Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: svcvvhost_win86 - GEMA Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.12.2011, 09:03   #1
Tobi88
 
svcvvhost_win86 - GEMA Trojaner - Standard

svcvvhost_win86 - GEMA Trojaner



Ich habe mir gestern einen Trojaner eingefangen, der mit einer GEMA-Warnung mein Windows 7 blockiert. Habe mich bereits in das Thema ein wenig einlesen können, dank eures Forums. Allerdings kenn ich mich sogut wie nicht mit Trojanern aus.

Bevor ich gestern mit dem Lesen angefangen habe, hab ich meinen infizierten Benutzeraccount abgemeldet, wobei die Nachricht kam, dass das Programm sbvcchost_win86 das abmelden blockiert. Trotzdem habe ich mich abgemeldet und mich auf dem 2. Benutzerkonto auf meinem Rechner angemeldet und einen kompletten Suchlauf mit Antivir gestartet und 2 Funde gehabt. Antivir hatte zum Trojaner TR/Ransom.EJ.21 (war dessen Name) keinen Eintrag.
Habe diese zwei Einträge des Trojaner daraufhin gelöscht.

Da sich aber immernochnichts getan hat, habe ich mich durchs Forum gelesen. mit Malwarebytes habe ich weitere 9 Funde gehabt, welche ich gelöscht habe.

Habe die log-Datei zwar gespeichert, aber irgendwie find ich sie nicht mehr...

Anschließend habe ich den ESET Online Scanner drüberlaufen lassen.

Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bc90813db18e7545a68f9396a37ae825
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-28 08:43:47
# local_time=2011-12-28 09:43:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6483918 6483918 0 0
# compatibility_mode=5893 16776574 100 94 3768 76685527 0 0
# compatibility_mode=8192 67108863 100 0 4685 4685 0 0
# scanned=236589
# found=4
# cleaned=0
# scan_time=6151
C:\Users\Isi\AppData\Local\Temp\plugtmp\plugin-libtiff.pdf	PDF/Exploit.Pidief.PBK.Gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Isi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2d2a7f01-16d5aaba	Java/Exploit.CVE-2011-3544.L trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Isi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\57650353-463f20c8	a variant of Win32/Injector.MOW trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Isi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\150cad71-4dbec51d	Java/Exploit.CVE-2011-3544.L trojan (unable to clean)	00000000000000000000000000000000	I
         

Ich hoffe Ihr könnt mir weiterhelfen!

Alt 28.12.2011, 10:15   #2
Chris4You
 
svcvvhost_win86 - GEMA Trojaner - Standard

svcvvhost_win86 - GEMA Trojaner



Hi,

mit dem verseuchten Konto anmelden und OTL-Log posten...

Vorher auf dem verseuchten Konto den JAVA-cache löschen:
Deployment-Cache löschen:
Folge den Anweisungen auf dieser Seite
Virus im Java-Cacheverzeichnis gefunden
und dann dem Abschnitt "Lösung"...

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris
__________________

__________________

Alt 28.12.2011, 10:36   #3
Tobi88
 
svcvvhost_win86 - GEMA Trojaner - Standard

svcvvhost_win86 - GEMA Trojaner



Danke für die rasche Hilfe. Bin derzeit dabei das Programm ODT durchzuführen. Das mit Java hat schomal geklappt! Danke!


Hab die Malwarebytes txt-Datei doch noch gefunden, falls es weiterhelfen sollte.

Code:
ATTFilter
 Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122704

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

27.12.2011 22:11:34
mbam-log-2011-12-27 (22-11-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 424999
Laufzeit: 1 Stunde(n), 32 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WBhXTAWuFpmNyON (Trojan.Agent) -> Value: WBhXTAWuFpmNyON -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Isi\AppData\Local\Temp\0.4074829044462579.exe (Exploit.Drop.2) -> No action taken.
c:\Users\Isi\2gweorjqjutp92vjy9gake (Malware.Trace) -> No action taken.
c:\Users\Isi\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken.
c:\Users\Isi\AppData\Roaming\Adobe\plugs\mmc178.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Isi\AppData\Roaming\Adobe\plugs\mmc187.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Isi\AppData\Roaming\sbcvvhost_win86.exe (Trojan.Agent) -> No action taken.
         
__________________

Alt 28.12.2011, 10:44   #4
Chris4You
 
svcvvhost_win86 - GEMA Trojaner - Standard

svcvvhost_win86 - GEMA Trojaner



Hi,

sofort alles mit MAM löschen lassen...

Schauen wir mal wasübrig bleibt...

Bin dann jetzt mal kurz mampfen ;o),
chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 28.12.2011, 10:55   #5
Tobi88
 
svcvvhost_win86 - GEMA Trojaner - Standard

svcvvhost_win86 - GEMA Trojaner



Lass dirs schmecken!

Die Dateien hab ich gestern löschen lassen. OTL hab ich jetzt auch fertig.

