Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 06.11.2012, 09:54   #1
dermarci
 
GVU Trojaner - Standard

GVU Trojaner



Hi,

auch meine Freundin hats erwischt... bzw. besser gesagt: Uns hat es auf ihrem Rechner erwischt.

Ohne viel Worte hier die Logs.

Nur eins: Toll, dass ihr das hier macht! Und vielen Dank vorab.



Malwarebytes Anti-Malware :

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.05.08

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19088
Jana V**** :: JANAV****-PC [Administrator]

06.11.2012 08:24:08
mbam-log-2012-11-06 (08-24-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 468640
Laufzeit: 1 Stunde(n), 17 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 16
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-2.1 (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\Jana V****\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 22
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\Downloads\etypesetup(1).exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\Downloads\etypesetup(2).exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\Downloads\etypesetup(3).exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\Downloads\etypesetup.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\ffmpeg.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


OTL Logfile: OTL.txt

OTL logfile created on: 06.11.2012 10:29:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jana V****\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,56% Memory free
6,19 Gb Paging File | 5,44 Gb Available in Paging File | 87,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 10,66 Gb Free Space | 9,17% Space Free | Partition Type: NTFS
Drive D: | 115,13 Gb Total Space | 49,56 Gb Free Space | 43,05% Space Free | Partition Type: NTFS
Drive E: | 702,31 Mb Total Space | 473,79 Mb Free Space | 67,46% Space Free | Partition Type: UDF

Computer Name: JANAV****-PC | User Name: Jana V**** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jana V****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (TemproMonitoringService) -- C:\Programme\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TNaviSrv) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (ConfigFree Service) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - ([verify-U]) -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (PSI_SVC_2) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Tosrfcom) -- File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- system32\DRIVERS\igdkmd32.sys File not found
DRV - (AVGIDSShim) -- system32\DRIVERS\AVGIDSShim.Sys File not found
DRV - (tsqefbo) -- C:\Windows\System32\drivers\fgkmd.sys ()
DRV - (ekeb) -- C:\Windows\System32\drivers\vcyfay.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - ([verify-U]_System) -- C:\Windows\System32\drivers\[verify-U]-driver.sys (Cybits AG)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (k750bus) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{7515A761-EBC1-4037-823F-F530FC66AB2E}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
IE - HKLM\..\SearchScopes\{FE97B0D6-DB99-4875-ADE9-F6044C5FE48E}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes\{7515A761-EBC1-4037-823F-F530FC66AB2E}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=d7dba750-fcac-11e0-8430-d6326b2b6edb&q={searchTerms}
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes\{AD122216-D7D9-4718-9345-C20BE63F5DD5}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes\{FE97B0D6-DB99-4875-ADE9-F6044C5FE48E}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Suche"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: software@loadtubes.com:1.01
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.3.55472
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: RAWThumbnailViewer@arcsoft.com.cn:2.0.0.11
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: plugin@loadtubes.com:1.03
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Jana V****\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Jana V****\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2009.08.16 22:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2009.08.16 22:39:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.29 17:54:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.01 19:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.06 02:11:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.06 10:13:25 | 000,000,000 | ---D | M]

[2011.08.21 17:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Extensions
[2012.11.06 02:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions
[2010.09.19 19:08:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.17 19:05:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.06.05 16:10:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.11.06 02:11:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.09 09:13:47 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\engine@conduit.com
[2010.04.11 16:10:33 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\firefox@tvunetworks.com
[2012.02.13 09:49:47 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\piclens@cooliris.com
[2011.09.14 18:53:00 | 000,000,000 | ---D | M] (x-plugin-0) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\plugin@loadtubes.com
[2011.08.06 16:46:19 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\plugin@yontoo.com
[2012.03.25 17:46:55 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\software@loadtubes.com
[2010.10.20 15:58:32 | 000,000,681 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\ask.xml
[2010.06.05 16:11:02 | 000,000,873 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\conduit.xml
[2012.11.05 19:20:28 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-1.xml
[2011.05.15 17:25:57 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-10.xml
[2011.08.14 12:42:40 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-11.xml
[2011.09.16 13:42:47 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-12.xml
[2009.09.18 15:49:29 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-2.xml
[2009.11.18 14:15:04 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-3.xml
[2010.01.05 01:49:49 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-4.xml
[2010.01.24 16:07:44 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-5.xml
[2010.02.21 19:41:11 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-6.xml
[2010.04.07 20:38:44 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-7.xml
[2010.09.21 18:56:35 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-8.xml
[2011.02.26 11:27:23 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-9.xml
[2009.08.09 13:31:28 | 000,000,944 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin.xml
[2011.08.08 20:47:35 | 000,002,501 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\SearchResults.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\startsear.xml
[2011.08.21 17:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.06 02:11:37 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012.06.20 13:03:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.06 02:11:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.20 13:03:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 13:03:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.08 20:47:35 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011.09.14 18:53:00 | 000,000,139 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Suche.src
[2012.06.20 13:03:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 13:03:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Programme\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Programme\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (xplugin) - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - C:\Users\Jana V****\AppData\Roaming\xplugin\toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Programme\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Programme\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000..\Run: [EPSON Stylus D92 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000..\Run: [ryatz.exe] "C:\Users\Jana V****\AppData\Roaming\Asevif\ryatz.exe" File not found
O4 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Jana V****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Jana V****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jana V****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jana V****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[verify-U]-Software.lnk = C:\Programme\[verify-U] AVS\[verify-U]-Software.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: EXIF lesen - C:\Programme\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jana V****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {56924A80-972E-4238-9238-8CCEE7C6FB96} hxxp://www.bluvista.tv/files/DownloadManager.cab (DownloadManager Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229725829736&h=2c490d6d755b69bd3d7405bca9d87eab/&filename=jinstall-6u11-windows-i586-jc.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} hxxp://www.moviegroup.tv/activex/DownloadMgr.cab (InetDownload Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A4209AF-703A-448B-A9BB-9C1039E2D0D6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C567D44C-85C6-433A-A18A-2107F845DBD5}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D23A0871-EF18-495F-A442-7B708DB2CB51}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O24 - Desktop WallPaper: D:\Pictures\noten.jpg
O24 - Desktop BackupWallPaper: D:\Pictures\noten.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0227efd7-8f5d-11e0-9302-9ca7f6fb11e1}\Shell - "" = AutoRun
O33 - MountPoints2\{0227efd7-8f5d-11e0-9302-9ca7f6fb11e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{29c766c4-6a4a-11e0-b9e9-a50bdecef699}\Shell - "" = AutoRun
O33 - MountPoints2\{29c766c4-6a4a-11e0-b9e9-a50bdecef699}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{343a4502-7b60-11de-81ce-0016eabf2bae}\Shell - "" = Autorun
O33 - MountPoints2\{343a4502-7b60-11de-81ce-0016eabf2bae}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\resycled\boot.com e:
O33 - MountPoints2\{343a4502-7b60-11de-81ce-0016eabf2bae}\Shell\Open\command - "" = E:\resycled\boot.com e:
O33 - MountPoints2\{45596fb0-4ddd-11df-b697-ce25b43f3edd}\Shell - "" = AutoRun
O33 - MountPoints2\{45596fb0-4ddd-11df-b697-ce25b43f3edd}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{a90b61c9-944b-11dd-b8f9-0016eabf2bae}\Shell\AutoRun\command - "" = E:\tools\asuite\asuite.exe
O33 - MountPoints2\{c4bb57eb-5a25-11e0-bf7a-8a554d470899}\Shell - "" = AutoRun
O33 - MountPoints2\{c4bb57eb-5a25-11e0-bf7a-8a554d470899}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c4bb57f9-5a25-11e0-bf7a-c0d32bf71e5f}\Shell - "" = AutoRun
O33 - MountPoints2\{c4bb57f9-5a25-11e0-bf7a-c0d32bf71e5f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fa2e9352-fd29-11de-adac-001e3356c3ab}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.06 10:14:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jana V****\Desktop\OTL.exe
[2012.11.06 02:24:53 | 000,000,000 | ---D | C] -- C:\Users\Jana V****\AppData\Roaming\Malwarebytes
[2012.11.06 02:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.06 02:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.06 02:22:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.06 02:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.06 10:21:09 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fgkmd.sys
[2012.11.06 10:14:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jana V****\Desktop\OTL.exe
[2012.11.06 08:21:11 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\vcyfay.sys
[2012.11.06 02:37:04 | 000,001,356 | ---- | M] () -- C:\Users\Jana V****\AppData\Local\d3d9caps.dat
[2012.11.06 02:22:41 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.06 02:08:13 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.06 02:08:13 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.06 02:08:13 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.06 02:08:13 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.06 02:03:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.06 02:00:44 | 000,002,473 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2012.11.06 01:59:02 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Jana V****.job
[2012.11.06 01:59:02 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.11.06 01:58:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.06 01:58:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.06 01:41:16 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.05 22:01:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.04 18:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012.11.03 16:48:01 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Jana V****.job
[2012.10.27 21:46:01 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Jana V****.job
[2012.10.21 16:40:05 | 000,000,280 | ---- | M] () -- C:\Daten (D) - Verknüpfung.lnk
[2012.10.21 11:53:21 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.06 10:21:09 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\fgkmd.sys
[2012.11.06 08:21:11 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\vcyfay.sys
[2012.11.06 02:22:41 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.05 19:49:45 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.21 16:40:05 | 000,000,280 | ---- | C] () -- C:\Daten (D) - Verknüpfung.lnk
[2012.10.09 21:40:01 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Jana V****.job
[2012.10.09 21:40:00 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Jana V****.job
[2012.10.09 21:40:00 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Jana V****.job
[2012.04.01 11:05:29 | 000,000,122 | ---- | C] () -- C:\Windows\kaillera.ini
[2012.03.01 22:07:12 | 000,001,449 | ---- | C] () -- C:\Users\Jana V****\.recently-used.xbel
[2011.10.01 17:58:55 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.01.12 19:57:24 | 001,169,408 | ---- | C] () -- C:\Windows\System32\sdclt.exe
[2010.12.14 17:40:13 | 000,303,104 | ---- | C] () -- C:\Windows\Uninstall_tkexe.exe
[2009.05.04 16:49:29 | 000,001,356 | ---- | C] () -- C:\Users\Jana V****\AppData\Local\d3d9caps.dat
[2009.02.02 02:17:59 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2009.02.02 02:17:56 | 000,000,016 | -H-- | C] () -- C:\Users\Jana V****\AppData\Roaming\mxfilerelatedcache.mxc2
[2009.02.02 02:17:56 | 000,000,016 | -H-- | C] () -- C:\Users\Jana V****\AppData\Local\mxfilerelatedcache.mxc2
[2009.02.02 02:17:49 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2
[2009.01.12 20:03:12 | 000,000,016 | -H-- | C] () -- C:\Users\Jana V****\mxfilerelatedcache.mxc2
[2008.10.04 17:52:19 | 000,024,576 | ---- | C] () -- C:\Users\Jana V****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:5CB1E0D3

