Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Verschlüsselungs Trojaner bitte OTL-log überprüfen (https://www.trojaner-board.de/114313-verschluesselungs-trojaner-bitte-otl-log-ueberpruefen.html)

nap 29.04.2012 12:51
Verschlüsselungs Trojaner bitte OTL-log überprüfen
 
Liebe Trojaner-Board-Helferinnen und Helfer,

gestern wurde mir ein Laptop mit Windows 7 gebracht, der einen Verschlüsselungstrojaner auf dem klassischen Email-Weg eingefangen hat.

Ich habe mehrere Virenscanner durchlaufen lassen, auch den Malwarebytes Anti-Malware, mit keinem Resultat.
Dann hat Dr. Web CureIt dreimal den trojan.pws.panda.2128 gefunden und gelöscht, seitdem kann ich mich wieder ganz normal anmelden.

Die verschlüsselten Dateien habe ich mit Avira Ransom File Unlocker entschlüsselt, alles scheint wieder in Ordnung zu sein, aber bevor ich den Laptop zurückgebe, könnte jemand bitte mein OTL-logfile anschauen, damit ich sicher sein kann, dass alles Böseartige weg ist?
OTL.txt
Code:
OTL logfile created on: 29.04.2012 13:31:55 - Run 1
OTL by OldTimer - Version 3.2.42.1    Folder = C:\Users\***\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 69,39% Memory free
6,99 Gb Paging File | 5,81 Gb Available in Paging File | 83,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,15 Gb Total Space | 125,02 Gb Free Space | 67,16% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 184,99 Gb Total Space | 177,90 Gb Free Space | 96,16% Space Free | Partition Type: NTFS
 
Computer Name: KERSTIN***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.29 13:30:33 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.28 20:36:51 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.01.23 06:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.11.29 20:54:58 | 000,505,264 | ---- | M] (REINER SCT) -- C:\Windows\System32\cjpcsc.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.05.25 19:16:16 | 000,619,008 | ---- | M] (Nikon Corporation) -- C:\Programme\Nikon\Nikon Message Center 2\NkMC2.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.09.03 16:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009.08.21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009.08.21 10:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009.08.13 13:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009.08.05 15:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009.07.30 00:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.07.30 00:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008.09.26 14:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Programme\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008.04.24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2007.11.21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.07.10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.21 17:58:00 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012.04.11 17:00:10 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012.04.11 16:59:23 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012.04.11 16:59:12 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012.03.28 20:36:51 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.02.17 16:47:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.17 16:46:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.17 16:46:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.17 16:46:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.10.13 16:48:22 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.13 01:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.03.14 00:54:19 | 001,736,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3497.38831__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010.03.14 00:54:19 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010.03.14 00:54:19 | 000,339,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3497.38814__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:19 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.03.14 00:54:19 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3497.38880__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:19 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3497.38863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3497.38828__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.03.14 00:54:19 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3497.38823__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:18 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3497.38822__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:17 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:17 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:17 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.03.14 00:54:17 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3497.38867__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:15 | 000,950,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3497.38923__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:15 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:15 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:15 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3497.38875__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.03.14 00:54:15 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010.03.14 00:54:15 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:15 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3497.38861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:15 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:15 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:15 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3497.38860__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:14 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:14 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:14 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.03.14 00:54:14 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.03.14 00:54:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.03.14 00:54:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.03.14 00:54:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010.03.14 00:54:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010.03.14 00:54:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.03.14 00:54:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.03.14 00:54:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.03.14 00:54:13 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.03.14 00:54:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.03.14 00:54:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.03.14 00:54:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.03.14 00:54:11 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.03.14 00:54:11 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.03.14 00:54:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.03.14 00:54:11 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.03.14 00:54:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.03.14 00:54:10 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.03.14 00:54:10 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.03.14 00:54:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.03.14 00:54:10 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010.03.14 00:54:10 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.03.14 00:54:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.03.14 00:54:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.03.14 00:54:09 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3497.38894__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.03.14 00:54:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.03.14 00:54:09 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.03.14 00:54:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3497.38904__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.03.14 00:54:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.03.14 00:54:09 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.03.14 00:54:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.03.14 00:54:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.03.14 00:54:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010.03.14 00:54:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.03.14 00:54:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.03.14 00:54:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.03.14 00:54:09 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3497.38810__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.03.14 00:54:08 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3497.38827__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.03.14 00:54:08 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3497.38892__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.03.14 00:54:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3497.38813__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010.03.14 00:54:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3497.38812__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.03.14 00:54:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.03.14 00:54:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.03.14 00:54:08 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.03.14 00:54:07 | 001,212,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3497.38819__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.03.14 00:54:07 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.03.14 00:54:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.03.14 00:54:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.03.14 00:54:06 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3497.38811__90ba9c70f846762e\APM.Server.dll
MOD - [2010.03.14 00:54:06 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3497.38810__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.03.14 00:54:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.03.14 00:54:06 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3497.38893__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.07.29 16:35:38 | 000,014,648 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2009.07.16 16:27:48 | 000,052,536 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009.07.16 16:27:44 | 007,263,544 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009.05.04 11:45:14 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009.03.12 20:08:04 | 000,049,152 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2006.10.07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.21 17:58:00 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.29 20:54:58 | 000,505,264 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\System32\cjpcsc.exe -- (cjpcsc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.08.21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009.07.30 00:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2007.11.21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.20 12:34:21 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.08 09:54:42 | 000,028,208 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb)
DRV - [2009.09.21 11:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.30 18:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009.07.30 13:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.22 10:30:54 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009.07.14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009.07.07 09:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009.05.05 01:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008.07.15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.02.27 19:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2007.10.17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.05.31 08:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
IE - HKLM\..\SearchScopes,DefaultScope = {4485F25B-48C5-415A-A407-FDC53D14C1AA}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4485F25B-48C5-415A-A407-FDC53D14C1AA}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE;
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {4485F25B-48C5-415A-A407-FDC53D14C1AA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4485F25B-48C5-415A-A407-FDC53D14C1AA}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE;
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7TSEE_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=DxJWcXub-MDkLtFJuFlEYPAzo0A?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.28 20:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.21 18:16:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.29 15:53:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.04.08 19:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.03.14 01:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.08 19:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.04.28 14:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\szp85g3h.default\extensions
[2012.03.28 20:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.03.13 23:48:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.03.28 20:36:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 20:48:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.16 21:20:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.16 21:20:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.16 21:20:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.16 21:20:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.16 21:20:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.16 21:20:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E107494-A329-4CE0-BA88-CC363881EC4C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{8e015357-c16e-11de-8326-001e33c4e2c3}\Shell - "" = AutoRun
O33 - MountPoints2\{8e015357-c16e-11de-8326-001e33c4e2c3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{edc9fadb-2ee7-11df-a542-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{edc9fadb-2ee7-11df-a542-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.29 11:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.04.29 11:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.04.29 10:35:06 | 000,000,000 | ---D | C] -- C:\Users\***\DoctorWeb
[2012.04.28 23:29:10 | 198,547,640 | ---- | C] (T-Online) -- C:\Users\***\Desktop\T-Online_6.0.exe
[2012.04.28 23:09:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Avira-RansomFileUnlocker
[2012.04.28 21:52:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.04.28 21:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.28 21:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.28 21:52:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.28 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.28 18:09:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qkueqfgbdo
[2012.04.21 17:58:00 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.11 10:27:50 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.04.11 10:27:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.11 10:27:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.11 10:27:49 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.11 10:27:49 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.29 15:27:38 | 000,002,005 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012.04.29 15:26:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.29 15:26:38 | 2816,864,256 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.29 13:38:41 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.04.29 13:34:41 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.29 13:34:41 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.29 13:33:03 | 000,672,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.29 13:33:03 | 000,630,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.29 13:33:03 | 000,138,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.29 13:33:03 | 000,113,542 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.29 13:32:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.29 11:10:13 | 000,010,214 | ---- | M] () -- C:\Users\***\Documents\H&M Kundennummer.eml
[2012.04.29 11:10:13 | 000,001,622 | ---- | M] () -- C:\Users\***\Documents\Neues Passwort schlecker.eml
[2012.04.28 23:56:23 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2012.04.28 23:29:23 | 000,000,268 | ---- | M] () -- C:\Users\***\AppData\Roaming\Audio Unit Effect
[2012.04.28 23:29:23 | 000,000,268 | ---- | M] () -- C:\Users\***\AppData\Roaming\Audio
[2012.04.28 23:29:18 | 002,195,352 | ---- | M] () -- C:\Users\***\Desktop\TeamViewerQS.exe
[2012.04.28 23:29:17 | 198,547,640 | ---- | M] (T-Online) -- C:\Users\***\Desktop\T-Online_6.0.exe
[2012.04.28 23:29:10 | 000,135,673 | ---- | M] () -- C:\Users\***\Desktop\Plakat - Foer de Katt - 2012.jpg
[2012.04.28 23:29:10 | 000,000,048 | ---- | M] () -- C:\Users\***\Desktop\Google Maps.URL
[2012.04.28 23:26:05 | 001,059,629 | ---- | M] () -- C:\Users\***\Documents\RN. Telekomm Andre Unfall.pdf
[2012.04.28 23:26:05 | 000,815,000 | ---- | M] () -- C:\Users\***\Documents\Krankenhausbericht Roland Klinik.pdf
[2012.04.28 23:26:05 | 000,558,304 | ---- | M] () -- C:\Users\***\Documents\Zahnbehandlungsschein.pdf
[2012.04.28 23:26:05 | 000,111,550 | ---- | M] () -- C:\Users\***\Documents\Rechnung messerblock.pdf
[2012.04.28 23:26:05 | 000,044,281 | ---- | M] () -- C:\Users\***\Documents\Rechnung M.Bremer.pdf
[2012.04.28 23:26:04 | 000,052,752 | ---- | M] () -- C:\Users\***\Documents\Goldene Hochzeit.mcf
[2012.04.28 23:26:04 | 000,008,023 | ---- | M] () -- C:\Users\***\Documents\29051 jemako rechnung.pdf
[2012.04.28 21:06:18 | 000,000,407 | ---- | M] () -- C:\Users\***\Desktop\Decrypt.jar
[2012.04.28 18:14:17 | 000,558,304 | ---- | M] () -- C:\Users\***\Documents\locked-Zahnbehandlungsschein.pdf.wwcj
[2012.04.28 18:14:09 | 001,059,629 | ---- | M] () -- C:\Users\***\Documents\locked-RN. Telekomm Andre Unfall.pdf.nwpb
[2012.04.28 18:14:05 | 000,111,550 | ---- | M] () -- C:\Users\***\Documents\locked-Rechnung messerblock.pdf.sowf
[2012.04.28 18:14:05 | 000,044,281 | ---- | M] () -- C:\Users\***\Documents\locked-Rechnung M.Bremer.pdf.mwbg
[2012.04.28 18:14:05 | 000,001,622 | ---- | M] () -- C:\Users\***\Documents\locked-Neues Passwort schlecker.eml.vdfm
[2012.04.28 18:14:04 | 000,815,000 | ---- | M] () -- C:\Users\***\Documents\locked-Krankenhausbericht Roland Klinik.pdf.ewld
[2012.04.28 18:13:57 | 000,052,752 | ---- | M] () -- C:\Users\***\Documents\locked-Goldene Hochzeit.mcf.ssfw
[2012.04.28 18:13:57 | 000,010,214 | ---- | M] () -- C:\Users\***\Documents\locked-H&M Kundennummer.eml.cfdc
[2012.04.28 18:13:53 | 198,547,640 | ---- | M] () -- C:\Users\***\Desktop\locked-T-Online_6.0.exe.lkhz
[2012.04.28 18:13:53 | 002,195,352 | ---- | M] () -- C:\Users\***\Desktop\locked-TeamViewerQS.exe.zrnz
[2012.04.28 18:13:53 | 000,008,023 | ---- | M] () -- C:\Users\***\Documents\locked-29051 jemako rechnung.pdf.fywc
[2012.04.28 18:13:52 | 000,135,673 | ---- | M] () -- C:\Users\***\Desktop\locked-Plakat - Foer de Katt - 2012.jpg.arof
[2012.04.28 18:13:51 | 000,000,048 | ---- | M] () -- C:\Users\***\Desktop\locked-Google Maps.URL.anrb
[2012.04.28 18:13:07 | 000,000,268 | ---- | M] () -- C:\Users\***\AppData\Roaming\locked-Audio.ptxt
[2012.04.28 18:13:07 | 000,000,268 | ---- | M] () -- C:\Users\***\AppData\Roaming\locked-Audio Unit Effect.dnrd
[2012.04.28 18:11:01 | 000,000,012 | ---- | M] () -- C:\ProgramData\CMMs
[2012.04.28 18:11:01 | 000,000,012 | ---- | M] () -- C:\ProgramData\Bundle
[2012.04.28 18:11:01 | 000,000,012 | ---- | M] () -- C:\ProgramData\Brother
[2012.04.28 18:10:58 | 000,000,268 | ---- | M] () -- C:\ProgramData\Automator
[2012.04.28 18:10:58 | 000,000,268 | ---- | M] () -- C:\ProgramData\Automatic Filter
[2012.04.28 18:10:58 | 000,000,268 | ---- | M] () -- C:\ProgramData\Authentication
[2012.04.21 17:58:00 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.21 17:58:00 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.29 10:14:24 | 000,002,005 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012.04.28 23:56:23 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat
[2012.04.28 23:29:23 | 000,000,268 | ---- | C] () -- C:\Users\***\AppData\Roaming\Audio Unit Effect
[2012.04.28 23:29:23 | 000,000,268 | ---- | C] () -- C:\Users\***\AppData\Roaming\Audio
[2012.04.28 23:29:17 | 002,195,352 | ---- | C] () -- C:\Users\***\Desktop\TeamViewerQS.exe
[2012.04.28 23:29:10 | 000,135,673 | ---- | C] () -- C:\Users\***\Desktop\Plakat - Foer de Katt - 2012.jpg
[2012.04.28 23:29:10 | 000,000,048 | ---- | C] () -- C:\Users\***\Desktop\Google Maps.URL
[2012.04.28 23:26:05 | 001,059,629 | ---- | C] () -- C:\Users\***\Documents\RN. Telekomm Andre Unfall.pdf
[2012.04.28 23:26:05 | 000,815,000 | ---- | C] () -- C:\Users\***\Documents\Krankenhausbericht Roland Klinik.pdf
[2012.04.28 23:26:05 | 000,558,304 | ---- | C] () -- C:\Users\***\Documents\Zahnbehandlungsschein.pdf
[2012.04.28 23:26:05 | 000,111,550 | ---- | C] () -- C:\Users\***\Documents\Rechnung messerblock.pdf
[2012.04.28 23:26:05 | 000,044,281 | ---- | C] () -- C:\Users\***\Documents\Rechnung M.Bremer.pdf
[2012.04.28 23:26:05 | 000,001,622 | ---- | C] () -- C:\Users\***\Documents\Neues Passwort schlecker.eml
[2012.04.28 23:26:04 | 000,052,752 | ---- | C] () -- C:\Users\***\Documents\Goldene Hochzeit.mcf
[2012.04.28 23:26:04 | 000,010,214 | ---- | C] () -- C:\Users\***\Documents\H&M Kundennummer.eml
[2012.04.28 23:26:04 | 000,008,023 | ---- | C] () -- C:\Users\***\Documents\29051 jemako rechnung.pdf
[2012.04.28 22:53:13 | 000,000,407 | ---- | C] () -- C:\Users\***\Desktop\Decrypt.jar
[2012.04.26 18:04:25 | 000,135,673 | ---- | C] () -- C:\Users\***\Desktop\locked-Plakat - Foer de Katt - 2012.jpg.arof
[2012.04.21 17:58:03 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011.08.14 20:13:19 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Applications
[2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\Users\***\AppData\Roaming\locked-Audio.ptxt
[2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\Users\***\AppData\Roaming\locked-Audio Unit Effect.dnrd
[2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\ProgramData\Automator
[2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\ProgramData\Automatic Filter
[2011.08.14 20:13:19 | 000,000,268 | ---- | C] () -- C:\ProgramData\Authentication
[2011.08.14 20:13:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.08.14 20:13:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.08.14 20:13:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.08.14 20:13:19 | 000,000,012 | ---- | C] () -- C:\ProgramData\CMMs
[2011.08.14 20:13:19 | 000,000,012 | ---- | C] () -- C:\ProgramData\Bundle
[2011.08.14 20:13:19 | 000,000,012 | ---- | C] () -- C:\ProgramData\Brother
[2010.12.05 14:10:29 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2010.12.05 14:10:29 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2010.12.05 13:45:28 | 000,000,787 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2010.06.18 20:08:25 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.12.16 17:13:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.04.28 23:30:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\myphotobook
[2012.04.28 23:30:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2012.04.29 11:07:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qkueqfgbdo
[2010.03.13 23:58:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2010.03.13 23:58:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2012.04.28 23:30:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.03.14 01:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.04.08 19:03:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2010.03.13 23:58:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba
[2010.03.14 00:28:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch
[2012.03.30 18:07:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 805 bytes -> C:\Users\***\Documents\Neues Passwort schlecker.eml:OECustomProperty
@Alternate Data Stream - 805 bytes -> C:\Users\***\Documents\locked-Neues Passwort schlecker.eml.vdfm:OECustomProperty
@Alternate Data Stream - 729 bytes -> C:\Users\***\Documents\locked-H&M Kundennummer.eml.cfdc:OECustomProperty
@Alternate Data Stream - 729 bytes -> C:\Users\***\Documents\H&M Kundennummer.eml:OECustomProperty