Extra
Code:
ATTFilter
OTL Extras logfile created on: 28.12.2011 11:40:07 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Isi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 57,23% Memory free
7,93 Gb Paging File | 5,82 Gb Available in Paging File | 73,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 49,59 Gb Free Space | 33,27% Space Free | Partition Type: NTFS
Drive E: | 147,58 Gb Total Space | 45,75 Gb Free Space | 31,00% Space Free | Partition Type: NTFS
 
Computer Name: ISI-PC | User Name: Isi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0B9E27C7-9ECD-4362-B311-030EA48F8E72}" = Crystal XI
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 21
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{45633D5F-76CE-B1D7-325B-A3F329AA99DB}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56B116A2-FF34-4923-B1A7-1DFAB0B6E186}" = Utility support driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Disk Creator Reminder
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8a38dbee-c9e3-44f1-8e24-b7d732723aa8}" = Nero 9 Essentials
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"CloneDVD2" = CloneDVD2
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Disk Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Picasa2" = Picasa 2
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"TomTom HOME" = TomTom HOME 2.8.3.2458
"VLC media player" = VLC media player 1.1.5
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinAVR-20100110" = WinAVR 20100110 (remove only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.12.2011 06:36:44 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 06:36:44 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 06:36:47 | Computer Name = Isi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\SysWOW64\Microsoft.VC80.MFC\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 27.12.2011 15:17:48 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 27.12.2011 15:18:12 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 27.12.2011 17:13:25 | Computer Name = Isi-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 27.12.2011 17:13:25 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 27.12.2011 17:13:32 | Computer Name = Isi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Web Camera Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%14001
 
Error - 27.12.2011 17:44:38 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.12.2011 02:17:34 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.12.2011 05:39:32 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.12.2011 06:18:42 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.12.2011 06:29:11 | Computer Name = Isi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
OTL
Code:
ATTFilter
OTL logfile created on: 28.12.2011 11:40:07 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Isi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 57,23% Memory free
7,93 Gb Paging File | 5,82 Gb Available in Paging File | 73,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 49,59 Gb Free Space | 33,27% Space Free | Partition Type: NTFS
Drive E: | 147,58 Gb Total Space | 45,75 Gb Free Space | 31,00% Space Free | Partition Type: NTFS
 
Computer Name: ISI-PC | User Name: Isi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Isi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (camsvc) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (CprDrvr) -- C:\Windows\SysNative\drivers\CprDrvr.sys ()
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek                                            )
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.23 06:03:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.13 11:40:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: E:\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: E:\plugins
 