< End of report >


OTL Logfile: Extras.txt

OTL Extras logfile created on: 06.11.2012 10:29:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jana V****\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,56% Memory free
6,19 Gb Paging File | 5,44 Gb Available in Paging File | 87,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 10,66 Gb Free Space | 9,17% Space Free | Partition Type: NTFS
Drive D: | 115,13 Gb Total Space | 49,56 Gb Free Space | 43,05% Space Free | Partition Type: NTFS
Drive E: | 702,31 Mb Total Space | 473,79 Mb Free Space | 67,46% Space Free | Partition Type: UDF

Computer Name: JANAV****-PC | User Name: Jana V**** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25A22CCD-7903-43C8-800E-ECBAE2FF52DA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{25C2CC8F-4270-4CD3-B191-A00807422A55}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A067DEA-4EB2-4896-A655-11231979FE22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2CAF4512-3CFD-463C-B0C5-94246BB827B6}" = lport=139 | protocol=6 | dir=in | app=system |
"{417330FC-CA32-454C-BE26-CE518D5B794C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{427E24E1-239E-4234-AECA-DEBED8DB5AA5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EE75566-636A-4726-9A3F-2C65EEDD63B1}" = lport=445 | protocol=6 | dir=in | app=system |
"{605AC34D-577C-41F2-8CB6-C2194472EB0E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{63D8D677-F8AE-4BE7-894B-4B95753B6057}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6AD1A50A-CF8B-4DDC-BCF1-FFB719FFCE4F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{72457326-0BA8-4616-824F-FE7A5EF12E14}" = lport=138 | protocol=17 | dir=in | app=system |
"{735592D7-704F-4AEC-A4C4-B6892BA0FB06}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{749F1F8D-50B7-4AED-B02D-79AE0BFCC87C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{756868E9-5A10-4782-9481-A202D17CE21B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7B82A8F0-E89C-4F18-997A-22D10230443C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7E536F2F-1235-44E5-8542-BD2EDBC22AFB}" = rport=445 | protocol=6 | dir=out | app=system |
"{8C7C464F-2339-4ED5-9592-C86D14A01B69}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8EC15725-BC74-490F-B909-643B2BCF94EF}" = rport=139 | protocol=6 | dir=out | app=system |
"{9779B4B5-664F-498A-A0E2-8BD63296FF31}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D5788EF-CE24-4BF3-A6E9-2916C1B38998}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A24BF24B-5DDD-40C9-B667-EE32CB49E54B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB6D6B9C-9C05-4642-ACA8-67758AF2C798}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{ACF780DC-7A3D-4D0F-A0E5-23A901E8EBBB}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AFE3280F-D688-425E-AE5D-8DCB3DE916D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF65B406-124A-44AB-A089-F885D359B482}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C034E3B2-DF64-4268-ABDB-F444DA1D333B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C34F8B33-9F9E-454C-B554-52BD483EDE04}" = lport=137 | protocol=17 | dir=in | app=system |
"{C44FCAA7-0C9F-4025-908D-FCB6AB7A241C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6823934-7902-4045-AE1E-20347B4FE75D}" = rport=137 | protocol=17 | dir=out | app=system |
"{CCA13673-5EF8-409F-81CA-8C876311D0DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFF3995F-A1C0-4E72-B871-BBC907E4078A}" = rport=138 | protocol=17 | dir=out | app=system |
"{E552F8F5-FCD5-488D-8D9C-821654A88970}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E8EF4055-395A-4FAE-A49D-730B3C3BB348}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EAB327C6-3DEB-4C8E-A813-C5C5032ADA3A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EF5C59C3-D0E9-4E2D-9FE9-4F933D54B796}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1195B5B-1366-4D89-B87C-C20EEC93D3B0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FCBE459D-A563-4181-B696-5C7CE595B69A}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06926675-E0D4-46FC-8D05-7C87D506007A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07140FE5-3785-4AC0-BB2E-7670D9DE48D7}" = protocol=17 | dir=in | app=d:\pes2011\pes2011.exe |
"{07C4E403-4497-4106-8582-D17E59CA5796}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{082613DD-A995-44D6-8A1F-523E953C89F7}" = protocol=6 | dir=out | app=system |
"{0905EA33-78FB-4B62-A78E-AAFF0C72FC33}" = protocol=6 | dir=in | app=c:\users\jana v****\appdata\roaming\dropbox\bin\dropbox.exe |
"{13DC4360-7676-4C9B-8B45-4220307B6937}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{189E4E5D-E91D-4A2C-BD73-9BD1BFE39A7B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{240BF754-C895-46CE-B3BE-5834128AE556}" = protocol=17 | dir=in | app=c:\users\jana v****\appdata\roaming\dropbox\bin\dropbox.exe |
"{2DB6F471-CF1F-4B9A-88BD-42476D04317F}" = protocol=6 | dir=in | app=d:\pes2011\pes2011.exe |
"{2E7821EB-5AD5-404C-807F-1093533CA071}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{3332007C-51AE-4714-BB95-2C1B0BAF42B6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{352236F3-DD10-424E-BC50-313E1464AF8D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{3C888747-0266-4A69-BB4E-4E9B59A8B1E9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3E756298-C0AB-4744-99A8-346B6E60AABB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{40426ADE-E35F-4780-8C1F-822902D8FF01}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{450D09EF-0B7A-413B-949D-EFD63C1DE4D5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{45456B7D-04C9-48F0-A3A8-0B71BB2FB6EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{478D7425-AF1A-41C7-9558-C2A3290FA179}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{5847D900-3A94-4C6A-B567-95F93FF40678}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{58D0140A-51B7-4780-853B-5F6C4828A81F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{59EB4EF0-A5DC-4B24-90B3-63C6A41838D6}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{5A15CEB1-C186-4A02-AE29-F82E644A7523}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67F71719-260C-4BE1-9E4C-F4CB2A29D720}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{692E3C18-C630-4AB2-8CE3-8C054EB481F0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{737787AE-F9CB-4842-B8A3-2984A0F5F7F6}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{73F743C7-39ED-4FFD-A09B-FD1A4629640C}" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"{74590B99-C6B8-4DF4-9961-AA7813CE8666}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{794F2F3B-498E-4078-AACA-03A53E4721EB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{7B22A6AA-3952-458F-A671-F965E866FC4C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7B94B983-EC2E-4216-B48D-70579B19A857}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8753F5EC-A790-415B-93E8-34C3D9D01CB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88D594B0-5C65-4B17-B944-4EBB7C15708E}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{8C13AC00-01A4-4F67-88F9-80449871FE29}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{96B0C8AD-0C0E-40A1-852E-105363786CA6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{9FC221F5-F5F7-4D98-B58B-F4CB28603DCC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A72C7E50-4D9B-4148-B9BC-147601B7E939}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A75F115D-3C88-4E0E-B40B-0FAAF388019D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{B2929A3C-ED38-43F1-A56D-AC8D6DF4AC1B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B5986490-1AE3-4E88-9E24-02B84E40BCEE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B8609E6E-0634-44EC-A91B-484DB40B8314}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B8EF9730-B418-4F6B-B5FF-CE565A921627}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{CD9ADB50-1DB5-4E84-BC6A-40F7070693BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D8B9EDB0-A426-42D9-8547-1F3AC006F23C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D8F956B0-4263-48E1-8C81-0C58FE49B92F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{D900B498-BEE8-4F01-9692-4505E763F381}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DBEE281E-2B95-4F77-835C-0FD0A8F7DA44}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{DD8EBEF1-2A12-45E1-AA5A-8BEAEFD2A290}" = protocol=17 | dir=in | app=d:\pes2011\pes2011.exe |
"{E0C4B5C8-29C8-4B61-BC2F-FC49AA7008DE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E56EE674-4A7D-4596-980E-7ADDE733C981}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E941416F-C384-4688-A511-C6221E85934F}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{ED1D94A0-B56B-47B7-908A-B147B6B4325F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF0C81B4-8AB9-4EB6-AF45-702D675E7F4E}" = protocol=6 | dir=in | app=d:\pes2011\pes2011.exe |
"{F49B47BC-A536-49DE-A441-55E28D833225}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F506BB2C-1469-4E86-9E3E-BDD42B862903}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{F6DCDFD6-A943-4631-BE37-D881029EDE4B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{F8A06BB8-0CEC-4346-AA84-BC1D86359E49}" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"{F9A9E2AA-1A88-480E-BAB6-F99CEE93C441}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA3AF529-DDA3-40CA-87DD-7FBDFBA72875}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{FB2A747B-FB2D-4EC5-8D1F-FFDBDF6BB13A}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"TCP Query User{0BFBA9C7-19F7-4CD1-82A2-64040AF14480}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{2A7ECDFF-824C-40FA-83CE-EAE115D4982C}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{2CD16A03-6657-4FCF-A162-B5CA297ECC9C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{446E841E-4BCA-4D24-AEF0-239F0681FACF}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{4A183F40-8E0A-4068-9115-C1B8A1F96CA0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{57A1BD1B-E271-4C97-9B46-2ECC6E2CA7D2}C:\program files\pinnacle\studio 12\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"TCP Query User{5967191A-4ACD-4A62-9D73-52CFF9326C53}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{71F509CB-E66E-4DCA-B2CC-65E8589EE5B1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7F37E39C-803F-452B-BD12-B35EA42A0E29}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8767C87A-7A19-414C-B4E0-5CAFF4115507}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{AED59A55-E6F5-4B07-BC66-70BB8098C73F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B120DCA5-9733-46D2-878F-49CEB7E96EA1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{ED296FFA-2471-46F8-AD6F-BA239CCCA667}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{EF857204-51DA-4E6B-81E2-A12CFD620FF4}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{F43DFF71-6BDD-4036-830E-876B435B33FF}C:\users\jana v****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jana v****\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F63FF47B-8DE8-492F-8602-56AEAD13F9AC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{272B8E39-C7C1-4850-9EBA-5732C805BC3A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{38D529A2-F347-46A4-BD39-2708530C92F7}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{3B0E9157-36A2-4B12-AFBF-5B57A317CBFC}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{42ECC34B-C6D3-418B-8FFA-5F7CC9A990BA}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{62218BAB-FF2F-4835-AC6B-B3637A19726B}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{627EE4BF-C083-4277-BE7D-9DE175903FD3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{799B3603-42EB-4F5C-A6DA-09DBF6FBE397}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9C18094F-7299-4ED7-8B24-D6E715DC956F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9F2E15FE-CE7B-432D-A5C9-9CDD23697D0D}C:\program files\pinnacle\studio 12\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"UDP Query User{A56E44E2-35B8-4A83-A9EC-436D75E9D8E9}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{B2C8067F-641B-4919-AB77-0B89DFDBEA51}C:\users\jana v****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jana v****\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D0AFB439-C54F-4BDA-A477-13A3677ED472}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D8023C01-1CA9-4E4B-B2E7-9A7C361DCAA2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EB34BCA0-4A7F-4001-AC15-5B5575321628}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{ED1140B9-B6AF-4B9B-8807-63C90BD485C1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{F6CD5965-CEDF-4CEA-9A56-D337D8648AFE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U] AVS" = [verify-U] AVS 2.1.9
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{0D8E81A5-B61C-4360-910C-A738FD1B220A}" = Toshiba TEMPRO
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13D0A392-F027-4A0A-AC76-B6F3109E1A35}_is1" = InstantMask 1.2
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}" = ArcSoft MediaImpression 2
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{363188E4-1A27-4DE6-BA48-823D2E205385}" = ArcSoft Scan-n-Stitch Deluxe
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.40
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Treiber
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64958DA4-79D3-43FD-AF06-720DAD044F9E}" = LEGO® Pirates of the Caribbean Das Videospiel
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{82FAC25D-D0E1-4D60-9268-F3DD958BF052}" = ArcSoft RAW Thumbnail Viewer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D9E57D-73A5-4329-9888-FBBC16ED8944}_is1" = UN.CO.VER. 2.0
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B44566-839A-459C-A73D-49764CE216CC}" = ArcSoft Video Downloader
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF96DD04-58E3-4C95-BAB2-AC0FFC633868}" = ArcSoft Print Creations
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{WIDELANDS-WIN32-IS}_is1" = Widelands Build15
"Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Stylus C90_91_D92 Benutzerhandbuch" = EPSON Stylus C90_91_D92 Handbuch
"Firstload" = Firstload
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Glary Utilities_is1" = Glary Utilities 2.36.0.1232
"Google Desktop" = Google Desktop
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Kalender" = TKexe
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ShapeCollage" = Shape Collage
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"vShare" = vShare Plugin
"vShare.tv plugin" = vShare.tv plugin 1.3
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.11
"x-plugin-0" = x-plugin-0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Media Player" = Move Media Player
"QUICKMEDIACONVERTER" = Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05.11.2012 19:03:59 | Computer Name = JanaV****-PC | Source = EventSystem | ID = 4609
Description =