< End of report >
Extra.txt
Code:
OTL Extras logfile created on: 29.04.2012 13:31:55 - Run 1
OTL by OldTimer - Version 3.2.42.1    Folder = C:\Users\***\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 69,39% Memory free
6,99 Gb Paging File | 5,81 Gb Available in Paging File | 83,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,15 Gb Total Space | 125,02 Gb Free Space | 67,16% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 184,99 Gb Total Space | 177,90 Gb Free Space | 96,16% Space Free | Partition Type: NTFS
 
Computer Name: KERSTIN***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11C8D604-381D-4C6F-94B8-0F0985251712}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{134EFFED-486E-41FE-9CEA-4B059838BA43}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe |
"{2FC48D04-40EF-4983-BA59-B613812EC7D0}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{33DA57ED-0B29-44B1-B9B8-EC437404F792}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3E4DD078-DAE4-44B3-B0B5-53261A2B776C}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{4BFB7EFA-E1DE-4373-B79C-70028E8330F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{70A79385-0211-4AE6-8FB7-C41DBFC356EB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{78117419-A588-4D00-A420-9E8B42FF0AEC}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0 s-edition\app\starmoney.exe |
"{799B75C7-71A7-45EC-B229-2A58B859F86E}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0 s-edition\app\starmoney.exe |
"{8C059C17-32B8-4C3F-9CEA-B0A0C37D3184}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9C917AF3-031E-4839-8E38-771B4C59A3E0}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe |
"{A66A2360-9A0C-40A1-8920-E07499CD520D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF86CE8E-F7EC-464D-9221-4DDDA162B71D}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{F34566CE-834E-4E0F-8D2C-8E633426FD46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{47879FA7-BC8F-4D7F-8057-86D0416579FA}" = StarMoney
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{52306338-9945-41A5-A021-25739C852B58}" = StarMoney
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B5A39926-319B-4F86-8447-E764CE92F229}" = StarMoney 8.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E8D82F42-EBD8-478C-917B-28F5BA6EAAAA}" = StarMoney
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F5E9D2B2-2906-4808-97AC-B17A456DFA5B}" = StarMoney 7.0 S-Edition
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"myphotobook" = myphotobook 3.6
"Picasa2" = Picasa 2
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
Vielen Dank schon mal im Voraus!
Gruß
nap

markusg 29.04.2012 15:46
hi,
1. kommst du an die mail rann?
wenn sie in einem mail programm ist, dieses öffnen, mail öffnen datei speichern unter, typ.
.eml
eine mail an:
http://markusg.trojaner-board.de
senden, dort die so eben gespeicherte datei anhängen.
es ist wichtig, dass ich möglichst viele dieser mails bekomme, da dieser trojaner im moment um funktionen erweitert wird, müssen hersteller von av software da schnell reagieren können.
kannst du außerdem das cureit ergebniss posten?

nap 29.04.2012 16:41
Hi Markus,

die Mail müsstest du inzwischen bekommen haben und hier ist der log von CureIT. Hab ich leider als csv gespeichert, ich hoffe, es sind keine Infos verlorengegangen.

