| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: svcvvhost_win86 - GEMA TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.12.2011, 10:03
| #1 |
| |  svcvvhost_win86 - GEMA Trojaner Ich habe mir gestern einen Trojaner eingefangen, der mit einer GEMA-Warnung mein Windows 7 blockiert. Habe mich bereits in das Thema ein wenig einlesen können, dank eures Forums. Allerdings kenn ich mich sogut wie nicht mit Trojanern aus. Bevor ich gestern mit dem Lesen angefangen habe, hab ich meinen infizierten Benutzeraccount abgemeldet, wobei die Nachricht kam, dass das Programm sbvcchost_win86 das abmelden blockiert. Trotzdem habe ich mich abgemeldet und mich auf dem 2. Benutzerkonto auf meinem Rechner angemeldet und einen kompletten Suchlauf mit Antivir gestartet und 2 Funde gehabt. Antivir hatte zum Trojaner TR/Ransom.EJ.21 (war dessen Name) keinen Eintrag. Habe diese zwei Einträge des Trojaner daraufhin gelöscht. Da sich aber immernochnichts getan hat, habe ich mich durchs Forum gelesen. mit Malwarebytes habe ich weitere 9 Funde gehabt, welche ich gelöscht habe. Habe die log-Datei zwar gespeichert, aber irgendwie find ich sie nicht mehr... Anschließend habe ich den ESET Online Scanner drüberlaufen lassen. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bc90813db18e7545a68f9396a37ae825
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-28 08:43:47
# local_time=2011-12-28 09:43:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6483918 6483918 0 0
# compatibility_mode=5893 16776574 100 94 3768 76685527 0 0
# compatibility_mode=8192 67108863 100 0 4685 4685 0 0
# scanned=236589
# found=4
# cleaned=0
# scan_time=6151
C:\Users\Isi\AppData\Local\Temp\plugtmp\plugin-libtiff.pdf PDF/Exploit.Pidief.PBK.Gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Isi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2d2a7f01-16d5aaba Java/Exploit.CVE-2011-3544.L trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Isi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\57650353-463f20c8 a variant of Win32/Injector.MOW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Isi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\150cad71-4dbec51d Java/Exploit.CVE-2011-3544.L trojan (unable to clean) 00000000000000000000000000000000 I
Ich hoffe Ihr könnt mir weiterhelfen! |
|
28.12.2011, 11:15
| #2 |
  | svcvvhost_win86 - GEMA Trojaner Hi,
__________________mit dem verseuchten Konto anmelden und OTL-Log posten... Vorher auf dem verseuchten Konto den JAVA-cache löschen: Deployment-Cache löschen: Folge den Anweisungen auf dieser Seite Virus im Java-Cacheverzeichnis gefunden und dann dem Abschnitt "Lösung"... OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
|
28.12.2011, 11:36
| #3 |
| | svcvvhost_win86 - GEMA Trojaner Danke für die rasche Hilfe. Bin derzeit dabei das Programm ODT durchzuführen. Das mit Java hat schomal geklappt! Danke!
__________________Hab die Malwarebytes txt-Datei doch noch gefunden, falls es weiterhelfen sollte. Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 911122704
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
27.12.2011 22:11:34
mbam-log-2011-12-27 (22-11-21).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 424999
Laufzeit: 1 Stunde(n), 32 Minute(n), 38 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WBhXTAWuFpmNyON (Trojan.Agent) -> Value: WBhXTAWuFpmNyON -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Isi\AppData\Local\Temp\0.4074829044462579.exe (Exploit.Drop.2) -> No action taken.
c:\Users\Isi\2gweorjqjutp92vjy9gake (Malware.Trace) -> No action taken.
c:\Users\Isi\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken.
c:\Users\Isi\AppData\Roaming\Adobe\plugs\mmc178.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Isi\AppData\Roaming\Adobe\plugs\mmc187.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Isi\AppData\Roaming\sbcvvhost_win86.exe (Trojan.Agent) -> No action taken.