Error - 05.11.2012 19:04:44 | Computer Name = JanaV****-PC | Source = WinMgmt | ID = 10
Description =

Error - 05.11.2012 19:04:50 | Computer Name = JanaV****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ntvdm.exe, Version 6.0.6001.18000, Zeitstempel
0x47918baf, fehlerhaftes Modul kernel32.dll, Version 6.0.6001.18631, Zeitstempel
0x4da467f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00044503, Prozess-ID 0x120,
Anwendungsstartzeit 01cdbba9f38575bb.

Error - 05.11.2012 19:08:32 | Computer Name = JanaV****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ntvdm.exe, Version 6.0.6001.18000, Zeitstempel
0x47918baf, fehlerhaftes Modul kernel32.dll, Version 6.0.6001.18631, Zeitstempel
0x4da467f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00044503, Prozess-ID 0x658,
Anwendungsstartzeit 01cdbbaa79a8b17b.

Error - 05.11.2012 20:38:50 | Computer Name = JanaV****-PC | Source = WinMgmt | ID = 10
Description =

Error - 05.11.2012 20:39:39 | Computer Name = JanaV****-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 05.11.2012 20:40:08 | Computer Name = JanaV****-PC | Source = .NET Runtime | ID = 0
Description =

Error - 05.11.2012 20:59:20 | Computer Name = JanaV****-PC | Source = WinMgmt | ID = 10
Description =

Error - 05.11.2012 21:01:18 | Computer Name = JanaV****-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 05.11.2012 21:04:18 | Computer Name = JanaV****-PC | Source = WinMgmt | ID = 10
Description =

Error - 05.11.2012 21:04:20 | Computer Name = JanaV****-PC | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 12.02.2012 16:18:58 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 14.02.2012 10:07:00 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 14.02.2012 10:07:06 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 14.02.2012 13:19:54 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 14.02.2012 14:24:38 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 14.02.2012 16:54:22 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 06.03.2012 14:46:29 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 06.03.2012 14:48:29 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 02.04.2012 16:23:25 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 28.10.2012 14:47:17 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


[ ODiag Events ]
Error - 21.10.2008 05:22:07 | Computer Name = JanaV****-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 74z7. Error code: N/A

Error - 21.10.2008 05:29:29 | Computer Name = JanaV****-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 74z7. Error code: N/A

[ OSession Events ]
Error - 25.09.2008 14:34:11 | Computer Name = JanaV****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15.09.2011 20:17:09 | Computer Name = JanaV****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16477
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06.11.2012 05:20:23 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.

Error - 06.11.2012 05:20:23 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.

Error - 06.11.2012 05:20:30 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.

Error - 06.11.2012 05:20:30 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.

Error - 06.11.2012 05:30:22 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "C:" aus.

Error - 06.11.2012 05:30:22 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.

Error - 06.11.2012 05:30:22 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "C:" aus.

Error - 06.11.2012 05:35:30 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.

Error - 06.11.2012 05:35:30 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.

Error - 06.11.2012 05:35:30 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.


< End of report >

Alt 06.11.2012, 12:35   #2
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



hi
1. warum werden keine windows updates gemacht? ich sehe zb servicepack 1, aktuell ist servicepack 2
dann internet explorer 8, aktuell ist internet explorer 9
2.
finger bitte weg von Softonic.
programme werden vom hersteller geladen, und am besten immer benutzerdefiniert instaliert, dann spart man sich häufig unnütze instalationen wie toolbars.

3. öffne avira, verwaltung, quarantäne, poste alle fundmeldungen mit pfadangaben, als text.
öffne malwarebytes, berichte, falls vorhanden, poste weitere fund logs
__________________

__________________

Alt 12.11.2012, 00:55   #3
dermarci
 
GVU Trojaner - Standard

GVU Trojaner



Hi. Vielen Dank für deine Antwort. Hat leider etwas länger gedauert. zum einen wenig Zeit, zum anderen gibt's Schwierigkeiten mit den Updates.

Dass da eine ganze Zeit keine Windows-Updates gemacht wurden, ist ja echt merkwürdig und auch bedenklich. Ich wollte das nun nachholen. Leider wollte das Service Pack II sich nicht installieren. Nachdem das System nach der fehlgeschlagenen Installation vermeintlich zurückgesetzt wurde, funktionieren nun einige Windows-Anwendungen nicht mehr, unter anderem leider auch das Windows-Update. Ich wollte nun eine Systemwiederherstellung mit Wiederherstellungspunkt vor dem Windows-Update durchführen, nur leider ist das nicht möglich, weil angeblich das Dateisystem auf C:\ beschädigt sei. Windwows bietet ja hier die Möglichkeit der Überprüfung und Reperatur. Auch dies schlägt fehl. Ich werde darauf hingewiesen, dass die Überprüfung nicht stattfinden kann, solange die Festplatte in Betrieb ist. Die Frage, ob die Überprüfung für nächsten Neustart eingeplant werden soll, beantworte ich mit ja. Nach dem Neustart findet jedoch keine Überprüfung statt. Ich hab's noch mit CheckDrive versucht... ohne Erfolg. An diesem Punkt hänge ich nun fest.

AVIRA Quarantäne:


Typ: Datei
Quelle: D:\temp\jar_cache841701691373891337.tmp
Status: Infiziert
Quarantäne-Objekt: 4a1cdac4.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.192
Virendefinitionsdatei: 7.11.48.240
Meldung: EXP/2012-1723.AU
Datum/Uhrzeit: 06.11.2012, 01:33


Typ: Datei
Quelle: D:\temp\jar_cache3806472224149220961.tmp
Status: Infiziert
Quarantäne-Objekt: 1843802c.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.192
Virendefinitionsdatei: 7.11.48.240
Meldung: EXP/Dldr.Java.G
Datum/Uhrzeit: 06.11.2012, 01:33


Typ: Datei
Quelle: D:\temp\UOTLLU
Status: Infiziert
Quarantäne-Objekt: 536df50e.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.192
Virendefinitionsdatei: 7.11.48.240
Meldung: EXP/Dldr.Java.G
Datum/Uhrzeit: 06.11.2012, 01:33


Typ: Datei
Quelle: C:\Users\Jana V****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20KT0537\d1ab3[1].pdf
Status: Infiziert
Quarantäne-Objekt: 5433a0ae.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.192
Virendefinitionsdatei: 7.11.48.240
Meldung: EXP/Pidief.dis
Datum/Uhrzeit: 05.11.2012, 19:51


Typ: Datei
Quelle: C:\Users\Jana V****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20KT0537\68187[1].pdf
Status: Infiziert
Quarantäne-Objekt: 5680baab.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.187
Virendefinitionsdatei: 7.11.47.202
Meldung: EXP/Pidief.dkm
Datum/Uhrzeit: 27.10.2012, 18:50


Typ: Datei
Quelle: C:\Users\Jana V****\AppData\Roaming\Asevif\ryatz.exe
Status: Infiziert
Quarantäne-Objekt: 5465f074.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.132
Virendefinitionsdatei: 7.11.39.112
Meldung: TR/Crypt.XPACK.Gen8
Datum/Uhrzeit: 10.08.2012, 21:22


Typ: Datei
Quelle: D:\temp\tmpd8d9fb5f\GX21_243.exe
Status: Infiziert
Quarantäne-Objekt: 55abf599.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.132
Virendefinitionsdatei: 7.11.39.112
Meldung: TR/Crypt.XPACK.Gen8
Datum/Uhrzeit: 10.08.2012, 21:22


Typ: Datei
Quelle: C:\Users\Jana V****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SHN01E5\setup[2].exe
Status: Infiziert
Quarantäne-Objekt: 54f5699f.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.50
Virendefinitionsdatei: 7.11.28.42
Meldung: TR/Crypt.XPACK.Gen
Datum/Uhrzeit: 20.04.2012, 22:29


