 . 2012-03-01 06:33        81408        ----a-w-        c:\windows\system32\imagehlp.dll
2012-04-12 08:00 . 2012-03-01 05:33        159232        ----a-w-        c:\windows\SysWow64\imagehlp.dll
2012-04-12 08:00 . 2012-03-01 06:38        220672        ----a-w-        c:\windows\system32\wintrust.dll
2012-04-12 08:00 . 2012-03-01 05:37        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll
2012-04-12 08:00 . 2012-03-01 06:28        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-04-12 08:00 . 2012-03-01 05:29        5120        ----a-w-        c:\windows\SysWow64\wmi.dll
2012-04-11 17:34 . 2012-04-11 17:34        --------        d-----w-        c:\program files (x86)\Uncompressor
2012-04-10 19:02 . 2012-04-10 19:02        --------        d-----w-        c:\users\Mathias Wehpke\AppData\Roaming\Malwarebytes
2012-04-10 19:02 . 2012-04-10 19:02        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-10 19:02 . 2012-04-10 19:02        --------        d-----w-        c:\programdata\Malwarebytes
2012-04-10 19:02 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-04-10 16:24 . 2012-04-10 16:24        --------        d-----w-        c:\program files (x86)\ESET
2012-04-08 16:28 . 2012-04-08 16:28        --------        d-----w-        c:\users\Mathias Wehpke\AppData\Roaming\DVDVideoSoft
2012-04-08 16:28 . 2012-04-08 16:28        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft
2012-04-08 16:28 . 2012-04-08 16:28        --------        d-----w-        c:\program files (x86)\DVDVideoSoft
2012-03-18 17:43 . 2012-03-18 17:43        --------        d-----r-        C:\MSOCache
2012-03-18 12:53 . 2012-03-18 12:53        592824        ----a-w-        c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 12:53 . 2012-03-18 12:53        44472        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 09:32 . 2012-03-02 09:32        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 06:38 . 2012-03-14 01:07        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 01:07        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 01:07        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 01:07        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 01:08        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 01:08        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 01:08        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-01-31 07:56 . 2012-03-02 08:48        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-01-31 07:56 . 2012-03-02 08:48        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-01-25 06:38 . 2012-03-14 01:07        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 01:07        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 01:07        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe" [2011-05-16 846936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-04 1809920]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-10-12 5739008]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-26 150992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Mathias Wehpke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mathias Wehpke\AppData\Roaming\Mozilla\Firefox\Profiles\pdkuzn0h.default\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - f6cb62df000000000000743170abc6d3
FF - user.js: extensions.BabylonToolbar_i.hardId - f6cb62df000000000000743170abc6d3
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15441
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:35
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-16  10:18:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-16 08:18
.
Vor Suchlauf: 9 Verzeichnis(se), 179.722.850.304 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 179.564.924.928 Bytes frei
.
- - End Of File - - 5ADAAE6EF9FB2F7E6333859C581701BC
--- --- ---
Vielen dank und nette Grüße Webi

cosinus 16.04.2012 11:58
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr", dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

webi 16.04.2012 16:19
Hat sich einmal beim Scan aufgehangen aber beim 2 Versuch ging alles gut !
hier der Log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-16 17:02:35
-----------------------------
17:02:35.074 OS Version: Windows x64 6.1.7601 Service Pack 1
17:02:35.074 Number of processors: 4 586 0x2A07
17:02:35.074 ComputerName: MATHIASWEHPKE UserName:
17:02:35.917 Initialize success
17:02:38.662 AVAST engine defs: 12041600
17:02:48.709 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:02:48.709 Disk 0 Vendor: TOSHIBA_ GT00 Size: 476940MB BusType: 3
17:02:48.740 Disk 0 MBR read successfully
17:02:48.740 Disk 0 MBR scan
17:02:48.740 Disk 0 Windows 7 default MBR code
17:02:48.756 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
17:02:48.787 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238470 MB offset 821248
17:02:48.802 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 238069 MB offset 489207808
17:02:48.834 Disk 0 scanning C:\Windows\system32\drivers
17:02:56.665 Service scanning
17:03:27.646 Modules scanning
17:03:27.662 Disk 0 trace - called modules:
17:03:27.678 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:03:28.192 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800636b060]
17:03:28.192 3 CLASSPNP.SYS[fffff88001b6843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800457a050]
17:03:29.144 AVAST engine scan C:\Windows
17:03:31.640 AVAST engine scan C:\Windows\system32
17:05:28.749 AVAST engine scan C:\Windows\system32\drivers
17:05:38.250 AVAST engine scan C:\Users\Mathias Wehpke
17:07:54.048 AVAST engine scan C:\ProgramData
17:08:23.782 Scan finished successfully
17:13:23.072 Disk 0 MBR has been saved successfully to "C:\Users\Mathias Wehpke\Desktop\MBR.dat"
17:13:23.072 The log file has been saved successfully to "C:\Users\Mathias Wehpke\Desktop\aswMBR.txt"