|
|
28.12.2011, 11:44
| #4 |
| | svcvvhost_win86 - GEMA Trojaner Hi, sofort alles mit MAM löschen lassen... Schauen wir mal wasübrig bleibt... Bin dann jetzt mal kurz mampfen ;o), chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
28.12.2011, 11:55
| #5 |
| | svcvvhost_win86 - GEMA Trojaner Lass dirs schmecken! Die Dateien hab ich gestern löschen lassen. OTL hab ich jetzt auch fertig. Extra Code:
ATTFilter OTL Extras logfile created on: 28.12.2011 11:40:07 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Isi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 57,23% Memory free
7,93 Gb Paging File | 5,82 Gb Available in Paging File | 73,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 49,59 Gb Free Space | 33,27% Space Free | Partition Type: NTFS
Drive E: | 147,58 Gb Total Space | 45,75 Gb Free Space | 31,00% Space Free | Partition Type: NTFS
Computer Name: ISI-PC | User Name: Isi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0B9E27C7-9ECD-4362-B311-030EA48F8E72}" = Crystal XI
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 21
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{45633D5F-76CE-B1D7-325B-A3F329AA99DB}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56B116A2-FF34-4923-B1A7-1DFAB0B6E186}" = Utility support driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Disk Creator Reminder
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8a38dbee-c9e3-44f1-8e24-b7d732723aa8}" = Nero 9 Essentials
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"CloneDVD2" = CloneDVD2
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Disk Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Picasa2" = Picasa 2
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"TomTom HOME" = TomTom HOME 2.8.3.2458
"VLC media player" = VLC media player 1.1.5
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinAVR-20100110" = WinAVR 20100110 (remove only)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.12.2011 06:36:44 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.12.2011 06:36:44 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 27.12.2011 15:17:48 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.12.2011 15:18:12 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.12.2011 17:13:25 | Computer Name = Isi-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 27.12.2011 17:13:25 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.12.2011 17:13:32 | Computer Name = Isi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Web Camera Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%14001
Error - 27.12.2011 17:44:38 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.12.2011 02:17:34 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.12.2011 05:39:32 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.12.2011 06:18:42 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.12.2011 06:29:11 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
Code:
ATTFilter OTL logfile created on: 28.12.2011 11:40:07 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Isi\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 57,23% Memory free 7,93 Gb Paging File | 5,82 Gb Available in Paging File | 73,41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 49,59 Gb Free Space | 33,27% Space Free | Partition Type: NTFS Drive E: | 147,58 Gb Total Space | 45,75 Gb Free Space | 31,00% Space Free | Partition Type: NTFS Computer Name: ISI-PC | User Name: Isi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Isi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (camsvc) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (CprDrvr) -- C:\Windows\SysNative\drivers\CprDrvr.sys () DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek ) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG; IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.23 06:03:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.13 11:40:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: E:\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: E:\plugins [2011.12.26 15:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isi\AppData\Roaming\mozilla\Extensions [2010.10.07 19:42:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.26 15:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isi\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.12.19 20:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isi\AppData\Roaming\mozilla\Firefox\Profiles\ebc1jwnv.default\extensions [2011.12.12 15:51:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Isi\AppData\Roaming\mozilla\Firefox\Profiles\ebc1jwnv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.12.06 06:10:43 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Isi\AppData\Roaming\mozilla\Firefox\Profiles\ebc1jwnv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2011.12.19 20:29:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Isi\AppData\Roaming\mozilla\Firefox\Profiles\ebc1jwnv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.12.27 08:04:02 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-1.xml [2011.06.27 14:58:05 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-10.xml [2011.05.06 10:10:29 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-11.xml [2011.07.02 11:30:52 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-12.xml [2011.08.01 23:58:54 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-13.xml [2011.08.16 18:38:02 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-14.xml [2011.08.24 14:52:55 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-15.xml [2011.09.02 04:50:43 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-16.xml [2011.09.15 16:24:49 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-17.xml [2011.10.07 14:33:03 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-18.xml [2011.10.14 08:44:07 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-19.xml [2010.08.12 22:39:50 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-2.xml [2011.11.11 16:21:38 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-20.xml [2010.09.18 00:12:57 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-3.xml [2010.10.21 07:06:50 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-4.xml [2010.10.28 19:51:37 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-5.xml [2010.12.11 22:05:45 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-6.xml [2011.03.02 18:06:17 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-7.xml [2011.03.04 23:04:14 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-8.xml [2011.03.24 07:10:39 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-9.xml [2010.07.21 08:06:01 | 000,001,056 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin.xml [2011.11.15 16:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.23 06:03:37 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.07 19:26:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.07 19:26:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.07 19:26:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.07 19:26:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.07 19:26:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.07 19:26:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Programme\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKCU..\Run: [opera.exe] C:\Users\Isi\AppData\Roaming\Opera\Opera\opera.exe File not found O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - Startup: C:\Users\Isi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CBE19F4-5EA4-431E-B673-FE3873B9E159}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5466FC9-958C-4DE5-8A7B-29F4BD5D4B1F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Users\Isi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Isi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.28 11:32:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Isi\Desktop\OTL.exe [2011.12.28 07:55:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Isi\Desktop\esetsmartinstaller_enu.exe [2011.12.28 07:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.27 20:32:09 | 000,000,000 | ---D | C] -- C:\Users\Isi\AppData\Roaming\Malwarebytes [2011.12.27 20:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.27 20:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.27 20:31:58 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.27 20:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.27 18:08:52 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Users\Isi\AppData\Roaming\dwlGina3.dll [2011.12.26 15:37:38 | 000,000,000 | ---D | C] -- C:\Users\Isi\Documents\TomTom [2011.12.26 15:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom [2011.12.26 15:37:16 | 000,000,000 | ---D | C] -- C:\Users\Isi\AppData\Roaming\TomTom [2011.12.26 15:37:16 | 000,000,000 | ---D | C] -- C:\Users\Isi\AppData\Local\TomTom [2011.12.26 15:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom [2011.12.26 15:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V [2011.12.26 15:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2 [2011.12.22 16:30:00 | 000,000,000 | ---D | C] -- C:\Users\Isi\AppData\Roaming\Opera [2011.12.16 19:47:04 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.12.16 19:47:04 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.16 19:47:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.16 19:47:03 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.16 19:47:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.16 19:47:02 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.16 19:47:02 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.16 19:46:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.16 19:46:58 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.16 19:46:58 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.09 17:46:02 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2011.12.09 17:45:22 | 000,000,000 | ---D | C] -- C:\Users\Isi\AppData\Roaming\HP [2011.12.04 22:23:57 | 000,138,872 | ---- | C] (SlySoft, Inc.) -- C:\Windows\SysWow64\drivers\AnyDVD.sys [2011.12.04 22:23:57 | 000,138,872 | ---- | C] (SlySoft, Inc.) -- C:\Windows\SysNative\drivers\AnyDVD.sys [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.28 11:32:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Isi\Desktop\OTL.exe [2011.12.28 11:18:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.28 07:55:41 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Isi\Desktop\esetsmartinstaller_enu.exe [2011.12.27 22:21:01 | 000,010,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.27 22:21:01 | 000,010,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.27 22:13:19 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys [2011.12.27 20:32:02 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.27 18:08:52 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\Users\Isi\AppData\Roaming\dwlGina3.dll [2011.12.27 11:43:53 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.27 11:43:53 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.27 11:43:53 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.27 11:43:53 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.27 11:43:53 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.25 17:40:34 | 000,116,603 | ---- | M] () -- C:\Users\Isi\Desktop\Dienstplan 2012-.pdf [2011.12.25 17:40:26 | 000,224,956 | ---- | M] () -- C:\Users\Isi\Desktop\Löschgruppen 2012 .pdf [2011.12.25 15:53:00 | 000,000,043 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.12.18 19:11:19 | 000,067,792 | ---- | M] () -- C:\Users\Isi\Desktop\checkliste.pdf [2011.12.16 20:28:16 | 000,354,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.10 09:05:03 | 000,053,912 | ---- | M] () -- C:\Users\Isi\Desktop\Leitende Arzthelferin pdf.pdf [2011.12.10 09:03:51 | 000,023,758 | ---- | M] () -- C:\Users\Isi\Desktop\Prüfung Leitende Arzthelferin.odt [2011.12.09 22:30:39 | 000,026,624 | ---- | M] () -- C:\Users\Isi\Desktop\Prüfung Leitende Arzthelferin Word.odt [2011.12.08 13:00:02 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) -- C:\Windows\SysWow64\drivers\AnyDVD.sys [2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) -- C:\Windows\SysNative\drivers\AnyDVD.sys [2011.11.29 18:05:47 | 000,016,683 | ---- | M] () -- C:\Users\Isi\Documents\OpenDocument Text (neu).odt [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.27 20:32:02 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.25 17:40:34 | 000,116,603 | ---- | C] () -- C:\Users\Isi\Desktop\Dienstplan 2012-.pdf [2011.12.25 17:40:24 | 000,224,956 | ---- | C] () -- C:\Users\Isi\Desktop\Löschgruppen 2012 .pdf [2011.12.18 19:11:19 | 000,067,792 | ---- | C] () -- C:\Users\Isi\Desktop\checkliste.pdf [2011.12.10 09:05:03 | 000,053,912 | ---- | C] () -- C:\Users\Isi\Desktop\Leitende Arzthelferin pdf.pdf [2011.12.09 22:30:26 | 000,026,624 | ---- | C] () -- C:\Users\Isi\Desktop\Prüfung Leitende Arzthelferin Word.odt [2011.12.04 13:14:41 | 000,023,758 | ---- | C] () -- C:\Users\Isi\Desktop\Prüfung Leitende Arzthelferin.odt [2011.11.29 17:51:16 | 000,016,683 | ---- | C] () -- C:\Users\Isi\Documents\OpenDocument Text (neu).odt [2011.01.27 13:12:37 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.02 11:53:10 | 000,004,608 | ---- | C] () -- C:\Users\Isi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.15 13:47:01 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.08.12 20:47:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.12.03 08:00:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.11.26 09:12:44 | 000,903,168 | ---- | C] () -- C:\Windows\SysWow64\mitmdl30.dll [2009.11.26 09:12:44 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll [2009.11.26 09:12:44 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll [2009.11.26 09:12:44 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll [2009.11.26 09:12:44 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll [2009.11.26 09:12:44 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll [2009.11.26 09:12:44 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll [2009.11.26 09:12:44 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll [2009.11.26 09:12:44 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll [2009.11.26 09:12:44 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll [2009.11.26 09:12:44 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll [2009.11.26 09:12:44 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll [2009.11.26 09:12:44 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll [2009.11.26 09:12:44 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll [2009.11.26 09:12:44 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll [2009.08.17 11:47:11 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2009.08.02 17:47:29 | 000,215,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2009.08.02 17:47:27 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009.08.02 17:47:25 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2009.08.01 23:29:19 | 000,000,085 | -HS- | C] () -- C:\Users\Isi\AppData\Roaming\.zreglib [2009.07.31 11:49:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.09.02 01:32:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2002.02.27 10:41:28 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll [2002.02.27 10:41:26 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll [2002.02.27 10:41:26 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll < End of report > |
|
28.12.2011, 13:22
| #6 |
| | svcvvhost_win86 - GEMA Trojaner Hi, sieht gut aus... Fix für OTL:
 Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [opera.exe] C:\Users\Isi\AppData\Roaming\Opera\Opera\opera.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2011.12.22 16:30:00 | 000,000,000 | ---D | C] -- C:\Users\Isi\AppData\Roaming\Opera
:Commands
[emptytemp]
[Reboot]
Prüfen wir noch kurz auf tdss... TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________ --> svcvvhost_win86 - GEMA Trojaner |
|
28.12.2011, 13:40
| #7 |
| | svcvvhost_win86 - GEMA Trojaner Hier noch die Fix-OTL-Datei Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\opera.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
C:\Users\Isi\AppData\Roaming\Opera\Opera folder moved successfully.