Typ: Datei
Quelle: C:\Users\Jana V****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SHN01E5\setup[2].exe
Status: Infiziert
Quarantäne-Objekt: 54dd6cde.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.50
Virendefinitionsdatei: 7.11.28.42
Meldung: TR/Crypt.XPACK.Gen
Datum/Uhrzeit: 20.04.2012, 22:28


Typ: Datei
Quelle: C:\Users\Jana V****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SHN01E5\setup[2].exe
Status: Infiziert
Quarantäne-Objekt: 4c4a7b4d.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.50
Virendefinitionsdatei: 7.11.28.42
Meldung: TR/Crypt.XPACK.Gen
Datum/Uhrzeit: 20.04.2012, 22:28


Typ: Datei
Quelle: C:\Users\Jana V****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SHN01E5\setup[2].exe
Status: Infiziert
Quarantäne-Objekt: 4c5c7ec7.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.50
Virendefinitionsdatei: 7.11.28.42
Meldung: TR/Crypt.XPACK.Gen
Datum/Uhrzeit: 20.04.2012, 22:28


Typ: Datei
Quelle: C:\Users\Jana V****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SHN01E5\setup[2].exe
Status: Infiziert
Quarantäne-Objekt: 54cb6a94.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.50
Virendefinitionsdatei: 7.11.28.42
Meldung: TR/Crypt.XPACK.Gen
Datum/Uhrzeit: 20.04.2012, 22:28


Aktuelles Malwarebytes-Log

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.05.08

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Jana V**** :: JANAV****-PC [Administrator]

11.11.2012 21:54:24
mbam-log-2012-11-11 (21-54-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 476137
Laufzeit: 2 Stunde(n), 43 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Mehr Logs habe ich nicht.


PS: Was ich vielleicht noch hätte erwähnen sollen: Nach erster Anwendung von Malwarebytes Anti-Malware ist der Trojaner nicht mehr aktiv geworden. Hatte aber gelesen, dass man es dabei nicht belassen sollte und deswegen diesen Thread eröffnet.

Nochmal vielen Dank für eure Hilfe.
__________________

Alt 12.11.2012, 14:08   #4
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



hi
eig solltest du ja noch nicht updaten, dass war nur ein hinweis.
möchte mal noch was überprüfen:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.11.2012, 18:26   #5
dermarci
 
GVU Trojaner - Standard

GVU Trojaner



Sorry. Das habe ich wohl falsch verstanden.

Hier der Report vom TDSSKiller:

18:20:56.0003 4292 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:20:56.0228 4292 ============================================================
18:20:56.0228 4292 Current date / time: 2012/11/12 18:20:56.0228
18:20:56.0228 4292 SystemInfo:
18:20:56.0228 4292
18:20:56.0228 4292 OS Version: 6.0.6002 ServicePack: 1.0
18:20:56.0228 4292 Product type: Workstation
18:20:56.0229 4292 ComputerName: JANAV****-PC
18:20:56.0229 4292 UserName: Jana V****
18:20:56.0229 4292 Windows directory: C:\Windows
18:20:56.0229 4292 System windows directory: C:\Windows
18:20:56.0229 4292 Processor architecture: Intel x86
18:20:56.0229 4292 Number of processors: 2
18:20:56.0229 4292 Page size: 0x1000
18:20:56.0229 4292 Boot type: Normal boot
18:20:56.0229 4292 ============================================================
18:20:58.0101 4292 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:20:58.0113 4292 ============================================================
18:20:58.0113 4292 \Device\Harddisk0\DR0:
18:20:58.0113 4292 MBR partitions:
18:20:58.0113 4292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xE892FF8
18:20:58.0113 4292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEB81800, BlocksNum 0xE643970
18:20:58.0113 4292 ============================================================
18:20:58.0189 4292 C: <-> \Device\Harddisk0\DR0\Partition1
18:20:58.0238 4292 D: <-> \Device\Harddisk0\DR0\Partition2
18:20:58.0238 4292 ============================================================
18:20:58.0238 4292 Initialize success
18:20:58.0238 4292 ============================================================
18:21:37.0089 3284 ============================================================
18:21:37.0089 3284 Scan started
18:21:37.0089 3284 Mode: Manual; SigCheck; TDLFS;
18:21:37.0089 3284 ============================================================
18:21:37.0765 3284 ================ Scan system memory ========================
18:21:37.0765 3284 System memory - ok
18:21:37.0765 3284 ================ Scan services =============================
18:21:37.0896 3284 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:21:38.0039 3284 ACDaemon - ok
18:21:38.0347 3284 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
18:21:38.0360 3284 ACPI - ok
18:21:38.0408 3284 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:21:38.0444 3284 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
18:21:38.0444 3284 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
18:21:38.0563 3284 [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:21:38.0611 3284 AdobeFlashPlayerUpdateSvc - ok
18:21:38.0676 3284 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:21:38.0726 3284 adp94xx - ok
18:21:38.0760 3284 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:21:38.0788 3284 adpahci - ok
18:21:38.0833 3284 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:21:38.0887 3284 adpu160m - ok
18:21:38.0934 3284 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:21:38.0957 3284 adpu320 - ok
18:21:39.0015 3284 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:21:39.0153 3284 AeLookupSvc - ok
18:21:39.0208 3284 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
18:21:39.0272 3284 AFD - ok
18:21:39.0319 3284 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
18:21:39.0367 3284 AgereModemAudio - ok
18:21:39.0533 3284 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
18:21:39.0665 3284 AgereSoftModem - ok
18:21:39.0732 3284 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:21:39.0759 3284 agp440 - ok
18:21:39.0825 3284 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:21:39.0850 3284 aic78xx - ok
18:21:39.0871 3284 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:21:39.0916 3284 ALG - ok
18:21:39.0935 3284 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:21:39.0951 3284 aliide - ok
18:21:39.0995 3284 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:21:40.0014 3284 amdagp - ok
18:21:40.0037 3284 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:21:40.0049 3284 amdide - ok
18:21:40.0095 3284 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:21:40.0160 3284 AmdK7 - ok
18:21:40.0207 3284 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:21:40.0258 3284 AmdK8 - ok
18:21:40.0553 3284 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:21:40.0567 3284 AntiVirSchedulerService - ok
18:21:40.0603 3284 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:21:40.0649 3284 AntiVirService - ok
18:21:40.0727 3284 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:21:40.0793 3284 Appinfo - ok
18:21:40.0858 3284 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:21:40.0873 3284 arc - ok
18:21:40.0913 3284 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:21:40.0927 3284 arcsas - ok
18:21:40.0959 3284 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:21:41.0008 3284 AsyncMac - ok
18:21:41.0040 3284 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys
18:21:41.0047 3284 atapi - ok
18:21:41.0138 3284 [ 54D715AF597C06E87418C50F481BDD2C ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
18:21:41.0270 3284 Ati External Event Utility - ok
18:21:41.0546 3284 [ BE4D8FDC6B2598C46B2B5E6E4FBAAFC5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:21:42.0008 3284 atikmdag - ok
18:21:42.0091 3284 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:21:42.0143 3284 AudioEndpointBuilder - ok
18:21:42.0150 3284 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:21:42.0220 3284 Audiosrv - ok
18:21:42.0236 3284 AVGIDSShim - ok
18:21:42.0289 3284 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:21:42.0303 3284 avgntflt - ok
18:21:42.0387 3284 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:21:42.0427 3284 avipbb - ok
18:21:42.0463 3284 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:21:42.0486 3284 avkmgr - ok
18:21:42.0582 3284 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:21:42.0649 3284 Beep - ok
18:21:42.0706 3284 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:21:42.0793 3284 BFE - ok
18:21:42.0872 3284 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
18:21:42.0975 3284 BITS - ok
18:21:43.0031 3284 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:21:43.0086 3284 blbdrive - ok
18:21:43.0122 3284 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:21:43.0222 3284 bowser - ok
18:21:43.0266 3284 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:21:43.0285 3284 BrFiltLo - ok
18:21:43.0307 3284 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:21:43.0374 3284 BrFiltUp - ok
18:21:43.0396 3284 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:21:43.0437 3284 Browser - ok
18:21:43.0484 3284 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:21:43.0733 3284 Brserid - ok
18:21:43.0789 3284 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:21:43.0866 3284 BrSerWdm - ok
18:21:43.0910 3284 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:21:43.0999 3284 BrUsbMdm - ok
18:21:44.0025 3284 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:21:44.0086 3284 BrUsbSer - ok
18:21:44.0142 3284 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:21:44.0266 3284 BTHMODEM - ok
18:21:44.0316 3284 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:21:44.0405 3284 cdfs - ok
18:21:44.0438 3284 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:21:44.0465 3284 cdrom - ok
18:21:44.0511 3284 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
18:21:44.0546 3284 CertPropSvc - ok
18:21:44.0576 3284 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:21:44.0642 3284 circlass - ok
18:21:44.0700 3284 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:21:44.0721 3284 CLFS - ok
18:21:44.0940 3284 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:21:45.0014 3284 clr_optimization_v2.0.50727_32 - ok
18:21:45.0085 3284 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:21:45.0095 3284 clr_optimization_v4.0.30319_32 - ok
18:21:45.0154 3284 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:21:45.0192 3284 CmBatt - ok
18:21:45.0216 3284 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:21:45.0229 3284 cmdide - ok
18:21:45.0250 3284 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:21:45.0262 3284 Compbatt - ok
18:21:45.0266 3284 COMSysApp - ok
18:21:45.0366 3284 [ D10D01B2DFCD8D2F32A32ED29E8DA1C2 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:21:45.0407 3284 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
18:21:45.0407 3284 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
18:21:45.0441 3284 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:21:45.0453 3284 crcdisk - ok
18:21:45.0478 3284 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:21:45.0528 3284 Crusoe - ok
18:21:45.0580 3284 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:21:45.0635 3284 CryptSvc - ok
18:21:45.0735 3284 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:21:45.0850 3284 DcomLaunch - ok
18:21:45.0903 3284 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:21:45.0956 3284 DfsC - ok
18:21:46.0132 3284 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
18:21:46.0461 3284 DFSR - ok
18:21:46.0518 3284 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:21:46.0548 3284 Dhcp - ok
18:21:46.0602 3284 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
18:21:46.0617 3284 disk - ok
18:21:46.0663 3284 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:21:46.0728 3284 Dnscache - ok
18:21:46.0868 3284 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
18:21:46.0944 3284 dot3svc - ok
18:21:46.0986 3284 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:21:47.0036 3284 DPS - ok
18:21:47.0093 3284 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:21:47.0122 3284 drmkaud - ok
18:21:47.0212 3284 [ FB85F7F69E9B109820409243F578CC4D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:21:47.0291 3284 DXGKrnl - ok
18:21:47.0349 3284 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:21:47.0430 3284 E1G60 - ok
18:21:47.0510 3284 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:21:47.0559 3284 EapHost - ok
18:21:47.0598 3284 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:21:47.0642 3284 Ecache - ok
18:21:47.0728 3284 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:21:47.0758 3284 ehRecvr - ok
18:21:47.0778 3284 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:21:47.0843 3284 ehSched - ok
18:21:47.0859 3284 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:21:47.0882 3284 ehstart - ok
18:21:48.0005 3284 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:21:48.0071 3284 elxstor - ok
18:21:48.0214 3284 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:21:48.0357 3284 EMDMgmt - ok
18:21:48.0413 3284 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:21:48.0456 3284 ErrDev - ok
18:21:48.0562 3284 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
18:21:48.0617 3284 EventSystem - ok
18:21:48.0681 3284 [ 4B36D96340200512C7974307D0F7D8B3 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
18:21:48.0745 3284 ewusbnet - ok
18:21:48.0790 3284 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:21:48.0857 3284 exfat - ok
18:21:48.0927 3284 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:21:48.0954 3284 fastfat - ok
18:21:49.0017 3284 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:21:49.0073 3284 fdc - ok
18:21:49.0106 3284 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:21:49.0165 3284 fdPHost - ok
18:21:49.0190 3284 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:21:49.0285 3284 FDResPub - ok
18:21:49.0357 3284 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:21:49.0392 3284 FileInfo - ok
18:21:49.0415 3284 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:21:49.0482 3284 Filetrace - ok
18:21:49.0614 3284 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:21:49.0644 3284 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:21:49.0644 3284 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:21:49.0666 3284 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:21:49.0705 3284 flpydisk - ok
18:21:49.0824 3284 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:21:49.0848 3284 FltMgr - ok
18:21:49.0966 3284 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:21:49.0977 3284 FontCache3.0.0.0 - ok
18:21:50.0038 3284 [ 491E9D9A26A745F6AE7D570849F4BD87 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:21:50.0051 3284 fssfltr - ok
18:21:50.0357 3284 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:21:50.0422 3284 fsssvc - ok
18:21:50.0462 3284 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:21:50.0511 3284 Fs_Rec - ok
18:21:50.0559 3284 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
18:21:50.0576 3284 FwLnk - ok
18:21:50.0593 3284 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:21:50.0607 3284 gagp30kx - ok
18:21:50.0676 3284 [ B39662E4C237AA25A2CD2379FF508099 ] GoogleDesktopManager-022208-143751 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
18:21:50.0686 3284 GoogleDesktopManager-022208-143751 - ok
18:21:50.0737 3284 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
18:21:50.0794 3284 gpsvc - ok
18:21:50.0891 3284 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:21:50.0942 3284 gusvc - ok
18:21:51.0000 3284 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:21:51.0065 3284 HdAudAddService - ok
18:21:51.0150 3284 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:21:51.0203 3284 HDAudBus - ok
18:21:51.0257 3284 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:21:51.0320 3284 HidBth - ok
18:21:51.0361 3284 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:21:51.0413 3284 HidIr - ok
18:21:51.0447 3284 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
18:21:51.0516 3284 hidserv - ok
18:21:51.0566 3284 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:21:51.0619 3284 HidUsb - ok
18:21:51.0698 3284 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:21:51.0743 3284 hkmsvc - ok
18:21:51.0796 3284 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:21:51.0809 3284 HpCISSs - ok
18:21:51.0869 3284 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:21:51.0946 3284 HTTP - ok
18:21:51.0989 3284 [ 1FC7A63148E4F2BD831DAB0DC732026D ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:21:52.0038 3284 hwdatacard - ok
18:21:52.0123 3284 [ A259D3619AA23D4562581067F85E2006 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
18:21:52.0173 3284 hwusbdev - ok
18:21:52.0202 3284 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:21:52.0218 3284 i2omp - ok
18:21:52.0258 3284 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:21:52.0301 3284 i8042prt - ok
18:21:52.0388 3284 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:21:52.0430 3284 iaStor - ok
18:21:52.0487 3284 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:21:52.0536 3284 iaStorV - ok
18:21:52.0791 3284 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:21:52.0902 3284 idsvc - ok
18:21:52.0964 3284 igfx - ok
18:21:53.0001 3284 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:21:53.0030 3284 iirsp - ok
18:21:53.0079 3284 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:21:53.0126 3284 IKEEXT - ok
18:21:53.0267 3284 [ B9CBD3DEA7CA02868621173BF7A2AF9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:21:53.0379 3284 IntcAzAudAddService - ok
18:21:53.0448 3284 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:21:53.0474 3284 intelide - ok
18:21:53.0520 3284 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:21:53.0565 3284 intelppm - ok
18:21:53.0622 3284 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:21:53.0684 3284 IPBusEnum - ok
18:21:53.0714 3284 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:21:53.0789 3284 IpFilterDriver - ok
18:21:53.0829 3284 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:21:53.0889 3284 iphlpsvc - ok
18:21:53.0893 3284 IpInIp - ok
18:21:53.0935 3284 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:21:53.0984 3284 IPMIDRV - ok
18:21:54.0001 3284 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:21:54.0051 3284 IPNAT - ok
18:21:54.0077 3284 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:21:54.0114 3284 IRENUM - ok