nette grüße webi

cosinus 16.04.2012 19:27
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

webi 17.04.2012 16:44
Ok beide haben funde gemacht aber ich glaube nur cookies!?

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/17/2012 at 05:25 PM

Application Version : 5.0.1146

Core Rules Database Version : 8465
Trace Rules Database Version: 6277

Scan type : Complete Scan
Total Scan Time : 00:34:20

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 626
Memory threats detected : 0
Registry items scanned : 64330
Registry threats detected : 0
File items scanned : 38201
File threats detected : 11

Adware.Tracking Cookie
C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Cookies\LXQUQ6PH.txt [ /smartadserver.com ]
C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Cookies\GAHW6LD4.txt [ /apmebf.com ]
C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Cookies\805T70VZ.txt [ /mediaplex.com ]
C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Cookies\BCUF6B0N.txt [ /fastclick.net ]
C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Cookies\KKGAGE4C.txt [ /tracking.quisma.com ]
C:\USERS\MATHIAS WEHPKE\Cookies\GAHW6LD4.txt [ Cookie:mathias wehpke@apmebf.com/ ]
C:\USERS\MATHIAS WEHPKE\Cookies\805T70VZ.txt [ Cookie:mathias wehpke@mediaplex.com/ ]
C:\USERS\MATHIAS WEHPKE\Cookies\BCUF6B0N.txt [ Cookie:mathias wehpke@fastclick.net/ ]
C:\USERS\MATHIAS WEHPKE\Cookies\KKGAGE4C.txt [ Cookie:mathias wehpke@tracking.quisma.com/ ]

Adware.InstallCore
C:\PROGRAM FILES (X86)\UNCOMPRESSOR\UNINSTALL\UNINSTALL.EXE
C:\USERS\MATHIAS WEHPKE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\UNCOMPRESSOR\UNINSTALL UNCOMPRESSOR.LNK


Antimalwarebytes Log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.10.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mathias Wehpke :: MATHIASWEHPKE [Administrator]

17.04.2012 12:02:49
mbam-log-2012-04-17 (15-28-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 317923
Laufzeit: 53 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uncompressor (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Uncompressor\Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.

(Ende)
ist der Laptop jetzt wieder Sauber?
Vielen Dank und nette Grüße Webi

cosinus 17.04.2012 18:52
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

webi 18.04.2012 10:00
Ok hier der Report

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.18.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mathias Wehpke :: MATHIASWEHPKE [Administrator]

18.04.2012 10:19:01
mbam-log-2012-04-18 (10-55-36).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 319325
Laufzeit: 35 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uncompressor (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Uncompressor\Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.

(Ende)

Vielen Dank unnd nette grüße Webi

cosinus 18.04.2012 12:57
Das sind Adware-Überreste (durch Werbung finanzierte Software), lösch das

Sieht ok aus, da wurden ansonsten nur Cookies gefunden. Kannst du mit SASW löschen.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

webi 18.04.2012 17:24
Mein System ist wieder OK : )
vielen Dank für die ganze mühe und die guten Tips zum schluß
wüßte nicht wie ich das alleine hinbekommen hätte also DANKE Arne und das ganze Trojaner Board Team

janz nette grüße Webi

cosinus 18.04.2012 21:01
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:19 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131