C:\Users\Isi\AppData\Roaming\Opera folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Isi
->Temp folder emptied: 345604496 bytes
->Temporary Internet Files folder emptied: 72018271 bytes
->Java cache emptied: 109738678 bytes
->FireFox cache emptied: 65313036 bytes
->Flash cache emptied: 276430 bytes
User: Miriam
->Temp folder emptied: 848068 bytes
->Temporary Internet Files folder emptied: 1061916 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 52559153 bytes
->Flash cache emptied: 2247 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2921984 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 172199579 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 785,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12282011_132635
Files\Folders moved on Reboot...
C:\Users\Isi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Code:
ATTFilter 13:33:13.0611 1008 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:33:14.0201 1008 ============================================================
13:33:14.0201 1008 Current date / time: 2011/12/28 13:33:14.0201
13:33:14.0201 1008 SystemInfo:
13:33:14.0201 1008
13:33:14.0201 1008 OS Version: 6.1.7601 ServicePack: 1.0
13:33:14.0201 1008 Product type: Workstation
13:33:14.0201 1008 ComputerName: ISI-PC
13:33:14.0201 1008 UserName: Isi
13:33:14.0201 1008 Windows directory: C:\Windows
13:33:14.0201 1008 System windows directory: C:\Windows
13:33:14.0201 1008 Running under WOW64
13:33:14.0201 1008 Processor architecture: Intel x64
13:33:14.0201 1008 Number of processors: 2
13:33:14.0201 1008 Page size: 0x1000
13:33:14.0201 1008 Boot type: Normal boot
13:33:14.0201 1008 ============================================================
13:33:15.0092 1008 Initialize success
13:33:19.0382 4320 ============================================================
13:33:19.0382 4320 Scan started
13:33:19.0382 4320 Mode: Manual;
13:33:19.0382 4320 ============================================================
13:33:20.0250 4320 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:33:20.0272 4320 1394ohci - ok
13:33:20.0444 4320 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:33:20.0449 4320 ACPI - ok
13:33:20.0617 4320 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:33:20.0627 4320 AcpiPmi - ok
13:33:20.0868 4320 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:33:20.0966 4320 adp94xx - ok
13:33:21.0135 4320 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:33:21.0148 4320 adpahci - ok
13:33:21.0347 4320 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:33:21.0383 4320 adpu320 - ok
13:33:21.0556 4320 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
13:33:21.0561 4320 AFD - ok
13:33:21.0636 4320 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:33:21.0643 4320 agp440 - ok
13:33:21.0812 4320 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:33:21.0817 4320 aliide - ok
13:33:21.0980 4320 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:33:21.0985 4320 amdide - ok
13:33:22.0141 4320 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:33:22.0150 4320 AmdK8 - ok
13:33:22.0179 4320 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:33:22.0185 4320 AmdPPM - ok
13:33:22.0322 4320 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
13:33:22.0331 4320 amdsata - ok
13:33:22.0484 4320 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:33:22.0506 4320 amdsbs - ok
13:33:22.0580 4320 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
13:33:22.0586 4320 amdxata - ok
13:33:22.0801 4320 AnyDVD (7ce7d6019d0d73f9203ba4ff4ba35b6a) C:\Windows\system32\Drivers\AnyDVD.sys
13:33:22.0803 4320 AnyDVD - ok
13:33:22.0937 4320 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:33:22.0945 4320 AppID - ok
13:33:23.0109 4320 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:33:23.0119 4320 arc - ok
13:33:23.0280 4320 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:33:23.0289 4320 arcsas - ok
13:33:23.0475 4320 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:23.0476 4320 AsyncMac - ok
13:33:23.0632 4320 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:33:23.0638 4320 atapi - ok
13:33:23.0901 4320 atikmdag (173f4c05f87085e9bda3f7037bc9f40e) C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:24.0028 4320 atikmdag - ok
13:33:24.0184 4320 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
13:33:24.0190 4320 avgntflt - ok
13:33:24.0340 4320 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
13:33:24.0350 4320 avipbb - ok
13:33:24.0483 4320 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:33:24.0489 4320 avkmgr - ok
13:33:24.0658 4320 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:33:24.0687 4320 b06bdrv - ok
13:33:24.0851 4320 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:33:24.0871 4320 b57nd60a - ok
13:33:25.0030 4320 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:33:25.0033 4320 Beep - ok
13:33:25.0197 4320 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:33:25.0201 4320 blbdrive - ok
13:33:25.0341 4320 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:33:25.0349 4320 bowser - ok
13:33:25.0495 4320 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:33:25.0500 4320 BrFiltLo - ok
13:33:25.0641 4320 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:33:25.0645 4320 BrFiltUp - ok
13:33:25.0793 4320 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:33:25.0820 4320 Brserid - ok
13:33:25.0966 4320 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:33:25.0973 4320 BrSerWdm - ok
13:33:26.0124 4320 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:33:26.0128 4320 BrUsbMdm - ok
13:33:26.0290 4320 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:33:26.0294 4320 BrUsbSer - ok
13:33:26.0450 4320 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:33:26.0456 4320 BTHMODEM - ok
13:33:26.0621 4320 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:33:26.0628 4320 cdfs - ok