18:21:54.0140 3284 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:21:54.0205 3284 isapnp - ok
18:21:54.0262 3284 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:21:54.0272 3284 iScsiPrt - ok
18:21:54.0300 3284 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:21:54.0312 3284 iteatapi - ok
18:21:54.0379 3284 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:21:54.0466 3284 iteraid - ok
18:21:54.0574 3284 [ FE8300320281D658A7854D5CFC02A63F ] k750bus C:\Windows\system32\DRIVERS\k750bus.sys
18:21:54.0682 3284 k750bus - ok
18:21:54.0712 3284 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:21:54.0752 3284 kbdclass - ok
18:21:54.0781 3284 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:21:54.0855 3284 kbdhid - ok
18:21:54.0888 3284 [ 3978F3540329E16C0AC3BCF677E5669F ] KeyIso C:\Windows\system32\lsass.exe
18:21:54.0924 3284 KeyIso - ok
18:21:55.0015 3284 [ 86165728AF9BF72D6442A894FDFB4F8B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:21:55.0069 3284 KSecDD - ok
18:21:55.0190 3284 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:21:55.0244 3284 KtmRm - ok
18:21:55.0320 3284 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:21:55.0353 3284 LanmanServer - ok
18:21:55.0432 3284 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:21:55.0501 3284 LanmanWorkstation - ok
18:21:55.0540 3284 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:21:55.0636 3284 lltdio - ok
18:21:55.0672 3284 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:21:55.0747 3284 lltdsvc - ok
18:21:55.0772 3284 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:21:55.0811 3284 lmhosts - ok
18:21:55.0837 3284 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:21:55.0865 3284 LSI_FC - ok
18:21:55.0913 3284 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:21:55.0945 3284 LSI_SAS - ok
18:21:55.0966 3284 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:21:55.0981 3284 LSI_SCSI - ok
18:21:56.0003 3284 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:21:56.0053 3284 luafv - ok
18:21:56.0109 3284 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus.sys
18:21:56.0165 3284 MarvinBus - ok
18:21:56.0206 3284 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:21:56.0250 3284 Mcx2Svc - ok
18:21:56.0305 3284 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:21:56.0345 3284 megasas - ok
18:21:56.0395 3284 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:21:56.0421 3284 MegaSR - ok
18:21:56.0459 3284 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:21:56.0531 3284 MMCSS - ok
18:21:56.0553 3284 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:21:56.0596 3284 Modem - ok
18:21:56.0642 3284 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:21:56.0685 3284 monitor - ok
18:21:56.0701 3284 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:21:56.0714 3284 mouclass - ok
18:21:56.0729 3284 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:21:56.0761 3284 mouhid - ok
18:21:56.0782 3284 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:21:56.0818 3284 MountMgr - ok
18:21:56.0909 3284 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:21:56.0952 3284 MozillaMaintenance - ok
18:21:57.0012 3284 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:21:57.0049 3284 mpio - ok
18:21:57.0071 3284 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:21:57.0126 3284 mpsdrv - ok
18:21:57.0221 3284 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
18:21:57.0340 3284 MpsSvc - ok
18:21:57.0417 3284 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:21:57.0455 3284 Mraid35x - ok
18:21:57.0522 3284 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:21:57.0589 3284 MRxDAV - ok
18:21:57.0625 3284 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:21:57.0658 3284 mrxsmb - ok
18:21:57.0699 3284 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:21:57.0769 3284 mrxsmb10 - ok
18:21:57.0795 3284 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:21:57.0827 3284 mrxsmb20 - ok
18:21:57.0857 3284 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
18:21:57.0887 3284 msahci - ok
18:21:57.0917 3284 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:21:57.0970 3284 msdsm - ok
18:21:57.0992 3284 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:21:58.0088 3284 MSDTC - ok
18:21:58.0119 3284 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:21:58.0180 3284 Msfs - ok
18:21:58.0234 3284 [ 1E00B9B8601F24A96AD71A7D0FC5F136 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:21:58.0264 3284 msisadrv - ok
18:21:58.0297 3284 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:21:58.0364 3284 MSiSCSI - ok
18:21:58.0367 3284 msiserver - ok
18:21:58.0422 3284 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:21:58.0459 3284 MSKSSRV - ok
18:21:58.0479 3284 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:21:58.0504 3284 MSPCLOCK - ok
18:21:58.0524 3284 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:21:58.0599 3284 MSPQM - ok
18:21:58.0646 3284 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:21:58.0665 3284 MsRPC - ok
18:21:58.0710 3284 [ 215634CF935B696E3EBCA813D02E9165 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:21:58.0718 3284 mssmbios - ok
18:21:58.0770 3284 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:21:58.0793 3284 MSTEE - ok
18:21:58.0823 3284 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:21:58.0840 3284 Mup - ok
18:21:58.0872 3284 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
18:21:58.0928 3284 napagent - ok
18:21:59.0015 3284 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:21:59.0056 3284 NativeWifiP - ok
18:21:59.0153 3284 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:21:59.0192 3284 NDIS - ok
18:21:59.0277 3284 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:21:59.0341 3284 NdisTapi - ok
18:21:59.0370 3284 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:21:59.0394 3284 Ndisuio - ok
18:21:59.0434 3284 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:21:59.0462 3284 NdisWan - ok
18:21:59.0471 3284 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:21:59.0492 3284 NDProxy - ok
18:21:59.0504 3284 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:21:59.0539 3284 NetBIOS - ok
18:21:59.0635 3284 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:21:59.0668 3284 netbt - ok
18:21:59.0710 3284 [ 3978F3540329E16C0AC3BCF677E5669F ] Netlogon C:\Windows\system32\lsass.exe
18:21:59.0721 3284 Netlogon - ok
18:21:59.0812 3284 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:21:59.0889 3284 Netman - ok
18:21:59.0938 3284 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:21:59.0991 3284 netprofm - ok
18:22:00.0089 3284 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:22:00.0112 3284 NetTcpPortSharing - ok
18:22:00.0585 3284 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
18:22:00.0931 3284 NETw5v32 - ok
18:22:00.0965 3284 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:22:00.0998 3284 nfrd960 - ok
18:22:01.0101 3284 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:22:01.0124 3284 NlaSvc - ok
18:22:01.0190 3284 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:22:01.0254 3284 Npfs - ok
18:22:01.0269 3284 npggsvc - ok
18:22:01.0307 3284 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:22:01.0333 3284 nsi - ok
18:22:01.0376 3284 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:22:01.0431 3284 nsiproxy - ok
18:22:01.0724 3284 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:22:01.0808 3284 Ntfs - ok
18:22:01.0853 3284 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:22:01.0908 3284 ntrigdigi - ok
18:22:01.0950 3284 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:22:01.0997 3284 Null - ok
18:22:02.0025 3284 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:22:02.0041 3284 nvraid - ok
18:22:02.0056 3284 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:22:02.0070 3284 nvstor - ok
18:22:02.0086 3284 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:22:02.0103 3284 nv_agp - ok
18:22:02.0107 3284 NwlnkFlt - ok
18:22:02.0113 3284 NwlnkFwd - ok
18:22:02.0430 3284 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:22:02.0499 3284 odserv - ok
18:22:02.0566 3284 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:22:02.0587 3284 ohci1394 - ok
18:22:02.0667 3284 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:22:02.0683 3284 ose - ok
18:22:02.0760 3284 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:22:02.0841 3284 p2pimsvc - ok
18:22:02.0855 3284 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
18:22:02.0877 3284 p2psvc - ok
18:22:02.0924 3284 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:22:03.0108 3284 Parport - ok
18:22:03.0157 3284 [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:22:03.0182 3284 partmgr - ok
18:22:03.0234 3284 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:22:03.0316 3284 Parvdm - ok
18:22:03.0357 3284 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:22:03.0441 3284 PcaSvc - ok
18:22:03.0490 3284 [ ECA39351296D905BAA4FA3244C152B00 ] pci C:\Windows\system32\drivers\pci.sys
18:22:03.0519 3284 pci - ok
18:22:03.0561 3284 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:22:03.0572 3284 pciide - ok
18:22:03.0606 3284 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:22:03.0624 3284 pcmcia - ok
18:22:03.0689 3284 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:22:03.0790 3284 PEAUTH - ok
18:22:03.0938 3284 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:22:04.0067 3284 pla - ok
18:22:04.0106 3284 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:22:04.0164 3284 PlugPlay - ok
18:22:04.0260 3284 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:22:04.0323 3284 PNRPAutoReg - ok
18:22:04.0336 3284 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:22:04.0358 3284 PNRPsvc - ok
18:22:04.0421 3284 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:22:04.0486 3284 PolicyAgent - ok
18:22:04.0562 3284 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:22:04.0612 3284 PptpMiniport - ok
18:22:04.0640 3284 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:22:04.0680 3284 Processor - ok
18:22:04.0725 3284 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
18:22:04.0756 3284 ProfSvc - ok
18:22:04.0822 3284 [ 3978F3540329E16C0AC3BCF677E5669F ] ProtectedStorage C:\Windows\system32\lsass.exe
18:22:04.0836 3284 ProtectedStorage - ok
18:22:04.0910 3284 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:22:04.0994 3284 PSched - ok
18:22:05.0147 3284 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
18:22:05.0162 3284 PSI_SVC_2 - ok
18:22:05.0263 3284 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:22:05.0315 3284 ql2300 - ok
18:22:05.0363 3284 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:22:05.0400 3284 ql40xx - ok
18:22:05.0446 3284 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:22:05.0489 3284 QWAVE - ok
18:22:05.0515 3284 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:22:05.0548 3284 QWAVEdrv - ok
18:22:05.0649 3284 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
18:22:05.0681 3284 RapiMgr - ok
18:22:05.0708 3284 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:22:05.0757 3284 RasAcd - ok
18:22:05.0788 3284 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:22:05.0853 3284 RasAuto - ok
18:22:05.0898 3284 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:22:05.0956 3284 Rasl2tp - ok
18:22:05.0984 3284 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
18:22:06.0012 3284 RasMan - ok
18:22:06.0038 3284 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:22:06.0078 3284 RasPppoe - ok
18:22:06.0124 3284 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:22:06.0141 3284 RasSstp - ok
18:22:06.0177 3284 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:22:06.0256 3284 rdbss - ok
18:22:06.0296 3284 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:22:06.0335 3284 RDPCDD - ok
18:22:06.0396 3284 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:22:06.0469 3284 rdpdr - ok
18:22:06.0474 3284 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:22:06.0513 3284 RDPENCDD - ok
18:22:06.0603 3284 [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:22:06.0634 3284 RDPWD - ok
18:22:06.0689 3284 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:22:06.0711 3284 RemoteAccess - ok
18:22:06.0804 3284 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:22:06.0863 3284 RemoteRegistry - ok
18:22:06.0908 3284 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
18:22:06.0970 3284 rimmptsk - ok
18:22:06.0985 3284 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
18:22:07.0039 3284 rimsptsk - ok
18:22:07.0044 3284 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
18:22:07.0073 3284 rismxdp - ok
18:22:07.0098 3284 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:22:07.0157 3284 RpcLocator - ok
18:22:07.0215 3284 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
18:22:07.0241 3284 RpcSs - ok
18:22:07.0285 3284 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:22:07.0346 3284 rspndr - ok
18:22:07.0422 3284 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
18:22:07.0440 3284 RTL8169 - ok
18:22:07.0502 3284 [ 1C5C2CB892553D2CF3F45A4BB323FCD6 ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys
18:22:07.0530 3284 s1018bus - ok
18:22:07.0566 3284 [ 38F5EA219593F19B6B3A1B9C169E3B61 ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys
18:22:07.0575 3284 s1018mdfl - ok
18:22:07.0648 3284 [ 666AF6B64FC7DF92D3CA4819EA91631D ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys
18:22:07.0692 3284 s1018mdm - ok
18:22:07.0732 3284 [ F4CEDA6E2DDFF2AF8BD745615A7CA9C0 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys
18:22:07.0770 3284 s1018mgmt - ok
18:22:07.0805 3284 [ 3622D9FF2253DCBE885B10736609A4CA ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys
18:22:07.0815 3284 s1018nd5 - ok
18:22:07.0884 3284 [ 49431EFDA842B474531C29FFAE9F5D09 ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys
18:22:07.0917 3284 s1018obex - ok
18:22:07.0951 3284 [ AC6B514CB4474F4C867D7CDC9CD54F05 ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys
18:22:07.0977 3284 s1018unic - ok
18:22:08.0000 3284 [ 3978F3540329E16C0AC3BCF677E5669F ] SamSs C:\Windows\system32\lsass.exe
18:22:08.0041 3284 SamSs - ok
18:22:08.0092 3284 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:22:08.0118 3284 sbp2port - ok
18:22:08.0160 3284 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:22:08.0209 3284 SCardSvr - ok
18:22:08.0263 3284 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
18:22:08.0353 3284 Schedule - ok
18:22:08.0369 3284 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
18:22:08.0391 3284 SCPolicySvc - ok
18:22:08.0453 3284 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:22:08.0532 3284 sdbus - ok
18:22:08.0575 3284 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:22:08.0623 3284 SDRSVC - ok
18:22:08.0808 3284 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:22:08.0825 3284 SeaPort - ok
18:22:08.0963 3284 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:22:09.0034 3284 secdrv - ok
18:22:09.0065 3284 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:22:09.0117 3284 seclogon - ok
18:22:09.0141 3284 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:22:09.0173 3284 SENS - ok
18:22:09.0194 3284 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:22:09.0265 3284 Serenum - ok
18:22:09.0353 3284 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:22:09.0417 3284 Serial - ok
18:22:09.0436 3284 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:22:09.0480 3284 sermouse - ok
18:22:09.0509 3284 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:22:09.0535 3284 SessionEnv - ok
18:22:09.0570 3284 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:22:09.0601 3284 sffdisk - ok
18:22:09.0626 3284 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:22:09.0651 3284 sffp_mmc - ok
18:22:09.0682 3284 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:22:09.0731 3284 sffp_sd - ok
18:22:09.0757 3284 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:22:09.0806 3284 sfloppy - ok
18:22:09.0862 3284 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:22:09.0912 3284 SharedAccess - ok