Code:
bccxotywbk.pre        C:\Users\KERSTI~1\AppData\Local\Temp        Trojan.PWS.Panda.2128        Gelöscht.
wktrykfffn.pre        C:\Users\KERSTI~1\AppData\Local\Temp        Trojan.PWS.Panda.2128        Gelöscht.
098419d54c558ff26ffe.exe        c:\users\***\appdata\roaming\qkueqfgbdo        Trojan.PWS.Panda.2128        Gelöscht.
Gruß
nap

markusg 29.04.2012 16:46
danke,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

nap 29.04.2012 17:32
Hi Markus,

danke! 5 threats gefunden, siehe:

Code:
18:22:29.0411 2448        TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:22:29.0943 2448        ============================================================
18:22:29.0943 2448        Current date / time: 2012/04/29 18:22:29.0943
18:22:29.0943 2448        SystemInfo:
18:22:29.0943 2448       
18:22:29.0943 2448        OS Version: 6.1.7601 ServicePack: 1.0
18:22:29.0943 2448        Product type: Workstation
18:22:29.0943 2448        ComputerName: KERSTIN***-PC
18:22:29.0944 2448        UserName: Kerstin ***
18:22:29.0944 2448        Windows directory: C:\Windows
18:22:29.0944 2448        System windows directory: C:\Windows
18:22:29.0944 2448        Processor architecture: Intel x86
18:22:29.0944 2448        Number of processors: 2
18:22:29.0944 2448        Page size: 0x1000
18:22:29.0944 2448        Boot type: Normal boot
18:22:29.0944 2448        ============================================================
18:22:32.0920 2448        Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:22:32.0924 2448        Drive \Device\Harddisk1\DR1 - Size: 0x3F140000 (0.99 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:22:32.0925 2448        ============================================================
18:22:32.0925 2448        \Device\Harddisk0\DR0:
18:22:32.0925 2448        MBR partitions:
18:22:32.0925 2448        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1744D000
18:22:32.0925 2448        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1773B800, BlocksNum 0x171FD0B0
18:22:32.0925 2448        \Device\Harddisk1\DR1:
18:22:32.0927 2448        MBR partitions:
18:22:32.0927 2448        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1F8999
18:22:32.0927 2448        ============================================================
18:22:32.0952 2448        C: <-> \Device\Harddisk0\DR0\Partition0
18:22:33.0036 2448        E: <-> \Device\Harddisk0\DR0\Partition1
18:22:33.0037 2448        ============================================================
18:22:33.0038 2448        Initialize success
18:22:33.0038 2448        ============================================================
18:24:32.0473 2220        ============================================================
18:24:32.0473 2220        Scan started
18:24:32.0473 2220        Mode: Manual; SigCheck; TDLFS;
18:24:32.0473 2220        ============================================================
18:24:34.0407 2220        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:24:34.0563 2220        1394ohci - ok
18:24:34.0782 2220        ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:24:35.0421 2220        ACDaemon - ok
18:24:35.0530 2220        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:24:35.0577 2220        ACPI - ok
18:24:35.0640 2220        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:24:35.0827 2220        AcpiPmi - ok
18:24:35.0967 2220        AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:24:36.0045 2220        AdobeFlashPlayerUpdateSvc - ok
18:24:36.0170 2220        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:24:36.0279 2220        adp94xx - ok
18:24:36.0326 2220        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:24:36.0357 2220        adpahci - ok
18:24:36.0420 2220        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:24:36.0482 2220        adpu320 - ok
18:24:36.0513 2220        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:24:36.0654 2220        AeLookupSvc - ok
18:24:36.0778 2220        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:24:37.0090 2220        AFD - ok
18:24:37.0137 2220        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:24:37.0153 2220        agp440 - ok
18:24:37.0200 2220        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:24:37.0215 2220        aic78xx - ok
18:24:37.0278 2220        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:24:37.0402 2220        ALG - ok
18:24:37.0449 2220        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:24:37.0496 2220        aliide - ok
18:24:37.0558 2220        AMD External Events Utility (0bc6704f6fb4c63cdcb85401e8263a1b) C:\Windows\system32\atiesrxx.exe
18:24:37.0668 2220        AMD External Events Utility - ok
18:24:37.0699 2220        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:24:37.0730 2220        amdagp - ok
18:24:37.0777 2220        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:24:37.0808 2220        amdide - ok
18:24:37.0855 2220        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:24:37.0964 2220        AmdK8 - ok
18:24:38.0011 2220        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:24:38.0073 2220        AmdPPM - ok
18:24:38.0136 2220        amdsata        (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
18:24:38.0198 2220        amdsata - ok
18:24:38.0245 2220        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:24:38.0307 2220        amdsbs - ok
18:24:38.0323 2220        amdxata        (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
18:24:38.0338 2220        amdxata - ok
18:24:38.0479 2220        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:24:38.0526 2220        AntiVirSchedulerService - ok
18:24:38.0572 2220        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:24:38.0604 2220        AntiVirService - ok
18:24:38.0666 2220        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:24:38.0838 2220        AppID - ok
18:24:38.0884 2220        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:24:39.0025 2220        AppIDSvc - ok
18:24:39.0072 2220        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:24:39.0134 2220        Appinfo - ok
18:24:39.0243 2220        Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:24:39.0290 2220        Apple Mobile Device - ok
18:24:39.0337 2220        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:24:39.0384 2220        arc - ok
18:24:39.0399 2220        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:24:39.0430 2220        arcsas - ok
18:24:39.0540 2220        aspnet_state    (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:24:39.0602 2220        aspnet_state - ok
18:24:39.0633 2220        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:24:39.0820 2220        AsyncMac - ok
18:24:39.0852 2220        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:24:39.0883 2220        atapi - ok
18:24:40.0054 2220        athr            (ac4adac154563ab41cc79b0257bc685a) C:\Windows\system32\DRIVERS\athr.sys
18:24:40.0148 2220        athr - ok
18:24:40.0382 2220        atikmdag        (c97be8350fbcb1960b22fad2e6c2b514) C:\Windows\system32\DRIVERS\atikmdag.sys
18:24:40.0569 2220        atikmdag - ok
18:24:40.0756 2220        AtiPcie        (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:24:40.0819 2220        AtiPcie - ok
18:24:40.0912 2220        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:24:41.0006 2220        AudioEndpointBuilder - ok
18:24:41.0022 2220        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:24:41.0068 2220        Audiosrv - ok
18:24:41.0131 2220        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
18:24:41.0178 2220        avgntflt - ok
18:24:41.0256 2220        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
18:24:41.0302 2220        avipbb - ok
18:24:41.0349 2220        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:24:41.0396 2220        avkmgr - ok
18:24:41.0458 2220        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:24:41.0599 2220        AxInstSV - ok
18:24:41.0692 2220        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:24:41.0786 2220        b06bdrv - ok
18:24:41.0848 2220        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:24:41.0911 2220        b57nd60x - ok
18:24:41.0958 2220        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:24:42.0067 2220        BDESVC - ok
18:24:42.0098 2220        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:24:42.0145 2220        Beep - ok
18:24:42.0238 2220        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
18:24:42.0316 2220        BFE - ok
18:24:42.0363 2220        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:24:42.0457 2220        BITS - ok
18:24:42.0504 2220        bizVSerial      (66f655b08eed3230e059d197c8a1969b) C:\Windows\system32\drivers\bizVSerialNT.sys
18:24:42.0550 2220        bizVSerial ( UnsignedFile.Multi.Generic ) - warning
18:24:42.0550 2220        bizVSerial - detected UnsignedFile.Multi.Generic (1)
18:24:42.0582 2220        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:24:42.0675 2220        blbdrive - ok
18:24:42.0894 2220        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:24:42.0940 2220        Bonjour Service - ok
18:24:42.0987 2220        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:24:43.0081 2220        bowser - ok
18:24:43.0112 2220        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:24:43.0237 2220        BrFiltLo - ok
18:24:43.0252 2220        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:24:43.0330 2220        BrFiltUp - ok
18:24:43.0424 2220        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:24:43.0518 2220        Browser - ok
18:24:43.0580 2220        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:24:43.0705 2220        Brserid - ok
18:24:43.0705 2220        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:24:43.0767 2220        BrSerWdm - ok
18:24:43.0783 2220        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:24:43.0814 2220        BrUsbMdm - ok
18:24:43.0845 2220        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:24:43.0892 2220        BrUsbSer - ok
18:24:43.0908 2220        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:24:43.0939 2220        BTHMODEM - ok
18:24:44.0001 2220        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:24:44.0157 2220        bthserv - ok
18:24:44.0204 2220        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:24:44.0313 2220        cdfs - ok
18:24:44.0376 2220        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:24:44.0469 2220        cdrom - ok
18:24:44.0532 2220        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:24:44.0625 2220        CertPropSvc - ok
18:24:44.0750 2220        cfWiMAXService  (1f8a319d29394f9ce1b7ae020df2ebbf) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
18:24:44.0781 2220        cfWiMAXService - ok
18:24:44.0828 2220        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:24:44.0859 2220        circlass - ok
18:24:44.0984 2220        cjpcsc          (7f6768f8ba1d3a17a67a0758d999325a) C:\Windows\system32\cjpcsc.exe
18:24:45.0015 2220        cjpcsc - ok
18:24:45.0062 2220        cjusb          (46241991510a23dc759291918178fff9) C:\Windows\system32\DRIVERS\cjusb.sys
18:24:45.0093 2220        cjusb - ok
18:24:45.0140 2220        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:24:45.0187 2220        CLFS - ok
18:24:45.0280 2220        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:24:45.0358 2220        clr_optimization_v2.0.50727_32 - ok
18:24:45.0390 2220        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:24:45.0421 2220        CmBatt - ok
18:24:45.0452 2220        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:24:45.0483 2220        cmdide - ok
18:24:45.0514 2220        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:24:45.0592 2220        CNG - ok
18:24:45.0639 2220        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:24:45.0670 2220        Compbatt - ok
18:24:45.0702 2220        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:24:45.0748 2220        CompositeBus - ok
18:24:45.0764 2220        COMSysApp - ok
18:24:45.0873 2220        ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:24:45.0920 2220        ConfigFree Service - ok
18:24:45.0967 2220        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:24:45.0982 2220        crcdisk - ok
18:24:46.0060 2220        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:24:46.0138 2220        CryptSvc - ok
18:24:46.0185 2220        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:24:46.0310 2220        DcomLaunch - ok
18:24:46.0357 2220        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:24:46.0435 2220        defragsvc - ok
18:24:46.0482 2220        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:24:46.0575 2220        DfsC - ok
18:24:46.0638 2220        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:24:46.0747 2220        Dhcp - ok
18:24:46.0762 2220        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:24:46.0856 2220        discache - ok
18:24:46.0934 2220        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:24:46.0996 2220        Disk - ok
18:24:47.0028 2220        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:24:47.0121 2220        Dnscache - ok
18:24:47.0168 2220        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:24:47.0246 2220        dot3svc - ok
18:24:47.0308 2220        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:24:47.0386 2220        DPS - ok
18:24:47.0433 2220        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:24:47.0480 2220        drmkaud - ok
18:24:47.0542 2220        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:24:47.0605 2220        DXGKrnl - ok
18:24:47.0652 2220        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:24:47.0714 2220        EapHost - ok
18:24:47.0886 2220        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:24:48.0010 2220        ebdrv - ok