13:33:26.0776 4320 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:33:26.0788 4320 cdrom - ok
13:33:26.0972 4320 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:33:26.0980 4320 circlass - ok
13:33:27.0122 4320 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:33:27.0128 4320 CLFS - ok
13:33:27.0306 4320 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:33:27.0310 4320 CmBatt - ok
13:33:27.0453 4320 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:33:27.0459 4320 cmdide - ok
13:33:27.0617 4320 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
13:33:27.0650 4320 CNG - ok
13:33:27.0810 4320 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:33:27.0817 4320 Compbatt - ok
13:33:27.0954 4320 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:33:27.0962 4320 CompositeBus - ok
13:33:28.0110 4320 CprDrvr (911a8f4f806ffb474a8b3713f5811477) C:\Windows\system32\DRIVERS\CprDrvr.sys
13:33:28.0121 4320 CprDrvr - ok
13:33:28.0262 4320 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:33:28.0266 4320 crcdisk - ok
13:33:28.0419 4320 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:33:28.0428 4320 DfsC - ok
13:33:28.0584 4320 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:33:28.0585 4320 discache - ok
13:33:28.0744 4320 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:33:28.0752 4320 Disk - ok
13:33:28.0908 4320 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:33:28.0912 4320 drmkaud - ok
13:33:29.0065 4320 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:33:29.0083 4320 DXGKrnl - ok
13:33:29.0293 4320 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:33:29.0407 4320 ebdrv - ok
13:33:29.0565 4320 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:33:29.0566 4320 ElbyCDIO - ok
13:33:29.0710 4320 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:33:29.0738 4320 elxstor - ok
13:33:29.0876 4320 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:33:29.0881 4320 ErrDev - ok
13:33:30.0142 4320 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:33:30.0164 4320 exfat - ok
13:33:30.0294 4320 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:33:30.0325 4320 fastfat - ok
13:33:30.0489 4320 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:33:30.0495 4320 fdc - ok
13:33:30.0651 4320 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:33:30.0659 4320 FileInfo - ok
13:33:30.0690 4320 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:33:30.0696 4320 Filetrace - ok
13:33:30.0844 4320 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:33:30.0850 4320 flpydisk - ok
13:33:31.0010 4320 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:33:31.0031 4320 FltMgr - ok
13:33:31.0175 4320 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:33:31.0183 4320 FsDepends - ok
13:33:31.0219 4320 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:33:31.0225 4320 Fs_Rec - ok
13:33:31.0381 4320 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:33:31.0384 4320 fvevol - ok
13:33:31.0537 4320 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:33:31.0545 4320 gagp30kx - ok
13:33:31.0705 4320 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:33:31.0713 4320 hcw85cir - ok
13:33:31.0856 4320 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:33:31.0858 4320 HDAudBus - ok
13:33:31.0954 4320 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:33:31.0959 4320 HidBatt - ok
13:33:32.0020 4320 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:33:32.0027 4320 HidBth - ok
13:33:32.0118 4320 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:33:32.0125 4320 HidIr - ok
13:33:32.0222 4320 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
13:33:32.0228 4320 HidUsb - ok
13:33:32.0331 4320 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:33:32.0340 4320 HpSAMD - ok
13:33:32.0435 4320 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:33:32.0458 4320 HTTP - ok
13:33:32.0598 4320 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:33:32.0599 4320 hwpolicy - ok
13:33:32.0757 4320 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:33:32.0767 4320 i8042prt - ok
13:33:32.0910 4320 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
13:33:32.0914 4320 iaStor - ok
13:33:33.0061 4320 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
13:33:33.0093 4320 iaStorV - ok
13:33:33.0258 4320 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:33:33.0265 4320 iirsp - ok
13:33:33.0466 4320 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
13:33:33.0494 4320 IntcAzAudAddService - ok
13:33:33.0535 4320 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:33:33.0539 4320 intelide - ok
13:33:33.0688 4320 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:33:33.0690 4320 intelppm - ok
13:33:33.0751 4320 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:33.0762 4320 IpFilterDriver - ok
13:33:33.0888 4320 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:33:33.0894 4320 IPMIDRV - ok
13:33:33.0978 4320 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:33:33.0988 4320 IPNAT - ok
13:33:34.0149 4320 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:33:34.0153 4320 IRENUM - ok
13:33:34.0293 4320 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:33:34.0300 4320 isapnp - ok
13:33:34.0439 4320 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:33:34.0458 4320 iScsiPrt - ok
13:33:34.0613 4320 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:33:34.0619 4320 kbdclass - ok
13:33:34.0765 4320 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:33:34.0771 4320 kbdhid - ok
13:33:34.0938 4320 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
13:33:34.0947 4320 KSecDD - ok
13:33:35.0094 4320 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
13:33:35.0105 4320 KSecPkg - ok
13:33:35.0259 4320 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:33:35.0264 4320 ksthunk - ok
13:33:35.0447 4320 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:33:35.0454 4320 lltdio - ok