18:22:09.0945 3284 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:22:10.0001 3284 ShellHWDetection - ok
18:22:10.0041 3284 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:22:10.0086 3284 sisagp - ok
18:22:10.0109 3284 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:22:10.0126 3284 SiSRaid2 - ok
18:22:10.0147 3284 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:22:10.0178 3284 SiSRaid4 - ok
18:22:10.0260 3284 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:22:10.0268 3284 SkypeUpdate - ok
18:22:10.0701 3284 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
18:22:10.0976 3284 slsvc - ok
18:22:11.0043 3284 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:22:11.0098 3284 SLUINotify - ok
18:22:11.0170 3284 [ 3566310DF25EA5C3B2E9F50F5B50EAC1 ] SmartFaceVWatchSrv C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
18:22:11.0205 3284 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
18:22:11.0205 3284 SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
18:22:11.0319 3284 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:22:11.0421 3284 Smb - ok
18:22:11.0459 3284 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:22:11.0469 3284 SNMPTRAP - ok
18:22:11.0507 3284 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:22:11.0520 3284 spldr - ok
18:22:11.0571 3284 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
18:22:11.0679 3284 Spooler - ok
18:22:11.0773 3284 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:22:11.0963 3284 srv - ok
18:22:12.0009 3284 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:22:12.0070 3284 srv2 - ok
18:22:12.0090 3284 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:22:12.0135 3284 srvnet - ok
18:22:12.0163 3284 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:22:12.0215 3284 SSDPSRV - ok
18:22:12.0248 3284 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:22:12.0260 3284 ssmdrv - ok
18:22:12.0322 3284 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:22:12.0353 3284 SstpSvc - ok
18:22:12.0402 3284 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
18:22:12.0436 3284 stisvc - ok
18:22:12.0472 3284 [ 97E089971A6ABA49AD5592BD6298E416 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:22:12.0484 3284 swenum - ok
18:22:12.0515 3284 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
18:22:12.0547 3284 swprv - ok
18:22:12.0604 3284 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:22:12.0616 3284 Symc8xx - ok
18:22:12.0637 3284 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:22:12.0650 3284 Sym_hi - ok
18:22:12.0677 3284 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:22:12.0689 3284 Sym_u3 - ok
18:22:12.0726 3284 [ 70534D1E4F9AC990536D5FB5B550B3DE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:22:12.0735 3284 SynTP - ok
18:22:12.0781 3284 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
18:22:12.0829 3284 SysMain - ok
18:22:12.0902 3284 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:22:12.0946 3284 TabletInputService - ok
18:22:12.0988 3284 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
18:22:13.0047 3284 TapiSrv - ok
18:22:13.0065 3284 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:22:13.0108 3284 TBS - ok
18:22:13.0180 3284 [ A474879AFA4A596B3A531F3E69730DBF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:22:13.0232 3284 Tcpip - ok
18:22:13.0249 3284 [ A474879AFA4A596B3A531F3E69730DBF ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:22:13.0277 3284 Tcpip6 - ok
18:22:13.0327 3284 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:22:13.0367 3284 tcpipreg - ok
18:22:13.0384 3284 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:22:13.0438 3284 tdcmdpst - ok
18:22:13.0470 3284 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:22:13.0495 3284 TDPIPE - ok
18:22:13.0513 3284 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:22:13.0563 3284 TDTCP - ok
18:22:13.0597 3284 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:22:13.0619 3284 tdx - ok
18:22:13.0735 3284 [ 24EA631FEC13E87AFE07A2B28732EF38 ] TemproMonitoringService C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
18:22:13.0745 3284 TemproMonitoringService - ok
18:22:13.0788 3284 [ 718B2F4355CD8EB2844741ADDAC0E622 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:22:13.0807 3284 TermDD - ok
18:22:13.0855 3284 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
18:22:13.0886 3284 TermService - ok
18:22:13.0912 3284 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
18:22:13.0926 3284 Themes - ok
18:22:13.0950 3284 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:22:13.0973 3284 THREADORDER - ok
18:22:14.0050 3284 [ 6BADBB0B16B25643075A6FFAFC489940 ] TNaviSrv C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
18:22:14.0062 3284 TNaviSrv - ok
18:22:14.0112 3284 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\Windows\system32\TODDSrv.exe
18:22:14.0127 3284 TODDSrv - ok
18:22:14.0173 3284 [ DA6903958CBDC091FFCBBCA70CCFF34C ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
18:22:14.0194 3284 TosCoSrv - ok
18:22:14.0220 3284 [ 22690DFFC7F2A18279A7A0489AA02BAC ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
18:22:14.0254 3284 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
18:22:14.0254 3284 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
18:22:14.0258 3284 Tosrfcom - ok
18:22:14.0304 3284 [ 5C4103544612E5011EF46301B93D1AA6 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
18:22:14.0380 3284 tosrfec - ok
18:22:14.0424 3284 [ 4399A9BF7D8F49991A07FD86590A1619 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
18:22:14.0469 3284 tos_sps32 - ok
18:22:14.0506 3284 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:22:14.0567 3284 TrkWks - ok
18:22:14.0618 3284 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:22:14.0647 3284 TrustedInstaller - ok
18:22:14.0695 3284 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:14.0753 3284 tssecsrv - ok
18:22:14.0798 3284 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:22:14.0817 3284 tunmp - ok
18:22:14.0838 3284 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:22:14.0873 3284 tunnel - ok
18:22:14.0908 3284 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:22:14.0921 3284 TVALZ - ok
18:22:14.0945 3284 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:22:14.0963 3284 uagp35 - ok
18:22:15.0006 3284 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:22:15.0041 3284 udfs - ok
18:22:15.0074 3284 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:22:15.0168 3284 UI0Detect - ok
18:22:15.0257 3284 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:22:15.0292 3284 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
18:22:15.0292 3284 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
18:22:15.0328 3284 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:22:15.0342 3284 uliagpkx - ok
18:22:15.0372 3284 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:22:15.0390 3284 uliahci - ok
18:22:15.0407 3284 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:22:15.0422 3284 UlSata - ok
18:22:15.0443 3284 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:22:15.0459 3284 ulsata2 - ok
18:22:15.0479 3284 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:22:15.0518 3284 umbus - ok
18:22:15.0564 3284 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:22:15.0615 3284 upnphost - ok
18:22:15.0647 3284 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:15.0665 3284 usbccgp - ok
18:22:15.0694 3284 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:22:15.0740 3284 usbcir - ok
18:22:15.0781 3284 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:22:15.0819 3284 usbehci - ok
18:22:15.0844 3284 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:22:15.0875 3284 usbhub - ok
18:22:15.0897 3284 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:22:15.0940 3284 usbohci - ok
18:22:15.0970 3284 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:22:15.0995 3284 usbprint - ok
18:22:16.0014 3284 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:16.0055 3284 USBSTOR - ok
18:22:16.0086 3284 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:22:16.0128 3284 usbuhci - ok
18:22:16.0169 3284 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:22:16.0213 3284 usbvideo - ok
18:22:16.0269 3284 [ EE181A08E09DB23CF4A49B46A1E66BB8 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
18:22:16.0293 3284 usb_rndisx - ok
18:22:16.0322 3284 [ 8C5094A8AB24DE7496C7C19942F2DF04 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
18:22:16.0370 3284 UVCFTR - ok
18:22:16.0421 3284 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
18:22:16.0474 3284 UxSms - ok
18:22:16.0503 3284 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
18:22:16.0558 3284 vds - ok
18:22:16.0611 3284 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:16.0667 3284 vga - ok
18:22:16.0693 3284 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:22:16.0743 3284 VgaSave - ok
18:22:16.0762 3284 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:22:16.0780 3284 viaagp - ok
18:22:16.0798 3284 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:22:16.0834 3284 ViaC7 - ok
18:22:16.0851 3284 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:22:16.0863 3284 viaide - ok
18:22:16.0900 3284 [ BDD98BBE7323FC0975A26373D8050471 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:22:16.0914 3284 volmgr - ok
18:22:16.0966 3284 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:22:16.0990 3284 volmgrx - ok
18:22:17.0028 3284 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:22:17.0048 3284 volsnap - ok
18:22:17.0081 3284 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:22:17.0097 3284 vsmraid - ok
18:22:17.0164 3284 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
18:22:17.0227 3284 VSS - ok
18:22:17.0280 3284 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
18:22:17.0344 3284 W32Time - ok
18:22:17.0364 3284 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:22:17.0406 3284 WacomPen - ok
18:22:17.0427 3284 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:22:17.0449 3284 Wanarp - ok
18:22:17.0453 3284 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:22:17.0471 3284 Wanarpv6 - ok
18:22:17.0528 3284 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
18:22:17.0583 3284 WcesComm - ok
18:22:17.0647 3284 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:22:17.0687 3284 wcncsvc - ok
18:22:17.0709 3284 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:22:17.0731 3284 WcsPlugInService - ok
18:22:17.0804 3284 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:22:17.0821 3284 Wd - ok
18:22:17.0861 3284 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:22:17.0915 3284 Wdf01000 - ok
18:22:17.0958 3284 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:22:18.0012 3284 WdiServiceHost - ok
18:22:18.0015 3284 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:22:18.0038 3284 WdiSystemHost - ok
18:22:18.0065 3284 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
18:22:18.0087 3284 WebClient - ok
18:22:18.0135 3284 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:22:18.0183 3284 Wecsvc - ok
18:22:18.0219 3284 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:22:18.0273 3284 wercplsupport - ok
18:22:18.0309 3284 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
18:22:18.0354 3284 WerSvc - ok
18:22:18.0404 3284 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:22:18.0416 3284 WinDefend - ok
18:22:18.0421 3284 WinHttpAutoProxySvc - ok
18:22:18.0527 3284 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:22:18.0559 3284 Winmgmt - ok
18:22:18.0630 3284 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:22:18.0716 3284 WinRM - ok
18:22:18.0769 3284 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:22:18.0833 3284 Wlansvc - ok
18:22:18.0901 3284 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:22:18.0987 3284 WmiAcpi - ok
18:22:19.0024 3284 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:22:19.0059 3284 wmiApSrv - ok
18:22:19.0152 3284 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:22:19.0200 3284 WMPNetworkSvc - ok
18:22:19.0275 3284 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:22:19.0318 3284 WPCSvc - ok
18:22:19.0336 3284 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:22:19.0368 3284 WPDBusEnum - ok
18:22:19.0402 3284 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:22:19.0435 3284 WpdUsb - ok
18:22:19.0536 3284 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:22:19.0563 3284 WPFFontCache_v0400 - ok
18:22:19.0620 3284 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:22:19.0644 3284 ws2ifsl - ok
18:22:19.0672 3284 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
18:22:19.0684 3284 wscsvc - ok
18:22:19.0688 3284 WSearch - ok
18:22:19.0776 3284 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:22:19.0845 3284 wuauserv - ok
18:22:19.0918 3284 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:22:19.0967 3284 WUDFRd - ok
18:22:20.0001 3284 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:22:20.0048 3284 wudfsvc - ok
18:22:20.0264 3284 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:22:20.0302 3284 YahooAUService - ok
18:22:20.0449 3284 [ 4CAA1637520365C50331B454469DF58C ] [verify-U] C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe
18:22:20.0501 3284 [verify-U] ( UnsignedFile.Multi.Generic ) - warning
18:22:20.0501 3284 [verify-U] - detected UnsignedFile.Multi.Generic (1)
18:22:20.0557 3284 [ A505FF145D2C056BE52BFA7670D09525 ] [verify-U]_System C:\Windows\system32\drivers\[verify-U]-driver.sys
18:22:20.0564 3284 [verify-U]_System ( UnsignedFile.Multi.Generic ) - warning
18:22:20.0564 3284 [verify-U]_System - detected UnsignedFile.Multi.Generic (1)
18:22:20.0629 3284 ================ Scan global ===============================
18:22:20.0655 3284 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:22:20.0704 3284 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
18:22:20.0729 3284 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
18:22:20.0769 3284 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
18:22:20.0772 3284 [Global] - ok
18:22:20.0772 3284 ================ Scan MBR ==================================
18:22:20.0781 3284 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:22:22.0139 3284 \Device\Harddisk0\DR0 - ok
18:22:22.0140 3284 ================ Scan VBR ==================================
18:22:22.0174 3284 [ 81E2350233DC305D8580832DA9B67199 ] \Device\Harddisk0\DR0\Partition1
18:22:22.0175 3284 \Device\Harddisk0\DR0\Partition1 - ok
18:22:22.0197 3284 [ 056453E4ED3BC0F367F99BFD29D9DFBF ] \Device\Harddisk0\DR0\Partition2
18:22:22.0199 3284 \Device\Harddisk0\DR0\Partition2 - ok
18:22:22.0201 3284 ============================================================
18:22:22.0201 3284 Scan finished
18:22:22.0201 3284 ============================================================
18:22:22.0211 5780 Detected object count: 8
18:22:22.0211 5780 Actual detected object count: 8
18:22:31.0099 5780 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:31.0100 5780 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:31.0102 5780 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:31.0102 5780 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:31.0103 5780 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:31.0104 5780 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:31.0106 5780 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:31.0106 5780 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:31.0108 5780 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:31.0108 5780 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:31.0110 5780 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:31.0111 5780 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:31.0112 5780 [verify-U] ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:31.0113 5780 [verify-U] ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:31.0115 5780 [verify-U]_System ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:31.0115 5780 [verify-U]_System ( UnsignedFile.Multi.Generic ) - User select action: Skip