[2011.12.26 15:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isi\AppData\Roaming\mozilla\Extensions
[2010.10.07 19:42:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.26 15:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isi\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.12.19 20:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isi\AppData\Roaming\mozilla\Firefox\Profiles\ebc1jwnv.default\extensions
[2011.12.12 15:51:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Isi\AppData\Roaming\mozilla\Firefox\Profiles\ebc1jwnv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.12.06 06:10:43 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Isi\AppData\Roaming\mozilla\Firefox\Profiles\ebc1jwnv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011.12.19 20:29:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Isi\AppData\Roaming\mozilla\Firefox\Profiles\ebc1jwnv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.27 08:04:02 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-1.xml
[2011.06.27 14:58:05 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-10.xml
[2011.05.06 10:10:29 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-11.xml
[2011.07.02 11:30:52 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-12.xml
[2011.08.01 23:58:54 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-13.xml
[2011.08.16 18:38:02 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-14.xml
[2011.08.24 14:52:55 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-15.xml
[2011.09.02 04:50:43 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-16.xml
[2011.09.15 16:24:49 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-17.xml
[2011.10.07 14:33:03 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-18.xml
[2011.10.14 08:44:07 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-19.xml
[2010.08.12 22:39:50 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-2.xml
[2011.11.11 16:21:38 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-20.xml
[2010.09.18 00:12:57 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-3.xml
[2010.10.21 07:06:50 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-4.xml
[2010.10.28 19:51:37 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-5.xml
[2010.12.11 22:05:45 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-6.xml
[2011.03.02 18:06:17 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-7.xml
[2011.03.04 23:04:14 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-8.xml
[2011.03.24 07:10:39 | 000,000,950 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin-9.xml
[2010.07.21 08:06:01 | 000,001,056 | ---- | M] () -- C:\Users\Isi\AppData\Roaming\Mozilla\Firefox\Profiles\ebc1jwnv.default\searchplugins\icqplugin.xml
[2011.11.15 16:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.23 06:03:37 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.07 19:26:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.07 19:26:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.07 19:26:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.07 19:26:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.07 19:26:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.07 19:26:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Programme\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKCU..\Run: [opera.exe] C:\Users\Isi\AppData\Roaming\Opera\Opera\opera.exe File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - Startup: C:\Users\Isi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CBE19F4-5EA4-431E-B673-FE3873B9E159}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5466FC9-958C-4DE5-8A7B-29F4BD5D4B1F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Isi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Isi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.28 11:32:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Isi\Desktop\OTL.exe
[2011.12.28 07:55:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Isi\Desktop\esetsmartinstaller_enu.exe
[2011.12.28 07:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.27 20:32:09 | 000,000,000 | ---D | C] -- C:\Users\Isi\AppData\Roaming\Malwarebytes
[2011.12.27 20:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.27 20:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.27 20:31:58 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.27 20:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.27 18:08:52 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Users\Isi\AppData\Roaming\dwlGina3.dll
[2011.12.26 15:37:38 | 000,000,000 | ---D | C] -- C:\Users\Isi\Documents\TomTom
[2011.12.26 15:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2011.12.26 15:37:16 | 000,000,000 | ---D | C] -- C:\Users\Isi\AppData\Roaming\TomTom
[2011.12.26 15:37:16 | 000,000,000 | ---D | C] -- C:\Users\Isi\AppData\Local\TomTom
[2011.12.26 15:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2011.12.26 15:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2011.12.26 15:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2
[2011.12.22 16:30:00 | 000,000,000 | ---D | C] -- C:\Users\Isi\AppData\Roaming\Opera
[2011.12.16 19:47:04 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.12.16 19:47:04 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.16 19:47:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.16 19:47:03 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.16 19:47:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.16 19:47:02 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.16 19:47:02 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.16 19:46:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.16 19:46:58 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.16 19:46:58 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.09 17:46:02 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011.12.09 17:45:22 | 000,000,000 | ---D | C] -- C:\Users\Isi\AppData\Roaming\HP
[2011.12.04 22:23:57 | 000,138,872 | ---- | C] (SlySoft, Inc.) -- C:\Windows\SysWow64\drivers\AnyDVD.sys
[2011.12.04 22:23:57 | 000,138,872 | ---- | C] (SlySoft, Inc.) -- C:\Windows\SysNative\drivers\AnyDVD.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.28 11:32:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Isi\Desktop\OTL.exe
[2011.12.28 11:18:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.28 07:55:41 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Isi\Desktop\esetsmartinstaller_enu.exe
[2011.12.27 22:21:01 | 000,010,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 22:21:01 | 000,010,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 22:13:19 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.27 20:32:02 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.27 18:08:52 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\Users\Isi\AppData\Roaming\dwlGina3.dll
[2011.12.27 11:43:53 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.27 11:43:53 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.27 11:43:53 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.27 11:43:53 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.27 11:43:53 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.25 17:40:34 | 000,116,603 | ---- | M] () -- C:\Users\Isi\Desktop\Dienstplan  2012-.pdf
[2011.12.25 17:40:26 | 000,224,956 | ---- | M] () -- C:\Users\Isi\Desktop\Löschgruppen 2012 .pdf
[2011.12.25 15:53:00 | 000,000,043 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011.12.18 19:11:19 | 000,067,792 | ---- | M] () -- C:\Users\Isi\Desktop\checkliste.pdf
[2011.12.16 20:28:16 | 000,354,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.10 09:05:03 | 000,053,912 | ---- | M] () -- C:\Users\Isi\Desktop\Leitende Arzthelferin pdf.pdf
[2011.12.10 09:03:51 | 000,023,758 | ---- | M] () -- C:\Users\Isi\Desktop\Prüfung Leitende Arzthelferin.odt
[2011.12.09 22:30:39 | 000,026,624 | ---- | M] () -- C:\Users\Isi\Desktop\Prüfung Leitende Arzthelferin Word.odt
[2011.12.08 13:00:02 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) -- C:\Windows\SysWow64\drivers\AnyDVD.sys
[2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) -- C:\Windows\SysNative\drivers\AnyDVD.sys
[2011.11.29 18:05:47 | 000,016,683 | ---- | M] () -- C:\Users\Isi\Documents\OpenDocument Text (neu).odt
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.27 20:32:02 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.25 17:40:34 | 000,116,603 | ---- | C] () -- C:\Users\Isi\Desktop\Dienstplan  2012-.pdf
[2011.12.25 17:40:24 | 000,224,956 | ---- | C] () -- C:\Users\Isi\Desktop\Löschgruppen 2012 .pdf
[2011.12.18 19:11:19 | 000,067,792 | ---- | C] () -- C:\Users\Isi\Desktop\checkliste.pdf
[2011.12.10 09:05:03 | 000,053,912 | ---- | C] () -- C:\Users\Isi\Desktop\Leitende Arzthelferin pdf.pdf
[2011.12.09 22:30:26 | 000,026,624 | ---- | C] () -- C:\Users\Isi\Desktop\Prüfung Leitende Arzthelferin Word.odt
[2011.12.04 13:14:41 | 000,023,758 | ---- | C] () -- C:\Users\Isi\Desktop\Prüfung Leitende Arzthelferin.odt
[2011.11.29 17:51:16 | 000,016,683 | ---- | C] () -- C:\Users\Isi\Documents\OpenDocument Text (neu).odt
[2011.01.27 13:12:37 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.02 11:53:10 | 000,004,608 | ---- | C] () -- C:\Users\Isi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.15 13:47:01 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.08.12 20:47:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.12.03 08:00:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.11.26 09:12:44 | 000,903,168 | ---- | C] () -- C:\Windows\SysWow64\mitmdl30.dll
[2009.11.26 09:12:44 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll
[2009.11.26 09:12:44 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll
[2009.11.26 09:12:44 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll
[2009.11.26 09:12:44 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll
[2009.11.26 09:12:44 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll
[2009.11.26 09:12:44 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll
[2009.11.26 09:12:44 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll
[2009.11.26 09:12:44 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll
[2009.11.26 09:12:44 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll
[2009.11.26 09:12:44 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll
[2009.11.26 09:12:44 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll
[2009.11.26 09:12:44 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll
[2009.11.26 09:12:44 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll
[2009.11.26 09:12:44 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll
[2009.08.17 11:47:11 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009.08.02 17:47:29 | 000,215,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009.08.02 17:47:27 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.08.02 17:47:25 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009.08.01 23:29:19 | 000,000,085 | -HS- | C] () -- C:\Users\Isi\AppData\Roaming\.zreglib
[2009.07.31 11:49:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.09.02 01:32:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2002.02.27 10:41:28 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2002.02.27 10:41:26 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2002.02.27 10:41:26 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll

< End of report >
         


Alt 28.12.2011, 12:22   #6
Chris4You
 
svcvvhost_win86 - GEMA Trojaner - Standard

svcvvhost_win86 - GEMA Trojaner



Hi,

sieht gut aus...