13:33:35.0602 4320 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\Windows\system32\DRIVERS\LPCFilter.sys
13:33:35.0608 4320 LPCFilter - ok
13:33:35.0772 4320 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:33:35.0782 4320 LSI_FC - ok
13:33:35.0939 4320 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:33:35.0948 4320 LSI_SAS - ok
13:33:36.0102 4320 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:33:36.0111 4320 LSI_SAS2 - ok
13:33:36.0274 4320 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:33:36.0284 4320 LSI_SCSI - ok
13:33:36.0451 4320 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:33:36.0461 4320 luafv - ok
13:33:36.0602 4320 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
13:33:36.0608 4320 MBAMProtector - ok
13:33:36.0759 4320 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:33:36.0766 4320 megasas - ok
13:33:36.0925 4320 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:33:36.0948 4320 MegaSR - ok
13:33:37.0118 4320 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:33:37.0124 4320 Modem - ok
13:33:37.0281 4320 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:33:37.0282 4320 monitor - ok
13:33:37.0420 4320 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:33:37.0427 4320 mouclass - ok
13:33:37.0589 4320 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:33:37.0595 4320 mouhid - ok
13:33:37.0727 4320 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:33:37.0729 4320 mountmgr - ok
13:33:37.0861 4320 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:33:37.0874 4320 mpio - ok
13:33:38.0012 4320 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:33:38.0019 4320 mpsdrv - ok
13:33:38.0165 4320 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:33:38.0175 4320 MRxDAV - ok
13:33:38.0307 4320 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:38.0318 4320 mrxsmb - ok
13:33:38.0444 4320 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:38.0457 4320 mrxsmb10 - ok
13:33:38.0589 4320 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:38.0598 4320 mrxsmb20 - ok
13:33:38.0742 4320 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:33:38.0748 4320 msahci - ok
13:33:38.0892 4320 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:33:38.0903 4320 msdsm - ok
13:33:39.0065 4320 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:33:39.0071 4320 Msfs - ok
13:33:39.0210 4320 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:33:39.0214 4320 mshidkmdf - ok
13:33:39.0343 4320 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:33:39.0348 4320 msisadrv - ok
13:33:39.0519 4320 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:33:39.0524 4320 MSKSSRV - ok
13:33:39.0683 4320 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:39.0687 4320 MSPCLOCK - ok
13:33:39.0839 4320 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:33:39.0853 4320 MSPQM - ok
13:33:40.0003 4320 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:33:40.0026 4320 MsRPC - ok
13:33:40.0153 4320 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:33:40.0154 4320 mssmbios - ok
13:33:40.0303 4320 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:33:40.0308 4320 MSTEE - ok
13:33:40.0462 4320 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:33:40.0467 4320 MTConfig - ok
13:33:40.0610 4320 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:33:40.0617 4320 Mup - ok
13:33:40.0782 4320 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:33:40.0804 4320 NativeWifiP - ok
13:33:40.0966 4320 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:33:40.0987 4320 NDIS - ok
13:33:41.0152 4320 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:33:41.0158 4320 NdisCap - ok
13:33:41.0319 4320 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:41.0324 4320 NdisTapi - ok
13:33:41.0494 4320 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:41.0501 4320 Ndisuio - ok
13:33:41.0653 4320 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:41.0664 4320 NdisWan - ok
13:33:41.0797 4320 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:33:41.0804 4320 NDProxy - ok
13:33:41.0987 4320 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:33:41.0993 4320 NetBIOS - ok
13:33:42.0230 4320 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:33:42.0233 4320 NetBT - ok
13:33:42.0562 4320 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
13:33:42.0747 4320 NETw5s64 - ok
13:33:43.0010 4320 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
13:33:43.0152 4320 netw5v64 - ok
13:33:43.0304 4320 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:33:43.0312 4320 nfrd960 - ok
13:33:43.0476 4320 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:33:43.0483 4320 Npfs - ok
13:33:43.0632 4320 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:33:43.0633 4320 nsiproxy - ok
13:33:43.0763 4320 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
13:33:43.0828 4320 Ntfs - ok
13:33:43.0966 4320 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:33:43.0969 4320 Null - ok
13:33:44.0117 4320 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
13:33:44.0127 4320 nvraid - ok
13:33:44.0266 4320 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
13:33:44.0277 4320 nvstor - ok
13:33:44.0424 4320 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:33:44.0435 4320 nv_agp - ok
13:33:44.0571 4320 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:33:44.0580 4320 ohci1394 - ok
13:33:44.0742 4320 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:33:44.0751 4320 Parport - ok
13:33:44.0967 4320 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:33:44.0976 4320 partmgr - ok
13:33:45.0106 4320 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:33:45.0108 4320 pci - ok
13:33:45.0154 4320 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:33:45.0160 4320 pciide - ok
13:33:45.0275 4320 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:33:45.0289 4320 pcmcia - ok
13:33:45.0322 4320 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:33:45.0328 4320 pcw - ok