18:24:48.0151 2220        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:24:48.0244 2220        EFS - ok
18:24:48.0354 2220        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
18:24:48.0447 2220        ehRecvr - ok
18:24:48.0478 2220        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:24:48.0588 2220        ehSched - ok
18:24:48.0712 2220        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:24:48.0790 2220        elxstor - ok
18:24:48.0822 2220        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:24:48.0900 2220        ErrDev - ok
18:24:49.0009 2220        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:24:49.0134 2220        EventSystem - ok
18:24:49.0180 2220        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:24:49.0305 2220        exfat - ok
18:24:49.0336 2220        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:24:49.0430 2220        fastfat - ok
18:24:49.0539 2220        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:24:49.0633 2220        Fax - ok
18:24:49.0680 2220        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:24:49.0758 2220        fdc - ok
18:24:49.0789 2220        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:24:49.0882 2220        fdPHost - ok
18:24:49.0945 2220        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:24:50.0038 2220        FDResPub - ok
18:24:50.0070 2220        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:24:50.0101 2220        FileInfo - ok
18:24:50.0132 2220        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:24:50.0179 2220        Filetrace - ok
18:24:50.0194 2220        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:24:50.0272 2220        flpydisk - ok
18:24:50.0319 2220        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:24:50.0350 2220        FltMgr - ok
18:24:50.0444 2220        FontCache      (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
18:24:50.0506 2220        FontCache - ok
18:24:50.0616 2220        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:24:50.0662 2220        FontCache3.0.0.0 - ok
18:24:50.0709 2220        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:24:50.0740 2220        FsDepends - ok
18:24:50.0787 2220        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
18:24:50.0834 2220        Fs_Rec - ok
18:24:50.0881 2220        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:24:50.0943 2220        fvevol - ok
18:24:50.0974 2220        FwLnk          (0f76e205bdc60364f08a5949082771ca) C:\Windows\system32\DRIVERS\FwLnk.sys
18:24:51.0052 2220        FwLnk - ok
18:24:51.0099 2220        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:24:51.0146 2220        gagp30kx - ok
18:24:51.0177 2220        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:24:51.0193 2220        GEARAspiWDM - ok
18:24:51.0286 2220        GoogleDesktopManager-110309-193829 (f0187e45268e86aaaa932cbd9087bea8) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
18:24:51.0333 2220        GoogleDesktopManager-110309-193829 - ok
18:24:51.0427 2220        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:24:51.0505 2220        gpsvc - ok
18:24:51.0567 2220        gusvc          (649f407a844dde2b97bc086af97d663b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:24:51.0598 2220        gusvc - ok
18:24:51.0630 2220        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:24:51.0708 2220        hcw85cir - ok
18:24:51.0786 2220        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:24:51.0895 2220        HdAudAddService - ok
18:24:51.0957 2220        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:24:52.0020 2220        HDAudBus - ok
18:24:52.0051 2220        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:24:52.0082 2220        HidBatt - ok
18:24:52.0098 2220        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:24:52.0160 2220        HidBth - ok
18:24:52.0191 2220        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:24:52.0238 2220        HidIr - ok
18:24:52.0269 2220        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:24:52.0363 2220        hidserv - ok
18:24:52.0425 2220        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:24:52.0456 2220        HidUsb - ok
18:24:52.0503 2220        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:24:52.0581 2220        hkmsvc - ok
18:24:52.0612 2220        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:24:52.0706 2220        HomeGroupListener - ok
18:24:52.0753 2220        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:24:52.0815 2220        HomeGroupProvider - ok
18:24:52.0862 2220        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:24:52.0878 2220        HpSAMD - ok
18:24:53.0002 2220        HSF_DPV        (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:24:53.0112 2220        HSF_DPV - ok
18:24:53.0158 2220        HSXHWAZL        (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:24:53.0205 2220        HSXHWAZL - ok
18:24:53.0299 2220        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:24:53.0377 2220        HTTP - ok
18:24:53.0392 2220        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:24:53.0408 2220        hwpolicy - ok
18:24:53.0470 2220        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:24:53.0517 2220        i8042prt - ok
18:24:53.0580 2220        iaStorV        (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
18:24:53.0626 2220        iaStorV - ok
18:24:53.0751 2220        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:24:53.0814 2220        IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:24:53.0814 2220        IDriverT - detected UnsignedFile.Multi.Generic (1)
18:24:53.0954 2220        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:24:54.0048 2220        idsvc - ok
18:24:54.0219 2220        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:24:54.0266 2220        iirsp - ok
18:24:54.0328 2220        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:24:54.0438 2220        IKEEXT - ok
18:24:54.0500 2220        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:24:54.0531 2220        intelide - ok
18:24:54.0562 2220        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:24:54.0640 2220        intelppm - ok
18:24:54.0687 2220        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:24:54.0796 2220        IPBusEnum - ok
18:24:54.0828 2220        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:24:54.0890 2220        IpFilterDriver - ok
18:24:54.0999 2220        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
18:24:55.0077 2220        iphlpsvc - ok
18:24:55.0140 2220        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:24:55.0202 2220        IPMIDRV - ok
18:24:55.0249 2220        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:24:55.0311 2220        IPNAT - ok
18:24:55.0639 2220        iPod Service    (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
18:24:55.0686 2220        iPod Service - ok
18:24:55.0748 2220        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:24:55.0779 2220        IRENUM - ok
18:24:55.0826 2220        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:24:55.0888 2220        isapnp - ok
18:24:55.0935 2220        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:24:55.0982 2220        iScsiPrt - ok
18:24:56.0216 2220        jswpsapi        (957135960e7533ea5c7ea0bfb34f8efd) C:\Program Files\Jumpstart\jswpsapi.exe
18:24:56.0403 2220        jswpsapi ( UnsignedFile.Multi.Generic ) - warning
18:24:56.0403 2220        jswpsapi - detected UnsignedFile.Multi.Generic (1)
18:24:56.0434 2220        jswpslwf        (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
18:24:56.0544 2220        jswpslwf - ok
18:24:56.0622 2220        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:24:56.0715 2220        kbdclass - ok
18:24:56.0778 2220        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:24:56.0824 2220        kbdhid - ok
18:24:56.0887 2220        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:24:56.0918 2220        KeyIso - ok
18:24:56.0980 2220        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:24:57.0012 2220        KSecDD - ok
18:24:57.0012 2220        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:24:57.0043 2220        KSecPkg - ok
18:24:57.0152 2220        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:24:57.0230 2220        KtmRm - ok
18:24:57.0308 2220        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
18:24:57.0355 2220        LanmanServer - ok
18:24:57.0417 2220        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:24:57.0480 2220        LanmanWorkstation - ok
18:24:57.0542 2220        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:24:57.0651 2220        lltdio - ok
18:24:57.0714 2220        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:24:57.0776 2220        lltdsvc - ok
18:24:57.0807 2220        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:24:57.0854 2220        lmhosts - ok
18:24:57.0932 2220        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:24:57.0994 2220        LSI_FC - ok
18:24:58.0041 2220        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:24:58.0072 2220        LSI_SAS - ok
18:24:58.0104 2220        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:24:58.0135 2220        LSI_SAS2 - ok
18:24:58.0150 2220        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:24:58.0166 2220        LSI_SCSI - ok
18:24:58.0197 2220        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:24:58.0228 2220        luafv - ok
18:24:58.0306 2220        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
18:24:58.0338 2220        MBAMProtector - ok
18:24:58.0494 2220        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:24:58.0525 2220        MBAMService - ok
18:24:58.0556 2220        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
18:24:58.0603 2220        Mcx2Svc - ok
18:24:58.0665 2220        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:24:58.0681 2220        mdmxsdk - ok
18:24:58.0743 2220        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:24:58.0759 2220        megasas - ok
18:24:58.0790 2220        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:24:58.0821 2220        MegaSR - ok
18:24:58.0915 2220        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:24:59.0071 2220        MMCSS - ok
18:24:59.0106 2220        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:24:59.0168 2220        Modem - ok
18:24:59.0215 2220        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:24:59.0293 2220        monitor - ok
18:24:59.0356 2220        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:24:59.0418 2220        mouclass - ok
18:24:59.0465 2220        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:24:59.0512 2220        mouhid - ok
18:24:59.0558 2220        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:24:59.0574 2220        mountmgr - ok
18:24:59.0621 2220        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:24:59.0652 2220        mpio - ok
18:24:59.0683 2220        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:24:59.0808 2220        mpsdrv - ok
18:24:59.0886 2220        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
18:24:59.0964 2220        MpsSvc - ok
18:25:00.0011 2220        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:25:00.0073 2220        MRxDAV - ok
18:25:00.0136 2220        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:25:00.0292 2220        mrxsmb - ok
18:25:00.0338 2220        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:25:00.0401 2220        mrxsmb10 - ok
18:25:00.0432 2220        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:25:00.0479 2220        mrxsmb20 - ok
18:25:00.0510 2220        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:25:00.0541 2220        msahci - ok
18:25:00.0588 2220        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:25:00.0635 2220        msdsm - ok
18:25:00.0666 2220        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:25:00.0728 2220        MSDTC - ok
18:25:00.0775 2220        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:25:00.0853 2220        Msfs - ok
18:25:00.0869 2220        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:25:00.0962 2220        mshidkmdf - ok
18:25:01.0025 2220        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:25:01.0072 2220        msisadrv - ok
18:25:01.0165 2220        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:25:01.0212 2220        MSiSCSI - ok
18:25:01.0228 2220        msiserver - ok
18:25:01.0290 2220        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:25:01.0415 2220        MSKSSRV - ok
18:25:01.0430 2220        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:25:01.0555 2220        MSPCLOCK - ok
18:25:01.0602 2220        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:25:01.0711 2220        MSPQM - ok
18:25:01.0742 2220        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:25:01.0789 2220        MsRPC - ok
18:25:01.0883 2220        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:25:01.0930 2220        mssmbios - ok
18:25:01.0976 2220        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:25:02.0023 2220        MSTEE - ok
18:25:02.0023 2220        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:25:02.0070 2220        MTConfig - ok
18:25:02.0086 2220        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:25:02.0117 2220        Mup - ok
18:25:02.0242 2220        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:25:02.0304 2220        napagent - ok
18:25:02.0366 2220        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:25:02.0398 2220        NativeWifiP - ok
18:25:02.0538 2220        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:25:02.0600 2220        NDIS - ok
18:25:02.0710 2220        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:25:02.0772 2220        NdisCap - ok