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [opera.exe] C:\Users\Isi\AppData\Roaming\Opera\Opera\opera.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2011.12.22 16:30:00 | 000,000,000 | ---D | C] -- C:\Users\Isi\AppData\Roaming\Opera

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Prüfen wir noch kurz auf tdss...
TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris
__________________
--> svcvvhost_win86 - GEMA Trojaner

Alt 28.12.2011, 12:40   #7
Tobi88
 
svcvvhost_win86 - GEMA Trojaner - Standard

svcvvhost_win86 - GEMA Trojaner



Hier noch die Fix-OTL-Datei
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\opera.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
C:\Users\Isi\AppData\Roaming\Opera\Opera folder moved successfully.
C:\Users\Isi\AppData\Roaming\Opera folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Isi
->Temp folder emptied: 345604496 bytes
->Temporary Internet Files folder emptied: 72018271 bytes
->Java cache emptied: 109738678 bytes
->FireFox cache emptied: 65313036 bytes
->Flash cache emptied: 276430 bytes
 
User: Miriam
->Temp folder emptied: 848068 bytes
->Temporary Internet Files folder emptied: 1061916 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 52559153 bytes
->Flash cache emptied: 2247 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2921984 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 172199579 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 785,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12282011_132635

Files\Folders moved on Reboot...
C:\Users\Isi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
Hier der TDSS-Killer Report
Code:
ATTFilter
13:33:13.0611 1008	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:33:14.0201 1008	============================================================
13:33:14.0201 1008	Current date / time: 2011/12/28 13:33:14.0201
13:33:14.0201 1008	SystemInfo:
13:33:14.0201 1008	
13:33:14.0201 1008	OS Version: 6.1.7601 ServicePack: 1.0
13:33:14.0201 1008	Product type: Workstation
13:33:14.0201 1008	ComputerName: ISI-PC
13:33:14.0201 1008	UserName: Isi
13:33:14.0201 1008	Windows directory: C:\Windows
13:33:14.0201 1008	System windows directory: C:\Windows
13:33:14.0201 1008	Running under WOW64
13:33:14.0201 1008	Processor architecture: Intel x64
13:33:14.0201 1008	Number of processors: 2
13:33:14.0201 1008	Page size: 0x1000
13:33:14.0201 1008	Boot type: Normal boot
13:33:14.0201 1008	============================================================
13:33:15.0092 1008	Initialize success
13:33:19.0382 4320	============================================================
13:33:19.0382 4320	Scan started
13:33:19.0382 4320	Mode: Manual; 
13:33:19.0382 4320	============================================================
13:33:20.0250 4320	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:33:20.0272 4320	1394ohci - ok
13:33:20.0444 4320	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:33:20.0449 4320	ACPI - ok
13:33:20.0617 4320	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:33:20.0627 4320	AcpiPmi - ok
13:33:20.0868 4320	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:33:20.0966 4320	adp94xx - ok
13:33:21.0135 4320	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:33:21.0148 4320	adpahci - ok
13:33:21.0347 4320	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:33:21.0383 4320	adpu320 - ok
13:33:21.0556 4320	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
13:33:21.0561 4320	AFD - ok
13:33:21.0636 4320	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:33:21.0643 4320	agp440 - ok
13:33:21.0812 4320	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:33:21.0817 4320	aliide - ok
13:33:21.0980 4320	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:33:21.0985 4320	amdide - ok
13:33:22.0141 4320	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:33:22.0150 4320	AmdK8 - ok
13:33:22.0179 4320	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:33:22.0185 4320	AmdPPM - ok
13:33:22.0322 4320	amdsata         (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
13:33:22.0331 4320	amdsata - ok
13:33:22.0484 4320	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:33:22.0506 4320	amdsbs - ok
13:33:22.0580 4320	amdxata         (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
13:33:22.0586 4320	amdxata - ok
13:33:22.0801 4320	AnyDVD          (7ce7d6019d0d73f9203ba4ff4ba35b6a) C:\Windows\system32\Drivers\AnyDVD.sys
13:33:22.0803 4320	AnyDVD - ok
13:33:22.0937 4320	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:33:22.0945 4320	AppID - ok
13:33:23.0109 4320	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:33:23.0119 4320	arc - ok
13:33:23.0280 4320	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:33:23.0289 4320	arcsas - ok
13:33:23.0475 4320	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:23.0476 4320	AsyncMac - ok
13:33:23.0632 4320	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:33:23.0638 4320	atapi - ok
13:33:23.0901 4320	atikmdag        (173f4c05f87085e9bda3f7037bc9f40e) C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:24.0028 4320	atikmdag - ok
13:33:24.0184 4320	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
13:33:24.0190 4320	avgntflt - ok
13:33:24.0340 4320	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
13:33:24.0350 4320	avipbb - ok
13:33:24.0483 4320	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:33:24.0489 4320	avkmgr - ok
13:33:24.0658 4320	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:33:24.0687 4320	b06bdrv - ok
13:33:24.0851 4320	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:33:24.0871 4320	b57nd60a - ok
13:33:25.0030 4320	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:33:25.0033 4320	Beep - ok
13:33:25.0197 4320	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:33:25.0201 4320	blbdrive - ok
13:33:25.0341 4320	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:33:25.0349 4320	bowser - ok
13:33:25.0495 4320	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:33:25.0500 4320	BrFiltLo - ok
13:33:25.0641 4320	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:33:25.0645 4320	BrFiltUp - ok
13:33:25.0793 4320	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:33:25.0820 4320	Brserid - ok
13:33:25.0966 4320	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:33:25.0973 4320	BrSerWdm - ok
13:33:26.0124 4320	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:33:26.0128 4320	BrUsbMdm - ok
13:33:26.0290 4320	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:33:26.0294 4320	BrUsbSer - ok
13:33:26.0450 4320	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:33:26.0456 4320	BTHMODEM - ok
13:33:26.0621 4320	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:33:26.0628 4320	cdfs - ok
13:33:26.0776 4320	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:33:26.0788 4320	cdrom - ok
13:33:26.0972 4320	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:33:26.0980 4320	circlass - ok
13:33:27.0122 4320	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:33:27.0128 4320	CLFS - ok
13:33:27.0306 4320	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:33:27.0310 4320	CmBatt - ok
13:33:27.0453 4320	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:33:27.0459 4320	cmdide - ok
13:33:27.0617 4320	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
13:33:27.0650 4320	CNG - ok
13:33:27.0810 4320	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:33:27.0817 4320	Compbatt - ok