Alt 13.11.2012, 19:02   #6
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> GVU Trojaner

Alt 14.11.2012, 19:56   #7
dermarci
 
GVU Trojaner - Standard

GVU Trojaner



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-14.01 - Jana V**** 14.11.2012  19:31:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.1.1252.49.1031.18.3069.1913 [GMT 1:00]
ausgeführt von:: c:\users\Jana V****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\de_sres.data
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Jana V****\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Jana V****\Favorites\mxfilerelatedcache.mxc2
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\pt
c:\windows\system32\pt\smartfacevcp.dll.mui
c:\windows\system32\pt\toscdspd.cpl.mui
D:\install.exe
d:\temp\dfghjklö\ODDFiles\Tools\crtdll.dll
d:\temp\dfghjklö\ODDFiles\Tools\imagex.exe
d:\temp\dfghjklö\ODDFiles\Tools\vRecoFastCRC.exe
d:\temp\dfghjklö\ODDFiles\Tools\zlibwapi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-14 bis 2012-11-14  ))))))))))))))))))))))))))))))
.
.
2012-11-14 18:45 . 2012-11-14 18:45	--------	d-----w-	c:\users\Jana V****\AppData\Local\temp
2012-11-14 18:45 . 2012-11-14 18:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-11 19:03 . 2012-11-11 19:03	--------	d-----w-	c:\users\Jana V****\AppData\Local\Abelssoft
2012-11-11 19:03 . 2012-11-11 19:03	--------	d-----w-	c:\program files\CheckDrive
2012-11-06 22:01 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-11-06 22:01 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-11-06 22:01 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-11-06 22:01 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-11-06 22:01 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-11-06 22:01 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-11-06 22:01 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-11-06 22:01 . 2012-06-02 14:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-11-06 22:01 . 2012-06-02 14:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-11-06 19:48 . 2012-11-06 19:48	--------	d-----w-	c:\windows\system32\eu-ES
2012-11-06 19:48 . 2012-11-06 19:48	--------	d-----w-	c:\windows\system32\ca-ES
2012-11-06 19:48 . 2012-11-06 19:48	--------	d-----w-	c:\windows\system32\vi-VN
2012-11-06 19:14 . 2012-11-06 19:14	--------	d-----w-	c:\windows\system32\EventProviders
2012-11-06 18:58 . 2012-11-14 18:16	--------	d-----w-	c:\users\Jana V****\Tracing
2012-11-06 18:57 . 2012-11-06 18:57	--------	dc----w-	c:\windows\system32\DRVSTORE
2012-11-06 18:57 . 2010-04-28 06:44	54632	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2012-11-06 18:56 . 2012-11-06 18:56	--------	d-----w-	c:\program files\Microsoft Sync Framework
2012-11-06 18:55 . 2012-11-06 18:55	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2012-11-06 18:54 . 2012-11-06 18:58	--------	d-----w-	c:\program files\Microsoft
2012-11-06 18:53 . 2012-11-06 18:53	--------	d-----w-	c:\program files\Windows Live SkyDrive
2012-11-06 18:53 . 2012-11-06 18:57	--------	d-----w-	c:\program files\Windows Live
2012-11-06 18:42 . 2012-11-06 18:42	--------	d-----w-	c:\program files\Common Files\Windows Live
2012-11-06 01:24 . 2012-11-06 01:24	--------	d-----w-	c:\users\Jana V****\AppData\Roaming\Malwarebytes
2012-11-06 01:22 . 2012-11-06 01:22	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-06 01:22 . 2012-11-06 01:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-11-06 01:22 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-06 01:11 . 2012-11-06 01:11	73696	----a-w-	c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 01:11 . 2012-01-21 12:25	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29}"= "c:\users\Jana V****\AppData\Roaming\xplugin\toolbar.dll" [2011-09-05 633344]
.
[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-18272be37e29}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Jana V****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Jana V****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Jana V****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Jana V****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-03 29744]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
.
c:\users\Jana V****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Jana V****\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
[verify-U]-Software.lnk - c:\program files\[verify-U] AVS\[verify-U]-Software.exe [2010-10-19 475136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-10-4 295606]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe IE PA
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Corel File Shell Monitor"=c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 16:45]
.
2012-11-14 c:\windows\Tasks\CheckDriveBackgroundGuard.job
- c:\program files\CheckDrive\CheckDriveBackgroundGuard.exe [2012-11-11 09:37]
.
2012-11-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-08-21 16:47]
.
2012-11-04 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2012-09-06 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
2012-11-03 c:\windows\Tasks\ReclaimerUpdateFiles_Jana V****.job
- c:\users\Jana V****\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-08 17:39]
.
2012-11-11 c:\windows\Tasks\ReclaimerUpdateXML_Jana V****.job
- c:\users\Jana V****\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-08 17:39]
.
2012-11-14 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Jana V****.job
- c:\users\Jana V****\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-08 17:39]
.
2011-02-13 c:\windows\Tasks\User_Feed_Synchronization-{16CA3CE1-B041-46C6-984C-3C98780FB693}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: EXIF lesen - c:\program files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
IE: Free YouTube to Mp3 Converter - c:\users\Jana V****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1
DPF: {56924A80-972E-4238-9238-8CCEE7C6FB96} - hxxp://www.bluvista.tv/files/DownloadManager.cab
FF - ProfilePath - c:\users\Jana V****\AppData\Roaming\Mozilla\Firefox\Profiles\rxae95af.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Suche
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file)
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-10 - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-ryatz.exe - c:\users\Jana V****\AppData\Roaming\Asevif\ryatz.exe
AddRemove-Kalender - c:\windows\Uninstall_tkexe -kalender
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-11-14 19:46
Windows 6.0.6002 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
"ImagePath"="\"c:\program files\
[verify-U] AVS\[verify-U]-Service.exe\""
.
"ImagePath"="system32\drivers\
[verify-U]-driver.sys"
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\[verify-U]]
"ImagePath"="\"c:\program files\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\[verify-U]_System]
"ImagePath"="system32\drivers\
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-14  19:49:05
ComboFix-quarantined-files.txt  2012-11-14 18:48
.
Vor Suchlauf: 8.365.469.696 Bytes frei
Nach Suchlauf: 8.735.334.400 Bytes frei
.
- - End Of File - - 9A51E1DDCCCD8E7A471CB6EB9A212DDA
         
--- --- ---

Alt 16.11.2012, 14:22   #8
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.11.2012, 10:19   #9
dermarci
 
GVU Trojaner - Standard

GVU Trojaner



Soweit ich das sehe, keine Veränderung zu Post #3 unten.
Das ursprünglich Log, mit den gelöschten Funden, steht noch in Post #1.

Hier die aktuelle Logfile:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.16.09

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Jana V**** :: JANAV****-PC [Administrator]

16.11.2012 21:24:37
mbam-log-2012-11-16 (21-24-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 468817
Laufzeit: 2 Stunde(n), 50 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 19.11.2012, 18:37   #10
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



hmm, dann machen wir das Gerät gleich neu.
Bis wir die Software Probleme gelöst haben, und dann die updates aufgespielt haben, sind wir so schneller durch.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.11.2012, 13:17   #11
dermarci
 
GVU Trojaner - Standard

GVU Trojaner



hi,

sorry für den zwischenpost. wollte nur bescheid geben, dass ich jetzt erfahren habe, dass der rechner vom vater meiner freundin eingerichtet wurde, und bei dem ihm auch die ganzen cds liegen. (z. B. die vista-cd)

nur wohnt der ne ganze ecke entfernt. daher geht's hier vor weihnachten wohl auch nicht weiter.

ich werde dann aber auf jeden fall nach deiner anleitung weiter machen. danke bis hierhin schonmal.

oder wäre es vielleicht sinnvoll in diesem zusammenhang gleich auf windows 7 umzustellen?

Alt 27.11.2012, 16:57   #12
markusg
/// Malware-holic
 
GVU Trojaner - Standard

GVU Trojaner



hi
Führe mal den Microsoft upgrade advisor aus:
Download: Windows 7 Upgrade Advisor - Microsoft Download Center - Download Details
Dann sollten wir sehen, ob der PC Windows tauglich ist
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU Trojaner
autorun, avira, bho, browser, canon, converter, diagnostics, error, failed, firefox, flash player, format, helper, home, iexplore.exe, install.exe, intranet, logfile, mozilla, mp3, office 2007, pirates, plug-in, realtek, registry, rundll, scan, security, software, svchost.exe, trojaner, vista



Zum Thema GVU Trojaner - Hi, auch meine Freundin hats erwischt... bzw. besser gesagt: Uns hat es auf ihrem Rechner erwischt. Ohne viel Worte hier die Logs. Nur eins: Toll, dass ihr das hier macht! - GVU Trojaner...
Archiv
Du betrachtest: GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.