18:25:02.0803 2220        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:25:02.0866 2220        NdisTapi - ok
18:25:02.0944 2220        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:25:03.0006 2220        Ndisuio - ok
18:25:03.0068 2220        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:25:03.0209 2220        NdisWan - ok
18:25:03.0271 2220        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:25:03.0380 2220        NDProxy - ok
18:25:03.0443 2220        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:25:03.0552 2220        NetBIOS - ok
18:25:03.0599 2220        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:25:03.0692 2220        NetBT - ok
18:25:03.0724 2220        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:25:03.0739 2220        Netlogon - ok
18:25:03.0802 2220        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:25:03.0864 2220        Netman - ok
18:25:03.0942 2220        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:25:04.0004 2220        netprofm - ok
18:25:04.0145 2220        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:25:04.0192 2220        NetTcpPortSharing - ok
18:25:04.0254 2220        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:25:04.0301 2220        nfrd960 - ok
18:25:04.0348 2220        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:25:04.0410 2220        NlaSvc - ok
18:25:04.0426 2220        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:25:04.0488 2220        Npfs - ok
18:25:04.0566 2220        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:25:04.0597 2220        nsi - ok
18:25:04.0644 2220        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:25:04.0800 2220        nsiproxy - ok
18:25:04.0940 2220        Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
18:25:05.0065 2220        Ntfs - ok
18:25:05.0112 2220        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:25:05.0159 2220        Null - ok
18:25:05.0221 2220        nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
18:25:05.0252 2220        nvraid - ok
18:25:05.0299 2220        nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
18:25:05.0346 2220        nvstor - ok
18:25:05.0377 2220        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:25:05.0440 2220        nv_agp - ok
18:25:05.0689 2220        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:25:05.0720 2220        odserv - ok
18:25:05.0767 2220        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:25:05.0845 2220        ohci1394 - ok
18:25:05.0939 2220        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:25:06.0017 2220        ose - ok
18:25:06.0095 2220        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:25:06.0173 2220        p2pimsvc - ok
18:25:06.0251 2220        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:25:06.0282 2220        p2psvc - ok
18:25:06.0422 2220        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:25:06.0485 2220        Parport - ok
18:25:06.0532 2220        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:25:06.0578 2220        partmgr - ok
18:25:06.0610 2220        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:25:06.0656 2220        Parvdm - ok
18:25:06.0688 2220        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:25:06.0719 2220        PcaSvc - ok
18:25:06.0781 2220        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:25:06.0828 2220        pci - ok
18:25:06.0844 2220        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:25:06.0890 2220        pciide - ok
18:25:06.0984 2220        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:25:07.0015 2220        pcmcia - ok
18:25:07.0062 2220        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:25:07.0093 2220        pcw - ok
18:25:07.0140 2220        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:25:07.0234 2220        PEAUTH - ok
18:25:07.0483 2220        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:25:07.0686 2220        pla - ok
18:25:07.0967 2220        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:25:08.0029 2220        PlugPlay - ok
18:25:08.0076 2220        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:25:08.0154 2220        PNRPAutoReg - ok
18:25:08.0201 2220        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:25:08.0248 2220        PNRPsvc - ok
18:25:08.0294 2220        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:25:08.0372 2220        PolicyAgent - ok
18:25:08.0450 2220        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:25:08.0497 2220        Power - ok
18:25:08.0591 2220        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:25:08.0684 2220        PptpMiniport - ok
18:25:08.0716 2220        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:25:08.0825 2220        Processor - ok
18:25:08.0918 2220        ProfSvc        (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
18:25:08.0965 2220        ProfSvc - ok
18:25:09.0043 2220        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:25:09.0074 2220        ProtectedStorage - ok
18:25:09.0137 2220        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:25:09.0230 2220        Psched - ok
18:25:09.0293 2220        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
18:25:09.0324 2220        PxHelp20 - ok
18:25:09.0496 2220        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:25:09.0589 2220        ql2300 - ok
18:25:09.0854 2220        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:25:09.0886 2220        ql40xx - ok
18:25:09.0932 2220        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:25:10.0010 2220        QWAVE - ok
18:25:10.0042 2220        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:25:10.0073 2220        QWAVEdrv - ok
18:25:10.0088 2220        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:25:10.0135 2220        RasAcd - ok
18:25:10.0229 2220        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:25:10.0291 2220        RasAgileVpn - ok
18:25:10.0338 2220        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:25:10.0385 2220        RasAuto - ok
18:25:10.0416 2220        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:25:10.0494 2220        Rasl2tp - ok
18:25:10.0572 2220        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:25:10.0666 2220        RasMan - ok
18:25:10.0697 2220        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:25:10.0759 2220        RasPppoe - ok
18:25:10.0853 2220        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:25:10.0931 2220        RasSstp - ok
18:25:10.0993 2220        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:25:11.0071 2220        rdbss - ok
18:25:11.0102 2220        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:25:11.0165 2220        rdpbus - ok
18:25:11.0212 2220        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:25:11.0352 2220        RDPCDD - ok
18:25:11.0399 2220        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:25:11.0477 2220        RDPENCDD - ok
18:25:11.0508 2220        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:25:11.0555 2220        RDPREFMP - ok
18:25:11.0695 2220        RDPWD          (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
18:25:11.0773 2220        RDPWD - ok
18:25:11.0882 2220        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:25:11.0929 2220        rdyboost - ok
18:25:12.0007 2220        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:25:12.0054 2220        RemoteAccess - ok
18:25:12.0101 2220        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:25:12.0179 2220        RemoteRegistry - ok
18:25:12.0226 2220        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:25:12.0272 2220        RpcEptMapper - ok
18:25:12.0319 2220        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:25:12.0366 2220        RpcLocator - ok
18:25:12.0428 2220        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:25:12.0475 2220        RpcSs - ok
18:25:12.0506 2220        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:25:12.0600 2220        rspndr - ok
18:25:12.0616 2220        RSUSBSTOR - ok
18:25:12.0740 2220        RTHDMIAzAudService (c853ae16ccf5033c0cba0855390f5c7f) C:\Windows\system32\drivers\RtHDMIV.sys
18:25:12.0834 2220        RTHDMIAzAudService - ok
18:25:12.0912 2220        RTL8169        (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:25:13.0037 2220        RTL8169 - ok
18:25:13.0037 2220        RtsUIR - ok
18:25:13.0130 2220        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:25:13.0162 2220        SamSs - ok
18:25:13.0224 2220        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:25:13.0255 2220        sbp2port - ok
18:25:13.0302 2220        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:25:13.0411 2220        SCardSvr - ok
18:25:13.0427 2220        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:25:13.0489 2220        scfilter - ok
18:25:13.0567 2220        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:25:13.0645 2220        Schedule - ok
18:25:13.0708 2220        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:25:13.0723 2220        SCPolicySvc - ok
18:25:13.0786 2220        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:25:13.0879 2220        SDRSVC - ok
18:25:13.0926 2220        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:25:14.0035 2220        secdrv - ok
18:25:14.0098 2220        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:25:14.0160 2220        seclogon - ok
18:25:14.0191 2220        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:25:14.0238 2220        SENS - ok
18:25:14.0332 2220        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:25:14.0488 2220        SensrSvc - ok
18:25:14.0503 2220        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:25:14.0550 2220        Serenum - ok
18:25:14.0597 2220        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:25:14.0675 2220        Serial - ok
18:25:14.0737 2220        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:25:14.0831 2220        sermouse - ok
18:25:14.0909 2220        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:25:15.0049 2220        SessionEnv - ok
18:25:15.0080 2220        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:25:15.0158 2220        sffdisk - ok
18:25:15.0190 2220        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:25:15.0268 2220        sffp_mmc - ok
18:25:15.0314 2220        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:25:15.0361 2220        sffp_sd - ok
18:25:15.0392 2220        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:25:15.0424 2220        sfloppy - ok
18:25:15.0548 2220        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:25:15.0611 2220        SharedAccess - ok
18:25:15.0673 2220        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:25:15.0751 2220        ShellHWDetection - ok
18:25:15.0782 2220        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:25:15.0829 2220        sisagp - ok
18:25:15.0876 2220        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:25:15.0892 2220        SiSRaid2 - ok
18:25:15.0923 2220        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:25:15.0954 2220        SiSRaid4 - ok
18:25:16.0141 2220        SmartFaceVWatchSrv (8eb3988c74fd9d0e0934977e36b5f9e6) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
18:25:16.0172 2220        SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
18:25:16.0172 2220        SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
18:25:16.0219 2220        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:25:16.0266 2220        Smb - ok
18:25:16.0313 2220        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:25:16.0344 2220        SNMPTRAP - ok
18:25:16.0375 2220        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:25:16.0406 2220        spldr - ok
18:25:16.0484 2220        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:25:16.0547 2220        Spooler - ok
18:25:16.0828 2220        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:25:17.0030 2220        sppsvc - ok
18:25:17.0233 2220        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:25:17.0296 2220        sppuinotify - ok
18:25:17.0420 2220        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:25:17.0545 2220        srv - ok
18:25:17.0717 2220        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:25:17.0810 2220        srv2 - ok
18:25:17.0857 2220        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:25:17.0873 2220        srvnet - ok
18:25:17.0920 2220        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:25:17.0998 2220        SSDPSRV - ok
18:25:18.0091 2220        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:25:18.0107 2220        ssmdrv - ok
18:25:18.0138 2220        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:25:18.0185 2220        SstpSvc - ok
18:25:18.0403 2220        StarMoney 7.0 OnlineUpdate (e8606bf6be3b7481d95f1dd2e4f3fcba) C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
18:25:18.0434 2220        StarMoney 7.0 OnlineUpdate - ok
18:25:18.0793 2220        StarMoney 8.0 OnlineUpdate (7e784dc5c7ce2c6f3c392ad320f5f2c0) C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
18:25:18.0824 2220        StarMoney 8.0 OnlineUpdate - ok
18:25:18.0887 2220        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:25:18.0918 2220        stexstor - ok
18:25:18.0980 2220        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:25:19.0027 2220        StiSvc - ok
18:25:19.0058 2220        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:25:19.0090 2220        swenum - ok
18:25:19.0199 2220        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:25:19.0261 2220        swprv - ok
18:25:19.0370 2220        SynTP          (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
18:25:19.0448 2220        SynTP - ok
18:25:19.0604 2220        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:25:19.0682 2220        SysMain - ok