13:33:27.0954 4320	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:33:27.0962 4320	CompositeBus - ok
13:33:28.0110 4320	CprDrvr         (911a8f4f806ffb474a8b3713f5811477) C:\Windows\system32\DRIVERS\CprDrvr.sys
13:33:28.0121 4320	CprDrvr - ok
13:33:28.0262 4320	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:33:28.0266 4320	crcdisk - ok
13:33:28.0419 4320	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:33:28.0428 4320	DfsC - ok
13:33:28.0584 4320	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:33:28.0585 4320	discache - ok
13:33:28.0744 4320	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:33:28.0752 4320	Disk - ok
13:33:28.0908 4320	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:33:28.0912 4320	drmkaud - ok
13:33:29.0065 4320	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:33:29.0083 4320	DXGKrnl - ok
13:33:29.0293 4320	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:33:29.0407 4320	ebdrv - ok
13:33:29.0565 4320	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:33:29.0566 4320	ElbyCDIO - ok
13:33:29.0710 4320	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:33:29.0738 4320	elxstor - ok
13:33:29.0876 4320	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:33:29.0881 4320	ErrDev - ok
13:33:30.0142 4320	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:33:30.0164 4320	exfat - ok
13:33:30.0294 4320	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:33:30.0325 4320	fastfat - ok
13:33:30.0489 4320	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:33:30.0495 4320	fdc - ok
13:33:30.0651 4320	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:33:30.0659 4320	FileInfo - ok
13:33:30.0690 4320	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:33:30.0696 4320	Filetrace - ok
13:33:30.0844 4320	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:33:30.0850 4320	flpydisk - ok
13:33:31.0010 4320	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:33:31.0031 4320	FltMgr - ok
13:33:31.0175 4320	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:33:31.0183 4320	FsDepends - ok
13:33:31.0219 4320	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:33:31.0225 4320	Fs_Rec - ok
13:33:31.0381 4320	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:33:31.0384 4320	fvevol - ok
13:33:31.0537 4320	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:33:31.0545 4320	gagp30kx - ok
13:33:31.0705 4320	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:33:31.0713 4320	hcw85cir - ok
13:33:31.0856 4320	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:33:31.0858 4320	HDAudBus - ok
13:33:31.0954 4320	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:33:31.0959 4320	HidBatt - ok
13:33:32.0020 4320	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:33:32.0027 4320	HidBth - ok
13:33:32.0118 4320	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:33:32.0125 4320	HidIr - ok
13:33:32.0222 4320	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
13:33:32.0228 4320	HidUsb - ok
13:33:32.0331 4320	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:33:32.0340 4320	HpSAMD - ok
13:33:32.0435 4320	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:33:32.0458 4320	HTTP - ok
13:33:32.0598 4320	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:33:32.0599 4320	hwpolicy - ok
13:33:32.0757 4320	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:33:32.0767 4320	i8042prt - ok
13:33:32.0910 4320	iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
13:33:32.0914 4320	iaStor - ok
13:33:33.0061 4320	iaStorV         (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
13:33:33.0093 4320	iaStorV - ok
13:33:33.0258 4320	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:33:33.0265 4320	iirsp - ok
13:33:33.0466 4320	IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
13:33:33.0494 4320	IntcAzAudAddService - ok
13:33:33.0535 4320	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:33:33.0539 4320	intelide - ok
13:33:33.0688 4320	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:33:33.0690 4320	intelppm - ok
13:33:33.0751 4320	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:33.0762 4320	IpFilterDriver - ok
13:33:33.0888 4320	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:33:33.0894 4320	IPMIDRV - ok
13:33:33.0978 4320	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:33:33.0988 4320	IPNAT - ok
13:33:34.0149 4320	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:33:34.0153 4320	IRENUM - ok
13:33:34.0293 4320	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:33:34.0300 4320	isapnp - ok
13:33:34.0439 4320	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:33:34.0458 4320	iScsiPrt - ok
13:33:34.0613 4320	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:33:34.0619 4320	kbdclass - ok
13:33:34.0765 4320	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:33:34.0771 4320	kbdhid - ok
13:33:34.0938 4320	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
13:33:34.0947 4320	KSecDD - ok
13:33:35.0094 4320	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
13:33:35.0105 4320	KSecPkg - ok
13:33:35.0259 4320	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:33:35.0264 4320	ksthunk - ok
13:33:35.0447 4320	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:33:35.0454 4320	lltdio - ok
13:33:35.0602 4320	LPCFilter       (41e122f6d1448c94cc05196bc41d6bfb) C:\Windows\system32\DRIVERS\LPCFilter.sys
13:33:35.0608 4320	LPCFilter - ok
13:33:35.0772 4320	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:33:35.0782 4320	LSI_FC - ok
13:33:35.0939 4320	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:33:35.0948 4320	LSI_SAS - ok
13:33:36.0102 4320	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:33:36.0111 4320	LSI_SAS2 - ok
13:33:36.0274 4320	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:33:36.0284 4320	LSI_SCSI - ok
13:33:36.0451 4320	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:33:36.0461 4320	luafv - ok
13:33:36.0602 4320	MBAMProtector   (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
13:33:36.0608 4320	MBAMProtector - ok
13:33:36.0759 4320	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:33:36.0766 4320	megasas - ok
13:33:36.0925 4320	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:33:36.0948 4320	MegaSR - ok
13:33:37.0118 4320	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:33:37.0124 4320	Modem - ok
13:33:37.0281 4320	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:33:37.0282 4320	monitor - ok
13:33:37.0420 4320	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:33:37.0427 4320	mouclass - ok
13:33:37.0589 4320	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:33:37.0595 4320	mouhid - ok
13:33:37.0727 4320	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:33:37.0729 4320	mountmgr - ok
13:33:37.0861 4320	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:33:37.0874 4320	mpio - ok
13:33:38.0012 4320	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:33:38.0019 4320	mpsdrv - ok
13:33:38.0165 4320	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:33:38.0175 4320	MRxDAV - ok
13:33:38.0307 4320	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:38.0318 4320	mrxsmb - ok
13:33:38.0444 4320	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:38.0457 4320	mrxsmb10 - ok
13:33:38.0589 4320	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:38.0598 4320	mrxsmb20 - ok
13:33:38.0742 4320	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:33:38.0748 4320	msahci - ok
13:33:38.0892 4320	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:33:38.0903 4320	msdsm - ok