13:33:45.0455 4320 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:33:45.0485 4320 PEAUTH - ok
13:33:45.0647 4320 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
13:33:45.0653 4320 PGEffect - ok
13:33:45.0742 4320 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:33:45.0752 4320 PptpMiniport - ok
13:33:45.0920 4320 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:33:45.0929 4320 Processor - ok
13:33:46.0067 4320 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:33:46.0069 4320 Psched - ok
13:33:46.0216 4320 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:33:46.0276 4320 ql2300 - ok
13:33:46.0396 4320 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:33:46.0408 4320 ql40xx - ok
13:33:46.0523 4320 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:33:46.0530 4320 QWAVEdrv - ok
13:33:46.0613 4320 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:33:46.0617 4320 RasAcd - ok
13:33:46.0735 4320 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:33:46.0742 4320 RasAgileVpn - ok
13:33:46.0863 4320 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:46.0873 4320 Rasl2tp - ok
13:33:47.0019 4320 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:47.0028 4320 RasPppoe - ok
13:33:47.0150 4320 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:33:47.0158 4320 RasSstp - ok
13:33:47.0277 4320 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:33:47.0295 4320 rdbss - ok
13:33:47.0414 4320 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:33:47.0419 4320 rdpbus - ok
13:33:47.0503 4320 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:47.0504 4320 RDPCDD - ok
13:33:47.0631 4320 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:33:47.0633 4320 RDPENCDD - ok
13:33:47.0745 4320 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:33:47.0746 4320 RDPREFMP - ok
13:33:47.0859 4320 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:33:47.0880 4320 RDPWD - ok
13:33:48.0022 4320 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:33:48.0045 4320 rdyboost - ok
13:33:48.0227 4320 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:33:48.0234 4320 rspndr - ok
13:33:48.0400 4320 RSUSBSTOR (8c22f21c924413d4e109995f748e18bb) C:\Windows\system32\Drivers\RtsUStor.sys
13:33:48.0422 4320 RSUSBSTOR - ok
13:33:48.0575 4320 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys
13:33:48.0585 4320 RTHDMIAzAudService - ok
13:33:48.0720 4320 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:33:48.0731 4320 RTL8167 - ok
13:33:48.0897 4320 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
13:33:48.0908 4320 RTL8169 - ok
13:33:49.0035 4320 RtsUIR - ok
13:33:49.0146 4320 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:33:49.0155 4320 sbp2port - ok
13:33:49.0264 4320 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:33:49.0270 4320 scfilter - ok
13:33:49.0451 4320 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:33:49.0456 4320 secdrv - ok
13:33:49.0618 4320 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:33:49.0623 4320 Serenum - ok
13:33:49.0783 4320 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:33:49.0792 4320 Serial - ok
13:33:49.0926 4320 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:33:49.0932 4320 sermouse - ok
13:33:50.0085 4320 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:33:50.0090 4320 sffdisk - ok
13:33:50.0178 4320 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:33:50.0184 4320 sffp_mmc - ok
13:33:50.0312 4320 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:33:50.0317 4320 sffp_sd - ok
13:33:50.0465 4320 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:33:50.0471 4320 sfloppy - ok
13:33:50.0627 4320 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:33:50.0635 4320 SiSRaid2 - ok
13:33:50.0786 4320 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:33:50.0794 4320 SiSRaid4 - ok
13:33:51.0059 4320 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:33:51.0067 4320 Smb - ok
13:33:51.0235 4320 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:33:51.0240 4320 spldr - ok
13:33:51.0354 4320 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:33:51.0374 4320 srv - ok
13:33:51.0483 4320 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:33:51.0507 4320 srv2 - ok
13:33:51.0643 4320 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:33:51.0654 4320 srvnet - ok
13:33:51.0819 4320 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:33:51.0825 4320 stexstor - ok
13:33:52.0000 4320 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:33:52.0005 4320 swenum - ok
13:33:52.0203 4320 SynTP (ea7043973d9305235e7b68ac0c6ec889) C:\Windows\system32\DRIVERS\SynTP.sys
13:33:52.0212 4320 SynTP - ok
13:33:52.0428 4320 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:33:52.0506 4320 Tcpip - ok
13:33:52.0707 4320 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:33:52.0723 4320 TCPIP6 - ok
13:33:52.0779 4320 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:33:52.0785 4320 tcpipreg - ok
13:33:52.0932 4320 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
13:33:52.0937 4320 tdcmdpst - ok
13:33:53.0086 4320 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:33:53.0091 4320 TDPIPE - ok
13:33:53.0127 4320 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:33:53.0133 4320 TDTCP - ok
13:33:53.0310 4320 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:33:53.0318 4320 tdx - ok
13:33:53.0454 4320 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:33:53.0461 4320 TermDD - ok
13:33:53.0657 4320 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
13:33:53.0679 4320 tos_sps64 - ok
13:33:53.0811 4320 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:53.0818 4320 tssecsrv - ok
13:33:53.0923 4320 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:33:53.0932 4320 TsUsbFlt - ok
13:33:54.0097 4320 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:33:54.0107 4320 tunnel - ok