18:25:19.0760 2220        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:25:19.0807 2220        TabletInputService - ok
18:25:19.0870 2220        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:25:19.0979 2220        TapiSrv - ok
18:25:20.0088 2220        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:25:20.0135 2220        TBS - ok
18:25:20.0322 2220        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:25:20.0494 2220        Tcpip - ok
18:25:20.0525 2220        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:25:20.0556 2220        TCPIP6 - ok
18:25:20.0618 2220        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:25:20.0728 2220        tcpipreg - ok
18:25:20.0774 2220        tdcmdpst        (4084ea00d50c858d6f9038f86ae2e2d0) C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:25:20.0790 2220        tdcmdpst - ok
18:25:20.0899 2220        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:25:20.0977 2220        TDPIPE - ok
18:25:21.0149 2220        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:25:21.0227 2220        TDTCP - ok
18:25:21.0258 2220        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:25:21.0305 2220        tdx - ok
18:25:21.0352 2220        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:25:21.0414 2220        TermDD - ok
18:25:21.0508 2220        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:25:21.0586 2220        TermService - ok
18:25:21.0664 2220        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:25:21.0742 2220        Themes - ok
18:25:21.0804 2220        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:25:21.0866 2220        THREADORDER - ok
18:25:21.0913 2220        TODDSrv        (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
18:25:21.0929 2220        TODDSrv - ok
18:25:22.0038 2220        TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
18:25:22.0069 2220        TomTomHOMEService - ok
18:25:22.0366 2220        TosCoSrv        (66c35016e01746715f8f606a9f081bf9) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
18:25:22.0381 2220        TosCoSrv - ok
18:25:22.0631 2220        tos_sps32      (969377943fe7284609babbab4e06b93c) C:\Windows\system32\DRIVERS\tos_sps32.sys
18:25:22.0678 2220        tos_sps32 - ok
18:25:22.0740 2220        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:25:22.0834 2220        TrkWks - ok
18:25:23.0036 2220        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:25:23.0208 2220        TrustedInstaller - ok
18:25:23.0270 2220        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:25:23.0317 2220        tssecsrv - ok
18:25:23.0458 2220        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:25:23.0598 2220        TsUsbFlt - ok
18:25:23.0676 2220        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:25:23.0754 2220        tunnel - ok
18:25:23.0801 2220        TVALZ          (fc24015b4052600c324c43e3a79c0664) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:25:23.0816 2220        TVALZ - ok
18:25:23.0848 2220        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:25:23.0879 2220        uagp35 - ok
18:25:23.0941 2220        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:25:24.0019 2220        udfs - ok
18:25:24.0128 2220        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:25:24.0222 2220        UI0Detect - ok
18:25:24.0487 2220        UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:25:24.0550 2220        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
18:25:24.0550 2220        UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
18:25:24.0628 2220        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:25:24.0659 2220        uliagpkx - ok
18:25:24.0706 2220        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:25:24.0752 2220        umbus - ok
18:25:24.0768 2220        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:25:24.0784 2220        UmPass - ok
18:25:24.0862 2220        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:25:24.0986 2220        upnphost - ok
18:25:25.0049 2220        USBAAPL        (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:25:25.0127 2220        USBAAPL - ok
18:25:25.0174 2220        usbccgp        (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
18:25:25.0252 2220        usbccgp - ok
18:25:25.0267 2220        USBCCID - ok
18:25:25.0314 2220        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:25:25.0392 2220        usbcir - ok
18:25:25.0423 2220        usbehci        (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
18:25:25.0470 2220        usbehci - ok
18:25:25.0518 2220        usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
18:25:25.0565 2220        usbhub - ok
18:25:25.0596 2220        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
18:25:25.0643 2220        usbohci - ok
18:25:25.0689 2220        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:25:25.0721 2220        usbprint - ok
18:25:25.0752 2220        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:25:25.0783 2220        usbscan - ok
18:25:25.0845 2220        USBSTOR        (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:25:25.0908 2220        USBSTOR - ok
18:25:25.0939 2220        usbuhci        (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
18:25:26.0095 2220        usbuhci - ok
18:25:26.0157 2220        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
18:25:26.0235 2220        usbvideo - ok
18:25:26.0282 2220        UVCFTR          (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
18:25:26.0329 2220        UVCFTR - ok
18:25:26.0391 2220        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:25:26.0423 2220        UxSms - ok
18:25:26.0454 2220        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:25:26.0469 2220        VaultSvc - ok
18:25:26.0563 2220        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:25:26.0625 2220        vdrvroot - ok
18:25:26.0719 2220        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:25:26.0828 2220        vds - ok
18:25:26.0906 2220        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:25:26.0984 2220        vga - ok
18:25:27.0031 2220        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:25:27.0125 2220        VgaSave - ok
18:25:27.0187 2220        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:25:27.0218 2220        vhdmp - ok
18:25:27.0249 2220        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:25:27.0281 2220        viaagp - ok
18:25:27.0312 2220        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:25:27.0374 2220        ViaC7 - ok
18:25:27.0421 2220        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:25:27.0452 2220        viaide - ok
18:25:27.0483 2220        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:25:27.0499 2220        volmgr - ok
18:25:27.0577 2220        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:25:27.0624 2220        volmgrx - ok
18:25:27.0671 2220        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:25:27.0733 2220        volsnap - ok
18:25:27.0795 2220        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:25:27.0858 2220        vsmraid - ok
18:25:27.0967 2220        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:25:28.0061 2220        VSS - ok
18:25:28.0107 2220        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:25:28.0154 2220        vwifibus - ok
18:25:28.0185 2220        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:25:28.0248 2220        vwififlt - ok
18:25:28.0357 2220        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:25:28.0419 2220        W32Time - ok
18:25:28.0466 2220        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:25:28.0513 2220        WacomPen - ok
18:25:28.0575 2220        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:25:28.0653 2220        WANARP - ok
18:25:28.0669 2220        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:25:28.0685 2220        Wanarpv6 - ok
18:25:28.0778 2220        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:25:28.0903 2220        wbengine - ok
18:25:28.0997 2220        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:25:29.0059 2220        WbioSrvc - ok
18:25:29.0106 2220        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:25:29.0168 2220        wcncsvc - ok
18:25:29.0199 2220        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:25:29.0277 2220        WcsPlugInService - ok
18:25:29.0355 2220        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:25:29.0387 2220        Wd - ok
18:25:29.0496 2220        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:25:29.0527 2220        Wdf01000 - ok
18:25:29.0574 2220        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:25:29.0730 2220        WdiServiceHost - ok
18:25:29.0745 2220        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:25:29.0761 2220        WdiSystemHost - ok
18:25:29.0839 2220        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:25:29.0933 2220        WebClient - ok
18:25:30.0011 2220        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:25:30.0057 2220        Wecsvc - ok
18:25:30.0073 2220        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:25:30.0151 2220        wercplsupport - ok
18:25:30.0213 2220        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:25:30.0276 2220        WerSvc - ok
18:25:30.0369 2220        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:25:30.0416 2220        WfpLwf - ok
18:25:30.0432 2220        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:25:30.0463 2220        WIMMount - ok
18:25:30.0572 2220        winachsf        (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:25:30.0681 2220        winachsf - ok
18:25:30.0822 2220        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:25:31.0196 2220        WinDefend - ok
18:25:31.0227 2220        WinHttpAutoProxySvc - ok
18:25:31.0524 2220        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:25:31.0602 2220        Winmgmt - ok
18:25:32.0085 2220        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:25:32.0148 2220        WinRM - ok
18:25:32.0241 2220        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:25:32.0335 2220        WinUsb - ok
18:25:32.0491 2220        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:25:32.0647 2220        Wlansvc - ok
18:25:32.0694 2220        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:25:32.0756 2220        WmiAcpi - ok
18:25:32.0912 2220        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:25:32.0975 2220        wmiApSrv - ok
18:25:33.0162 2220        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:25:33.0209 2220        WMPNetworkSvc - ok
18:25:33.0240 2220        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:25:33.0318 2220        WPCSvc - ok
18:25:33.0365 2220        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:25:33.0411 2220        WPDBusEnum - ok
18:25:33.0536 2220        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:25:33.0614 2220        ws2ifsl - ok
18:25:33.0723 2220        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
18:25:33.0755 2220        wscsvc - ok
18:25:33.0770 2220        WSearch - ok
18:25:33.0926 2220        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
18:25:34.0035 2220        wuauserv - ok
18:25:34.0550 2220        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:25:34.0659 2220        WudfPf - ok
18:25:34.0769 2220        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:25:34.0847 2220        WUDFRd - ok
18:25:34.0956 2220        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:25:35.0003 2220        wudfsvc - ok
18:25:35.0127 2220        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:25:35.0205 2220        WwanSvc - ok
18:25:35.0237 2220        XAudio          (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
18:25:35.0299 2220        XAudio - ok
18:25:35.0315 2220        XAudioService  (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
18:25:35.0346 2220        XAudioService - ok
18:25:35.0424 2220        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:25:35.0751 2220        \Device\Harddisk0\DR0 - ok
18:25:35.0767 2220        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:25:35.0907 2220        \Device\Harddisk1\DR1 - ok
18:25:35.0939 2220        Boot (0x1200)  (8ffb76cc5ffd56f16ca5ea595b849d39) \Device\Harddisk0\DR0\Partition0
18:25:35.0939 2220        \Device\Harddisk0\DR0\Partition0 - ok
18:25:35.0970 2220        Boot (0x1200)  (b6fa7e703d790ca126c41836ac0e9cbd) \Device\Harddisk0\DR0\Partition1
18:25:35.0970 2220        \Device\Harddisk0\DR0\Partition1 - ok
18:25:35.0985 2220        Boot (0x1200)  (f1a724a2bd5124507a328eddf4aab056) \Device\Harddisk1\DR1\Partition0
18:25:35.0985 2220        \Device\Harddisk1\DR1\Partition0 - ok
18:25:35.0985 2220        ============================================================
18:25:35.0985 2220        Scan finished
18:25:35.0985 2220        ============================================================
18:25:36.0017 2224        Detected object count: 5
18:25:36.0017 2224        Actual detected object count: 5
18:26:02.0506 2224        bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0506 2224        bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:02.0522 2224        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0522 2224        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:02.0522 2224        jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0522 2224        jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:02.0522 2224        SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0522 2224        SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:02.0522 2224        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:02.0522 2224        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 30.04.2012 19:01
hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