13:33:39.0065 4320	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:33:39.0071 4320	Msfs - ok
13:33:39.0210 4320	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:33:39.0214 4320	mshidkmdf - ok
13:33:39.0343 4320	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:33:39.0348 4320	msisadrv - ok
13:33:39.0519 4320	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:33:39.0524 4320	MSKSSRV - ok
13:33:39.0683 4320	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:39.0687 4320	MSPCLOCK - ok
13:33:39.0839 4320	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:33:39.0853 4320	MSPQM - ok
13:33:40.0003 4320	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:33:40.0026 4320	MsRPC - ok
13:33:40.0153 4320	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:33:40.0154 4320	mssmbios - ok
13:33:40.0303 4320	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:33:40.0308 4320	MSTEE - ok
13:33:40.0462 4320	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:33:40.0467 4320	MTConfig - ok
13:33:40.0610 4320	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:33:40.0617 4320	Mup - ok
13:33:40.0782 4320	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:33:40.0804 4320	NativeWifiP - ok
13:33:40.0966 4320	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:33:40.0987 4320	NDIS - ok
13:33:41.0152 4320	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:33:41.0158 4320	NdisCap - ok
13:33:41.0319 4320	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:41.0324 4320	NdisTapi - ok
13:33:41.0494 4320	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:41.0501 4320	Ndisuio - ok
13:33:41.0653 4320	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:41.0664 4320	NdisWan - ok
13:33:41.0797 4320	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:33:41.0804 4320	NDProxy - ok
13:33:41.0987 4320	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:33:41.0993 4320	NetBIOS - ok
13:33:42.0230 4320	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:33:42.0233 4320	NetBT - ok
13:33:42.0562 4320	NETw5s64        (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
13:33:42.0747 4320	NETw5s64 - ok
13:33:43.0010 4320	netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
13:33:43.0152 4320	netw5v64 - ok
13:33:43.0304 4320	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:33:43.0312 4320	nfrd960 - ok
13:33:43.0476 4320	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:33:43.0483 4320	Npfs - ok
13:33:43.0632 4320	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:33:43.0633 4320	nsiproxy - ok
13:33:43.0763 4320	Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
13:33:43.0828 4320	Ntfs - ok
13:33:43.0966 4320	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:33:43.0969 4320	Null - ok
13:33:44.0117 4320	nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
13:33:44.0127 4320	nvraid - ok
13:33:44.0266 4320	nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
13:33:44.0277 4320	nvstor - ok
13:33:44.0424 4320	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:33:44.0435 4320	nv_agp - ok
13:33:44.0571 4320	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:33:44.0580 4320	ohci1394 - ok
13:33:44.0742 4320	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:33:44.0751 4320	Parport - ok
13:33:44.0967 4320	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:33:44.0976 4320	partmgr - ok
13:33:45.0106 4320	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:33:45.0108 4320	pci - ok
13:33:45.0154 4320	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:33:45.0160 4320	pciide - ok
13:33:45.0275 4320	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:33:45.0289 4320	pcmcia - ok
13:33:45.0322 4320	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:33:45.0328 4320	pcw - ok
13:33:45.0455 4320	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:33:45.0485 4320	PEAUTH - ok
13:33:45.0647 4320	PGEffect        (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
13:33:45.0653 4320	PGEffect - ok
13:33:45.0742 4320	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:33:45.0752 4320	PptpMiniport - ok
13:33:45.0920 4320	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:33:45.0929 4320	Processor - ok
13:33:46.0067 4320	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:33:46.0069 4320	Psched - ok
13:33:46.0216 4320	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:33:46.0276 4320	ql2300 - ok
13:33:46.0396 4320	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:33:46.0408 4320	ql40xx - ok
13:33:46.0523 4320	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:33:46.0530 4320	QWAVEdrv - ok
13:33:46.0613 4320	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:33:46.0617 4320	RasAcd - ok
13:33:46.0735 4320	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:33:46.0742 4320	RasAgileVpn - ok
13:33:46.0863 4320	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:46.0873 4320	Rasl2tp - ok
13:33:47.0019 4320	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:47.0028 4320	RasPppoe - ok
13:33:47.0150 4320	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:33:47.0158 4320	RasSstp - ok
13:33:47.0277 4320	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:33:47.0295 4320	rdbss - ok
13:33:47.0414 4320	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:33:47.0419 4320	rdpbus - ok
13:33:47.0503 4320	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:47.0504 4320	RDPCDD - ok
13:33:47.0631 4320	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:33:47.0633 4320	RDPENCDD - ok
13:33:47.0745 4320	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:33:47.0746 4320	RDPREFMP - ok
13:33:47.0859 4320	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:33:47.0880 4320	RDPWD - ok
13:33:48.0022 4320	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:33:48.0045 4320	rdyboost - ok
13:33:48.0227 4320	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:33:48.0234 4320	rspndr - ok
13:33:48.0400 4320	RSUSBSTOR       (8c22f21c924413d4e109995f748e18bb) C:\Windows\system32\Drivers\RtsUStor.sys
13:33:48.0422 4320	RSUSBSTOR - ok
13:33:48.0575 4320	RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys
13:33:48.0585 4320	RTHDMIAzAudService - ok
13:33:48.0720 4320	RTL8167         (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:33:48.0731 4320	RTL8167 - ok
13:33:48.0897 4320	RTL8169         (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
13:33:48.0908 4320	RTL8169 - ok
13:33:49.0035 4320	RtsUIR - ok
13:33:49.0146 4320	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:33:49.0155 4320	sbp2port - ok
13:33:49.0264 4320	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:33:49.0270 4320	scfilter - ok
13:33:49.0451 4320	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:33:49.0456 4320	secdrv - ok
13:33:49.0618 4320	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:33:49.0623 4320	Serenum - ok
13:33:49.0783 4320	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:33:49.0792 4320	Serial - ok
13:33:49.0926 4320	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:33:49.0932 4320	sermouse - ok
13:33:50.0085 4320	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:33:50.0090 4320	sffdisk - ok
13:33:50.0178 4320	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:33:50.0184 4320	sffp_mmc - ok
13:33:50.0312 4320	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:33:50.0317 4320	sffp_sd - ok
13:33:50.0465 4320	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:33:50.0471 4320	sfloppy - ok