13:33:54.0251 4320 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:33:54.0257 4320 TVALZ - ok
13:33:54.0305 4320 TVALZFL (be32a8658a0b56474ad4d0bb8afa8e55) C:\Windows\system32\DRIVERS\TVALZFL.sys
13:33:54.0310 4320 TVALZFL - ok
13:33:54.0450 4320 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:33:54.0458 4320 uagp35 - ok
13:33:54.0526 4320 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:33:54.0542 4320 udfs - ok
13:33:54.0687 4320 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:33:54.0695 4320 uliagpkx - ok
13:33:54.0744 4320 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:33:54.0752 4320 umbus - ok
13:33:54.0899 4320 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:33:54.0904 4320 UmPass - ok
13:33:55.0040 4320 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
13:33:55.0049 4320 usbccgp - ok
13:33:55.0171 4320 USBCCID - ok
13:33:55.0235 4320 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:33:55.0247 4320 usbcir - ok
13:33:55.0378 4320 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
13:33:55.0385 4320 usbehci - ok
13:33:55.0533 4320 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
13:33:55.0557 4320 usbhub - ok
13:33:55.0695 4320 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
13:33:55.0701 4320 usbohci - ok
13:33:55.0772 4320 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:33:55.0778 4320 usbprint - ok
13:33:55.0877 4320 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:55.0886 4320 USBSTOR - ok
13:33:55.0943 4320 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
13:33:55.0949 4320 usbuhci - ok
13:33:56.0062 4320 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:33:56.0073 4320 usbvideo - ok
13:33:56.0227 4320 VBoxNetAdp (48b196c4f368d0c1aec103ed6425d959) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
13:33:56.0240 4320 VBoxNetAdp - ok
13:33:56.0362 4320 VBoxNetFlt - ok
13:33:56.0413 4320 VBoxUSB (21ae7d5965f2dcabb4bb2b6c97774d11) C:\Windows\system32\Drivers\VBoxUSB.sys
13:33:56.0420 4320 VBoxUSB - ok
13:33:56.0557 4320 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:33:56.0564 4320 vdrvroot - ok
13:33:56.0729 4320 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:56.0735 4320 vga - ok
13:33:56.0823 4320 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:33:56.0829 4320 VgaSave - ok
13:33:56.0928 4320 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:33:56.0943 4320 vhdmp - ok
13:33:57.0070 4320 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:33:57.0076 4320 viaide - ok
13:33:57.0114 4320 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:33:57.0122 4320 volmgr - ok
13:33:57.0281 4320 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:33:57.0286 4320 volmgrx - ok
13:33:57.0344 4320 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:33:57.0358 4320 volsnap - ok
13:33:57.0507 4320 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:33:57.0519 4320 vsmraid - ok
13:33:57.0554 4320 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:33:57.0559 4320 vwifibus - ok
13:33:57.0719 4320 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:33:57.0727 4320 vwififlt - ok
13:33:57.0772 4320 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:33:57.0778 4320 WacomPen - ok
13:33:57.0937 4320 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:57.0946 4320 WANARP - ok
13:33:57.0960 4320 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:57.0962 4320 Wanarpv6 - ok
13:33:58.0122 4320 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:33:58.0129 4320 Wd - ok
13:33:58.0174 4320 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:33:58.0208 4320 Wdf01000 - ok
13:33:58.0389 4320 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:33:58.0393 4320 WfpLwf - ok
13:33:58.0543 4320 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:33:58.0549 4320 WIMMount - ok
13:33:58.0702 4320 WinDriver6 (4de7d61cf51f4c8261d119cfbdb70243) C:\Windows\system32\drivers\windrvr6.sys
13:33:58.0725 4320 WinDriver6 - ok
13:33:58.0898 4320 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:33:58.0903 4320 WmiAcpi - ok
13:33:59.0081 4320 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:59.0086 4320 ws2ifsl - ok
13:33:59.0248 4320 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:33:59.0257 4320 WudfPf - ok
13:33:59.0418 4320 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:59.0428 4320 WUDFRd - ok
13:33:59.0464 4320 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:33:59.0533 4320 \Device\Harddisk0\DR0 - ok
13:33:59.0538 4320 Boot (0x1200) (4a7303af2ab30d77dcd56c516a51668c) \Device\Harddisk0\DR0\Partition0
13:33:59.0545 4320 \Device\Harddisk0\DR0\Partition0 - ok
13:33:59.0566 4320 Boot (0x1200) (a727e6f2c5e13aa2cf74ecd750305463) \Device\Harddisk0\DR0\Partition1
13:33:59.0567 4320 \Device\Harddisk0\DR0\Partition1 - ok
13:33:59.0568 4320 ============================================================
13:33:59.0568 4320 Scan finished
13:33:59.0568 4320 ============================================================
13:33:59.0583 5052 Detected object count: 0
13:33:59.0583 5052 Actual detected object count: 0
 |
|
28.12.2011, 13:57
| #8 |
| | svcvvhost_win86 - GEMA Trojaner Hi, das wenn sich der Rechner normal verhält, wir durch sind... Zukünftig zum Surfen ein eingschränktes Benutzerkonto (Gast) mit Firefox und den PlugIns WOT und NoScript benutzen... Auf dem Rechner liegt noch ein Verzeichnis C:\_OTL,das kannst Du löschen... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
28.12.2011, 15:22
| #9 |
| | svcvvhost_win86 - GEMA Trojaner Vielen Dank Chris! Du hast mir super weitergeholfen! Jetzt kann ich wieder beruhigt schlafen!  |
|
| Themen zu svcvvhost_win86 - GEMA Trojaner |
| antivir, appdata, benutzerkonto, cache, code, downloader, escan, eset, gen, infizierte, java, log-datei, malwarebytes, online, onlinescan, programm, rechner, scan, scanner, temp, trojane, trojaner, trojaner eingefangen, variant, version, win, windows, windows 7 |
Linear-Darstellung