nap 30.04.2012 22:40
Hi Markus,

danke danke. Hier die Log-Datei von combofix
Code:
ComboFix 12-04-31.02 - Kerstin *** 30.04.2012  23:23:31.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3582.2506 [GMT 2:00]
ausgeführt von:: c:\users\Kerstin ***\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kerstin ***\Favorites\locked-Fussballcup - Dein kostenloser online Fussball Manager!.url.libb
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-28 bis 2012-04-30  ))))))))))))))))))))))))))))))
.
.
2012-04-30 21:31 . 2012-04-30 21:32        --------        d-----w-        c:\users\Kerstin ***\AppData\Local\temp
2012-04-30 21:31 . 2012-04-30 21:31        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-04-29 17:06 . 2012-04-29 17:06        476960        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-04-29 09:18 . 2012-04-29 09:18        --------        d-----w-        c:\program files\Microsoft
2012-04-29 08:35 . 2012-04-29 08:35        --------        d-----w-        c:\users\Kerstin ***\DoctorWeb
2012-04-28 22:07 . 2012-04-28 22:07        1233160        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-28 21:30 . 2012-04-28 21:30        57344        ----a-w-        c:\users\Kerstin ***\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-04-28 19:52 . 2012-04-28 19:52        --------        d-----w-        c:\users\Kerstin ***\AppData\Roaming\Malwarebytes
2012-04-28 19:52 . 2012-04-28 19:52        --------        d-----w-        c:\programdata\Malwarebytes
2012-04-28 19:52 . 2012-04-28 19:52        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-04-28 19:52 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-04-28 17:30 . 2012-04-29 01:56        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF524EF6-4EE3-4B37-B5A4-2990F255F68F}\offreg.dll
2012-04-28 16:09 . 2012-04-29 09:07        --------        d-----w-        c:\users\Kerstin ***\AppData\Roaming\Qkueqfgbdo
2012-04-28 09:48 . 2012-04-13 07:36        6734704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF524EF6-4EE3-4B37-B5A4-2990F255F68F}\mpengine.dll
2012-04-21 15:58 . 2012-04-21 15:58        418464        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-04-11 11:09 . 2012-03-01 05:46        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-04-11 11:09 . 2012-03-01 05:37        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-04-11 11:09 . 2012-03-01 05:33        159232        ----a-w-        c:\windows\system32\imagehlp.dll
2012-04-11 11:09 . 2012-03-01 05:29        5120        ----a-w-        c:\windows\system32\wmi.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 17:06 . 2010-12-10 21:34        472864        ----a-w-        c:\windows\system32\deployJava1.dll
2012-04-21 15:58 . 2011-05-17 18:03        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2009-10-11 08:43        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-20 10:34 . 2011-10-16 18:09        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-02-17 05:34 . 2012-03-15 20:07        826880        ----a-w-        c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-15 20:07        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-15 20:07        24576        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-15 20:08        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02        1070352        ----a-w-        c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54 . 2012-03-15 20:08        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-03-28 18:36 . 2011-06-29 16:35        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2009-11-15 15:42 . 2009-11-15 15:42        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-15 30192]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Kerstin ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 253088]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2010-02-08 28208]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-15 30192]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2007-05-31 14949]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [2010-11-29 505264]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-02-23 690352]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 39505073
*Deregistered* - 39505073
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 15:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Kerstin ***\AppData\Roaming\Mozilla\Firefox\Profiles\szp85g3h.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-30  23:34:36
ComboFix-quarantined-files.txt  2012-04-30 21:34
.
Vor Suchlauf: 6 Verzeichnis(se), 135.442.599.936 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 135.696.564.224 Bytes frei
.
- - End Of File - - FA17FB747BA9812BDA7AE43D671274C2
Grüße
nap

markusg 01.05.2012 10:57
läuft alles wie gewünscht?
wenn ja:
lade den CCleaner standard:
CCleaner Download - CCleaner 3.18.1707
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

nap 01.05.2012 11:29
Hallo,
funktioniert soweit alles, wie gewünscht.
Die Liste müsste ich mit dem Besitzer des Laptops durchgehen, aber auf den ersten Blick sehe ich nichts, was mir verdächtig vorkommt.
Ich werde sie aber bitten, die unnötigen Programme zu löschen.

Schönen 1.Mai noch :-)

Gruß
nap

Code:
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        12.03.2010               
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        20.04.2012        6,00MB        11.2.202.233
Adobe Flash Player 9 ActiveX        Adobe Systems Incorporated        12.03.2010                9
Adobe Reader 8.1.2 - Deutsch        Adobe Systems Incorporated        06.10.2008        99,6MB        8.1.2
Apple Application Support        Apple Inc.        31.01.2012        61,2MB        2.1.6
Apple Mobile Device Support        Apple Inc.        31.01.2012        24,1MB        4.0.0.97
Apple Software Update        Apple Inc.        22.08.2011        2,38MB        2.1.3.127
ArcSoft Panorama Maker 5        ArcSoft        02.10.2011                5.0.1.71
Atheros Driver Installation Program        Atheros        12.03.2010                5.0
Atheros Wi-Fi Protected Setup Library        Atheros        08.10.2009               
ATI Catalyst Install Manager        ATI Technologies, Inc.        12.03.2010        13,8MB        3.0.732.0
Avira Free Antivirus        Avira        19.02.2012        104,4MB        12.0.0.898
Bonjour        Apple Inc.        11.10.2011        1,06MB        3.0.0.10
Camera Assistant Software for Toshiba        Chicony Electronics Co.,Ltd.        08.10.2009                1.7.231.1126L
Canon MP Navigator EX 1.0                12.03.2010               
Canon MP520 series                12.03.2010               
Canon My Printer                12.03.2010               
Canon Utilities Easy-PhotoPrint EX                12.03.2010               
Canon Utilities Solution Menu                12.03.2010               
CCleaner        Piriform        30.04.2012                3.18
CD/DVD Drive Acoustic Silencer        TOSHIBA        06.10.2008                2.02.03
Compatibility Pack für 2007 Office System        Microsoft Corporation        28.03.2012        215MB        12.0.6612.1000
cyberJack Base Components        REINER SCT        04.12.2010                6.9.8
DHTML Editing Component        Microsoft Corporation        10.10.2009        0,45MB        6.02.0001
DVD MovieFactory for TOSHIBA        Ulead Systems, Inc.        12.03.2010                5.51
Google Desktop        Google        12.03.2010                5.9.0911.03589
HDAUDIO Soft Data Fax Modem with SmartCP        Conexant        12.03.2010                7.70.00.50
iTunes        Apple Inc.        31.01.2012        169,7MB        10.5.3.3
Java(TM) 6 Update 3        Sun Microsystems, Inc.        06.10.2008        168,1MB        1.6.0.30
Java(TM) 6 Update 32        Oracle        28.04.2012        95,7MB        6.0.320
Java(TM) 6 Update 7        Sun Microsystems, Inc.        09.10.2009        136,2MB        1.6.0.70
Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        27.04.2012        18,0MB        1.61.0.1400
Microsoft .NET Framework 1.1                12.03.2010               
Microsoft .NET Framework 1.1 German Language Pack                11.10.2009               
Microsoft Office File Validation Add-In        Microsoft Corporation        16.09.2011        7,95MB        14.0.5130.5003
Microsoft Office Home and Student 2007        Microsoft Corporation        28.03.2012                12.0.6612.1000
Microsoft Office Live Add-in 1.5        Microsoft Corporation        28.04.2012        0,50MB        2.0.4024.1
Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        28.03.2012        107,9MB        12.0.6612.1000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        10.10.2009        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        17.06.2011        0,29MB        8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        11.10.2009        0,19MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        12.04.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        30.04.2010        0,61MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        15.06.2011        0,23MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        09.10.2009        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        14.12.2010        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        17.06.2011        0,59MB        9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        16.10.2011        12,3MB        10.0.40219
Microsoft Works        Microsoft Corporation        10.04.2012        1.044MB        9.7.0621
MobileMe Control Panel        Apple Inc.        23.05.2011        12,0MB        3.1.6.0
Mozilla Firefox 11.0 (x86 de)        Mozilla        27.03.2012        37,5MB        11.0
Mozilla Thunderbird 11.0.1 (x86 de)        Mozilla        03.04.2012        38,9MB        11.0.1
MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        06.10.2008        1,28MB        4.20.9849.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        11.10.2009        1,29MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        30.11.2009        1,35MB        4.20.9876.0
myphotobook 3.6        myphotobook        12.03.2010                3.6
NetWaiting        BVRP Software, Inc        08.10.2009                2.5.52
Nikon Message Center 2        Nikon        13.08.2011        5,20MB        2.0.1
OpenOffice.org Installer 1.0        Sun Microsystems        09.10.2009        2,39MB        1.0.9221
Picasa 2        Google, Inc.        12.03.2010                2.0
Picture Control Utility        Nikon        13.08.2011        19,6MB        1.2.2
QuickTime        Apple Inc.        27.12.2010        73,7MB        7.69.80.9
Realtek 8169 8168 8101E 8102E Ethernet Driver        Realtek        06.10.2008                1.00.0000
Realtek USB 2.0 Card Reader        Realtek Semiconductor Corp.        13.03.2010                6.1.7600.30101
Safari        Apple Inc.        31.01.2012        43,3MB        5.34.52.7
SCHLECKER Foto Digital Service                12.03.2010               
StarMoney 7.0 S-Edition        Star Finanz GmbH        04.12.2010                7.0
StarMoney 8.0        Star Finanz GmbH        02.07.2011                8.0
Synaptics Pointing Device Driver        Synaptics        12.03.2010                10.1.8.0
T-Online WLAN-Access Finder                12.03.2010               
TomTom HOME 2.8.3.2499        TomTom        29.02.2012                2.8.3.2499
TomTom HOME Visual Studio Merge Modules        TomTom International B.V.        07.04.2011        1,88MB        1.0.2
TOSHIBA Assist        TOSHIBA        06.10.2008                2.01.04
TOSHIBA Benutzerhandbücher        TOSHIBA        08.10.2009                7.40
TOSHIBA ConfigFree        TOSHIBA Corporation        12.03.2010        72,5MB        8.0.23
TOSHIBA Disc Creator        TOSHIBA Corporation        12.03.2010        9,73MB        2.1.0.1
TOSHIBA DVD PLAYER        TOSHIBA Corporation        12.03.2010                2.50.0.11-AU
TOSHIBA Extended Tiles for Windows Mobility Center        Toshiba        06.10.2008        1,25MB        1.01.00
TOSHIBA Face Recognition        TOSHIBA Corporation        08.10.2009        51,5MB        2.0.17.32
TOSHIBA Hardware Setup        TOSHIBA Corporation        13.03.2010                2.00.11
Toshiba Online Product Information        TOSHIBA        06.10.2008                1.00.0012
TOSHIBA Recovery Disc Creator        TOSHIBA        06.10.2008        2,54MB        2.0.0.1b
TOSHIBA Supervisor Password        TOSHIBA Corporation        13.03.2010                2.00.10
TOSHIBA Value Added Package        TOSHIBA Corporation        12.03.2010        88,7MB        1.2.28
TRDCReminder        TOSHIBA        06.10.2008        0,36MB        1.00.0015
TRORDCLauncher        TOSHIBA        06.10.2008        0,71MB        1.0.0.1
ViewNX 2        Nikon        13.08.2011        64,4MB        2.1.2
Windows Media Encoder 9-Reihe                12.03.2010

markusg 01.05.2012 11:31
dann geh die liste doch bitte mit dem besitzer durch.