13:33:50.0627 4320	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:33:50.0635 4320	SiSRaid2 - ok
13:33:50.0786 4320	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:33:50.0794 4320	SiSRaid4 - ok
13:33:51.0059 4320	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:33:51.0067 4320	Smb - ok
13:33:51.0235 4320	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:33:51.0240 4320	spldr - ok
13:33:51.0354 4320	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:33:51.0374 4320	srv - ok
13:33:51.0483 4320	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:33:51.0507 4320	srv2 - ok
13:33:51.0643 4320	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:33:51.0654 4320	srvnet - ok
13:33:51.0819 4320	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:33:51.0825 4320	stexstor - ok
13:33:52.0000 4320	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:33:52.0005 4320	swenum - ok
13:33:52.0203 4320	SynTP           (ea7043973d9305235e7b68ac0c6ec889) C:\Windows\system32\DRIVERS\SynTP.sys
13:33:52.0212 4320	SynTP - ok
13:33:52.0428 4320	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:33:52.0506 4320	Tcpip - ok
13:33:52.0707 4320	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:33:52.0723 4320	TCPIP6 - ok
13:33:52.0779 4320	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:33:52.0785 4320	tcpipreg - ok
13:33:52.0932 4320	tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
13:33:52.0937 4320	tdcmdpst - ok
13:33:53.0086 4320	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:33:53.0091 4320	TDPIPE - ok
13:33:53.0127 4320	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:33:53.0133 4320	TDTCP - ok
13:33:53.0310 4320	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:33:53.0318 4320	tdx - ok
13:33:53.0454 4320	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:33:53.0461 4320	TermDD - ok
13:33:53.0657 4320	tos_sps64       (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
13:33:53.0679 4320	tos_sps64 - ok
13:33:53.0811 4320	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:53.0818 4320	tssecsrv - ok
13:33:53.0923 4320	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:33:53.0932 4320	TsUsbFlt - ok
13:33:54.0097 4320	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:33:54.0107 4320	tunnel - ok
13:33:54.0251 4320	TVALZ           (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:33:54.0257 4320	TVALZ - ok
13:33:54.0305 4320	TVALZFL         (be32a8658a0b56474ad4d0bb8afa8e55) C:\Windows\system32\DRIVERS\TVALZFL.sys
13:33:54.0310 4320	TVALZFL - ok
13:33:54.0450 4320	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:33:54.0458 4320	uagp35 - ok
13:33:54.0526 4320	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:33:54.0542 4320	udfs - ok
13:33:54.0687 4320	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:33:54.0695 4320	uliagpkx - ok
13:33:54.0744 4320	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:33:54.0752 4320	umbus - ok
13:33:54.0899 4320	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:33:54.0904 4320	UmPass - ok
13:33:55.0040 4320	usbccgp         (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
13:33:55.0049 4320	usbccgp - ok
13:33:55.0171 4320	USBCCID - ok
13:33:55.0235 4320	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:33:55.0247 4320	usbcir - ok
13:33:55.0378 4320	usbehci         (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
13:33:55.0385 4320	usbehci - ok
13:33:55.0533 4320	usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
13:33:55.0557 4320	usbhub - ok
13:33:55.0695 4320	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
13:33:55.0701 4320	usbohci - ok
13:33:55.0772 4320	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:33:55.0778 4320	usbprint - ok
13:33:55.0877 4320	USBSTOR         (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:55.0886 4320	USBSTOR - ok
13:33:55.0943 4320	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
13:33:55.0949 4320	usbuhci - ok
13:33:56.0062 4320	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:33:56.0073 4320	usbvideo - ok
13:33:56.0227 4320	VBoxNetAdp      (48b196c4f368d0c1aec103ed6425d959) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
13:33:56.0240 4320	VBoxNetAdp - ok
13:33:56.0362 4320	VBoxNetFlt - ok
13:33:56.0413 4320	VBoxUSB         (21ae7d5965f2dcabb4bb2b6c97774d11) C:\Windows\system32\Drivers\VBoxUSB.sys
13:33:56.0420 4320	VBoxUSB - ok
13:33:56.0557 4320	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:33:56.0564 4320	vdrvroot - ok
13:33:56.0729 4320	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:56.0735 4320	vga - ok
13:33:56.0823 4320	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:33:56.0829 4320	VgaSave - ok
13:33:56.0928 4320	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:33:56.0943 4320	vhdmp - ok
13:33:57.0070 4320	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:33:57.0076 4320	viaide - ok
13:33:57.0114 4320	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:33:57.0122 4320	volmgr - ok
13:33:57.0281 4320	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:33:57.0286 4320	volmgrx - ok
13:33:57.0344 4320	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:33:57.0358 4320	volsnap - ok
13:33:57.0507 4320	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:33:57.0519 4320	vsmraid - ok
13:33:57.0554 4320	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:33:57.0559 4320	vwifibus - ok
13:33:57.0719 4320	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:33:57.0727 4320	vwififlt - ok
13:33:57.0772 4320	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:33:57.0778 4320	WacomPen - ok
13:33:57.0937 4320	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:57.0946 4320	WANARP - ok
13:33:57.0960 4320	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:57.0962 4320	Wanarpv6 - ok
13:33:58.0122 4320	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:33:58.0129 4320	Wd - ok
13:33:58.0174 4320	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:33:58.0208 4320	Wdf01000 - ok
13:33:58.0389 4320	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:33:58.0393 4320	WfpLwf - ok
13:33:58.0543 4320	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:33:58.0549 4320	WIMMount - ok
13:33:58.0702 4320	WinDriver6      (4de7d61cf51f4c8261d119cfbdb70243) C:\Windows\system32\drivers\windrvr6.sys
13:33:58.0725 4320	WinDriver6 - ok
13:33:58.0898 4320	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:33:58.0903 4320	WmiAcpi - ok
13:33:59.0081 4320	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:59.0086 4320	ws2ifsl - ok
13:33:59.0248 4320	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:33:59.0257 4320	WudfPf - ok
13:33:59.0418 4320	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:59.0428 4320	WUDFRd - ok
13:33:59.0464 4320	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:33:59.0533 4320	\Device\Harddisk0\DR0 - ok
13:33:59.0538 4320	Boot (0x1200)   (4a7303af2ab30d77dcd56c516a51668c) \Device\Harddisk0\DR0\Partition0
13:33:59.0545 4320	\Device\Harddisk0\DR0\Partition0 - ok
13:33:59.0566 4320	Boot (0x1200)   (a727e6f2c5e13aa2cf74ecd750305463) \Device\Harddisk0\DR0\Partition1
13:33:59.0567 4320	\Device\Harddisk0\DR0\Partition1 - ok
13:33:59.0568 4320	============================================================
13:33:59.0568 4320	Scan finished
13:33:59.0568 4320	============================================================
13:33:59.0583 5052	Detected object count: 0
13:33:59.0583 5052	Actual detected object count: 0
         
Was bedeutet das nun für mich?

Alt 28.12.2011, 12:57   #8
Chris4You
 
svcvvhost_win86 - GEMA Trojaner - Standard

svcvvhost_win86 - GEMA Trojaner



Hi,

das wenn sich der Rechner normal verhält, wir durch sind...
Zukünftig zum Surfen ein eingschränktes Benutzerkonto (Gast) mit Firefox und den PlugIns WOT und NoScript benutzen...

Auf dem Rechner liegt noch ein Verzeichnis C:\_OTL,das kannst Du löschen...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 28.12.2011, 14:22   #9
Tobi88
 
svcvvhost_win86 - GEMA Trojaner - Standard

svcvvhost_win86 - GEMA Trojaner



Vielen Dank Chris!

Du hast mir super weitergeholfen! Jetzt kann ich wieder beruhigt schlafen!

Antwort

Themen zu svcvvhost_win86 - GEMA Trojaner
antivir, appdata, benutzerkonto, cache, code, downloader, escan, eset, gen, infizierte, java, log-datei, malwarebytes, online, onlinescan, programm, rechner, scan, scanner, temp, trojane, trojaner, trojaner eingefangen, variant, version, win, windows, windows 7



Ähnliche Themen: svcvvhost_win86 - GEMA Trojaner


  1. Gema-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (30)
  2. GEMA-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (5)
  3. Gema Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (1)
  4. GEMA-Trojaner..
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (43)
  5. Gema trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (4)
  6. Gema Trojaner
    Log-Analyse und Auswertung - 09.04.2012 (27)
  7. BKA Trojaner und GEMA Trojaner haben mein System infiziert!
    Log-Analyse und Auswertung - 23.03.2012 (4)
  8. Gema-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (13)
  9. Gema Trojaner
    Log-Analyse und Auswertung - 20.03.2012 (3)
  10. Gema Trojaner
    Mülltonne - 20.03.2012 (2)
  11. GEMA-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.03.2012 (8)
  12. Gema.exe Trojaner
    Log-Analyse und Auswertung - 09.03.2012 (22)
  13. GEMA Trojaner aus Link in E-Mail erworben;Bildschirm zeigt "PC ist gesperrt" an "lt.Gema"
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (7)
  14. Gema Trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.02.2012 (20)
  15. Gema-Trojaner bzw. Gema Meldung mit blockiertem Rechner
    Log-Analyse und Auswertung - 09.01.2012 (13)
  16. Gema-Trojaner bzw. Gema Meldung mit blockiertem Rechner
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (9)
  17. Gema Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.11.2011 (4)

Zum Thema svcvvhost_win86 - GEMA Trojaner - Ich habe mir gestern einen Trojaner eingefangen, der mit einer GEMA-Warnung mein Windows 7 blockiert. Habe mich bereits in das Thema ein wenig einlesen können, dank eures Forums. Allerdings kenn - svcvvhost_win86 - GEMA Trojaner...
Archiv
Du betrachtest: svcvvhost_win86 - GEMA Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.