nap 04.05.2012 18:03
Hi Markus,

nun hat die Besitzerin die Liste kommentiert.
Bitte schön:
Code:
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        12.03.2010        unnötig       
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        20.04.2012        6,00MB        11.2.202.233        notwendig
Adobe Flash Player 9 ActiveX        Adobe Systems Incorporated        12.03.2010                9                notwendig
Adobe Reader 8.1.2 - Deutsch        Adobe Systems Incorporated        06.10.2008        99,6MB        8.1.2  notwendig
Apple Application Support        Apple Inc.        31.01.2012        61,2MB        2.1.6  unnötig
Apple Mobile Device Support        Apple Inc.        31.01.2012        24,1MB        4.0.0.97        unnötig
Apple Software Update        Apple Inc.        22.08.2011        2,38MB        2.1.3.127        unnötig
ArcSoft Panorama Maker 5        ArcSoft        02.10.2011                5.0.1.71        notwendig
Atheros Driver Installation Program        Atheros        12.03.2010                5.0        nicht bekannt
Atheros Wi-Fi Protected Setup Library        Atheros        08.10.2009                        nicht bekannt
ATI Catalyst Install Manager        ATI Technologies, Inc.        12.03.2010        13,8MB        3.0.732.0        nicht bekannt
Avira Free Antivirus        Avira        19.02.2012        104,4MB        12.0.0.898        notwendig
Bonjour        Apple Inc.        11.10.2011        1,06MB        3.0.0.10                nicht nötig
Camera Assistant Software for Toshiba        Chicony Electronics Co.,Ltd.        08.10.2009                1.7.231.1126L notwendig
Canon MP Navigator EX 1.0                12.03.2010                notwendig
Canon MP520 series                12.03.2010                notwendig
Canon My Printer                12.03.2010                notwendig
Canon Utilities Easy-PhotoPrint EX                12.03.2010        notwendig               
Canon Utilities Solution Menu                12.03.2010                        notwendig
CCleaner        Piriform        30.04.2012                3.18                notwendig
CD/DVD Drive Acoustic Silencer        TOSHIBA        06.10.2008                2.02.03        nicht bekannt
Compatibility Pack für 2007 Office System        Microsoft Corporation        28.03.2012        215MB        12.0.6612.1000 nicht bekannt
cyberJack Base Components        REINER SCT        04.12.2010                6.9.8        notwendig
DHTML Editing Component        Microsoft Corporation        10.10.2009        0,45MB        6.02.0001        nicht bekannt
DVD MovieFactory for TOSHIBA        Ulead Systems, Inc.        12.03.2010                5.51        nicht bekannt
Google Desktop        Google        12.03.2010                5.9.0911.03589                                unnötig
HDAUDIO Soft Data Fax Modem with SmartCP        Conexant        12.03.2010                7.70.00.50 nicht bekannt
iTunes        Apple Inc.        31.01.2012        169,7MB        10.5.3.3        notwendig
Java(TM) 6 Update 3        Sun Microsystems, Inc.        06.10.2008        168,1MB        1.6.0.30 notwendig
Java(TM) 6 Update 32        Oracle        28.04.2012        95,7MB        6.0.320                                notwendig
Java(TM) 6 Update 7        Sun Microsystems, Inc.        09.10.2009        136,2MB        1.6.0.70 notwendig
Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        27.04.2012        18,0MB        1.61.0.1400        notwendig
Microsoft .NET Framework 1.1                12.03.2010                nicht bekannt
Microsoft .NET Framework 1.1 German Language Pack                11.10.2009        nicht bekannt       
Microsoft Office File Validation Add-In        Microsoft Corporation        16.09.2011        7,95MB        14.0.5130.5003        nicht bekannt
Microsoft Office Home and Student 2007        Microsoft Corporation        28.03.2012                12.0.6612.1000        notwendig
Microsoft Office Live Add-in 1.5        Microsoft Corporation        28.04.2012        0,50MB        2.0.4024.1        nicht bekannt
Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        28.03.2012        107,9MB        12.0.6612.1000        notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        10.10.2009        0,25MB        8.0.50727.4053 nicht bekannt
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        17.06.2011        0,29MB        8.0.59193        nicht bekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        11.10.2009        0,19MB        9.0.30729.4148 nicht bekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        12.04.2011        0,58MB        9.0.30729.5570        nicht bekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        30.04.2010        0,61MB        9.0.21022        nicht bekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        15.06.2011        0,23MB        9.0.30729        nicht bekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        09.10.2009        0,58MB        9.0.30729        nicht bekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        14.12.2010        0,58MB        9.0.30729.4148        nicht bekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        17.06.2011        0,59MB        9.0.30729.6161        nicht bekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        16.10.2011        12,3MB        10.0.40219        nicht bekannt
Microsoft Works        Microsoft Corporation        10.04.2012        1.044MB        9.7.0621        nicht bekannt
MobileMe Control Panel        Apple Inc.        23.05.2011        12,0MB        3.1.6.0 nicht bekannt
Mozilla Firefox 11.0 (x86 de)        Mozilla        27.03.2012        37,5MB        11.0 notwendig
Mozilla Thunderbird 11.0.1 (x86 de)        Mozilla        03.04.2012        38,9MB        11.0.1        notwendig
MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        06.10.2008        1,28MB        4.20.9849.0 nicht bekannt
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        11.10.2009        1,29MB        4.20.9870.0        nicht bekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        30.11.2009        1,35MB        4.20.9876.0        nicht bekannt
myphotobook 3.6        myphotobook        12.03.2010                3.6                unnötig
NetWaiting        BVRP Software, Inc        08.10.2009                2.5.52        nicht bekannt
Nikon Message Center 2        Nikon        13.08.2011        5,20MB        2.0.1        ok
OpenOffice.org Installer 1.0        Sun Microsystems        09.10.2009        2,39MB        1.0.9221  nicht bekannt
Picasa 2        Google, Inc.        12.03.2010                2.0    nicht bekannt
Picture Control Utility        Nikon        13.08.2011        19,6MB        1.2.2  ok
QuickTime        Apple Inc.        27.12.2010        73,7MB        7.69.80.9  nicht bekannt
Realtek 8169 8168 8101E 8102E Ethernet Driver        Realtek        06.10.2008                1.00.0000  nicht bekannt
Realtek USB 2.0 Card Reader        Realtek Semiconductor Corp.        13.03.2010                6.1.7600.30101  nicht bekannt
Safari        Apple Inc.        31.01.2012        43,3MB        5.34.52.7    nicht bekannt
SCHLECKER Foto Digital Service                12.03.2010        ok       
StarMoney 7.0 S-Edition        Star Finanz GmbH        04.12.2010                7.0        ok
StarMoney 8.0        Star Finanz GmbH        02.07.2011                8.0
Synaptics Pointing Device Driver        Synaptics        12.03.2010                10.1.8.0  nicht bekannt
T-Online WLAN-Access Finder                12.03.2010  ok               
TomTom HOME 2.8.3.2499        TomTom        29.02.2012                2.8.3.2499  ok
TomTom HOME Visual Studio Merge Modules        TomTom International B.V.        07.04.2011        1,88MB        1.0.2        ok
TOSHIBA Assist        TOSHIBA        06.10.2008                2.01.04 ok
TOSHIBA Benutzerhandbücher        TOSHIBA        08.10.2009                7.40        ok
TOSHIBA ConfigFree        TOSHIBA Corporation        12.03.2010        72,5MB        8.0.23        ok
TOSHIBA Disc Creator        TOSHIBA Corporation        12.03.2010        9,73MB        2.1.0.1  nicht bekannt
TOSHIBA DVD PLAYER        TOSHIBA Corporation        12.03.2010                2.50.0.11-AU        nicht bekannt
TOSHIBA Extended Tiles for Windows Mobility Center        Toshiba        06.10.2008        1,25MB        1.01.00        nicht bekannt
TOSHIBA Face Recognition        TOSHIBA Corporation        08.10.2009        51,5MB        2.0.17.32        nicht bekannt
TOSHIBA Hardware Setup        TOSHIBA Corporation        13.03.2010                2.00.11        nicht bekannt
Toshiba Online Product Information        TOSHIBA        06.10.2008                1.00.0012        nicht bekannt
TOSHIBA Recovery Disc Creator        TOSHIBA        06.10.2008        2,54MB        2.0.0.1b        nicht bekannt
TOSHIBA Supervisor Password        TOSHIBA Corporation        13.03.2010                2.00.10        nicht bekannt
TOSHIBA Value Added Package        TOSHIBA Corporation        12.03.2010        88,7MB        1.2.28  nicht bekannt
TRDCReminder        TOSHIBA        06.10.2008        0,36MB        1.00.0015        nicht bekannt
TRORDCLauncher        TOSHIBA        06.10.2008        0,71MB        1.0.0.1          nicht bekannt
ViewNX 2        Nikon        13.08.2011        64,4MB        2.1.2  nicht bekannt
Windows Media Encoder 9-Reihe                12.03.2010        nicht bekannt
Gruß
nap

markusg 04.05.2012 18:09
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
DVD MovieFactory
Google Desktop
Java(TM) 6 Update 3
Java(TM) 6 Update 7
myphotobook
OpenOffice
Picasa
Safari

öffne ccleaner analysieren ccleaner starten, pc neustarten testen wie der pc läuft.

nap 04.05.2012 20:58
Hi,
vielen Dank für deine Tipps und Einschätzung, ich habe alles nach der Anleitung durchgeführt und einige Programme getestet, läuft soweit alles wunschgemäß.

Eine Frage hab ich noch, in welchem der vorherigen Schritte haben wir eigentlich den Trojaner entfernt?

Noch mal Danke! :party:
Gruß
nap

markusg 05.05.2012 15:34
mit otl.
pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
aus der passage xp:
- automatische updates.
- datenausführungsverhinderung für alle prozesse.
- dienste konfigurieren.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.68

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
Run updateChecker
when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

nap 12.05.2012 20:07
Hi Markus,

tausend Dank noch mal für Deine Hilfe. Ich habe deine Empfehlungen der Besitzerin weitergegeben, und auch die Nummer Eures Spendenkontos ;-)

Ich werde an einem Wochenende noch mal zu ihr hinfahren und die Sicherungsmechanismen durchchecken, auf jeden Fall sichert sie Ihre Daten schon seit längerer Zeit auf eine externe Platte, zumindest das ist schon mal sicher!
Liebe Grüße
nap


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:29 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131