| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner: trojan.reveton und exploit.dropWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.12.2012, 13:54
| #1 |
 |  GVU-Trojaner: trojan.reveton und exploit.drop Hallo, ich habe mir leider den GVU-Trojaner eingefangen (Java...). Hier wären mal die zwei Logfiles von Avira und Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.23.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Home :: HOME-PC [Administrator] 23.12.2012 12:02:44 mbam-log-2012-12-23 (13-34-38) logdatei malwarebites.txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 337459 Laufzeit: 35 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-4ad832e4 (Trojan.Reveton) -> Keine Aktion durchgeführt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 21. Dezember 2012 21:52
Es wird nach 4605120 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Abgesicherter Modus
Benutzername : Home
Computername : HOME-PC
Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 17:27:19
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 04.07.2012 18:23:48
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 18:22:55
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 20:52:26
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 21:27:43
VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 21:27:44
VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 21:27:44
VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 21:27:44
VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 21:27:44
VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 21:27:44
VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 21:27:44
VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 19:30:18
VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 20:13:25
VBASE016.VDF : 7.11.51.221 164352 Bytes 29.11.2012 13:19:53
VBASE017.VDF : 7.11.52.29 158208 Bytes 01.12.2012 13:38:58
VBASE018.VDF : 7.11.52.91 116736 Bytes 03.12.2012 15:43:24
VBASE019.VDF : 7.11.52.151 137728 Bytes 05.12.2012 15:43:24
VBASE020.VDF : 7.11.52.225 157696 Bytes 06.12.2012 10:14:33
VBASE021.VDF : 7.11.53.35 126976 Bytes 08.12.2012 10:14:33
VBASE022.VDF : 7.11.53.55 225792 Bytes 09.12.2012 10:14:33
VBASE023.VDF : 7.11.53.93 157184 Bytes 10.12.2012 22:04:07
VBASE024.VDF : 7.11.53.169 153088 Bytes 12.12.2012 09:00:59
VBASE025.VDF : 7.11.53.237 152064 Bytes 14.12.2012 15:16:40
VBASE026.VDF : 7.11.54.23 149504 Bytes 17.12.2012 21:07:04
VBASE027.VDF : 7.11.54.67 130048 Bytes 18.12.2012 22:08:22
VBASE028.VDF : 7.11.54.68 2048 Bytes 18.12.2012 22:08:22
VBASE029.VDF : 7.11.54.69 2048 Bytes 18.12.2012 22:08:22
VBASE030.VDF : 7.11.54.70 2048 Bytes 18.12.2012 22:08:22
VBASE031.VDF : 7.11.54.144 269824 Bytes 21.12.2012 13:53:14
Engineversion : 8.2.10.224
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 17:13:50
AESCRIPT.DLL : 8.1.4.78 467323 Bytes 21.12.2012 13:53:17
AESCN.DLL : 8.1.10.0 131445 Bytes 14.12.2012 09:01:02
AESBX.DLL : 8.2.5.12 606578 Bytes 04.07.2012 18:23:46
AERDL.DLL : 8.2.0.74 643445 Bytes 08.11.2012 08:42:08
AEPACK.DLL : 8.3.1.2 819574 Bytes 21.12.2012 13:53:17
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 19:29:02
AEHEUR.DLL : 8.1.4.168 5628280 Bytes 21.12.2012 13:53:16
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 16:21:11
AEGEN.DLL : 8.1.6.12 434549 Bytes 14.12.2012 09:01:01
AEEXP.DLL : 8.3.0.4 184692 Bytes 21.12.2012 13:53:18
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 17:13:30
AECORE.DLL : 8.1.30.0 201079 Bytes 14.12.2012 09:01:01
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 19:29:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 17:27:18
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 17:27:18
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 08.08.2012 19:39:23
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 08.08.2012 19:39:10
RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 17:27:17
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Freitag, 21. Dezember 2012 21:52
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Treiber konnte nicht initialisiert werden.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '90' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '12224' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <WINDOWS>
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\md39k90p.default\Cache.Trash13654\A\0F\519ABd01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.85
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\md39k90p.default\Cache.Trash13654\A\B3\68028d01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.85
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\md39k90p.default\Cache.Trash13654\B\FB\D4AD6d01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.85
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\md39k90p.default\Cache.Trash13654\D\87\1D7F4d01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.85
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\md39k90p.default\Cache.Trash13654\F\56\0F708d01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.92
Beginne mit der Suche in 'D:\' <Data>
Beginne mit der Desinfektion:
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\md39k90p.default\Cache.Trash13654\F\56\0F708d01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.92
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5492a1fc.qua' verschoben!
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\md39k90p.default\Cache.Trash13654\D\87\1D7F4d01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.85
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c058e59.qua' verschoben!
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\md39k90p.default\Cache.Trash13654\B\FB\D4AD6d01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.85
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e40d4a1.qua' verschoben!
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\md39k90p.default\Cache.Trash13654\A\B3\68028d01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.85
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '78649b6f.qua' verschoben!
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\md39k90p.default\Cache.Trash13654\A\0F\519ABd01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.85
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3debb65a.qua' verschoben!
Ende des Suchlaufs: Samstag, 22. Dezember 2012 01:38
Benötigte Zeit: 53:37 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
33904 Verzeichnisse wurden überprüft
383593 Dateien wurden geprüft
5 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
5 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
383588 Dateien ohne Befall
5140 Archive wurden durchsucht
0 Warnungen
5 Hinweise
Danke im Voraus... crocodile Nur noch zur Anmerkung, da ich das gleiche Problem ja schon einmal hatte: diesesmal ist es ist der Laptop meiner Schwester. Dank eines Wiederherstellungspunktes läuft er bis jetzt recht flüssig. viele Grüße crocodile |
|
23.12.2012, 20:28
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU-Trojaner: trojan.reveton und exploit.drop Hallo,
__________________Zitat:
__________________ |
|
24.12.2012, 17:57
| #3 |
| | GVU-Trojaner: trojan.reveton und exploit.dropCode:
ATTFilter OTL logfile created on: 24.12.2012 17:44:14 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 63,46% Memory free 7,72 Gb Paging File | 6,09 Gb Available in Paging File | 78,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 104,10 Gb Free Space | 69,85% Space Free | Partition Type: NTFS Drive D: | 148,65 Gb Total Space | 140,58 Gb Free Space | 94,57% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: Home | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.23 14:05:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe PRC - [2012.11.22 03:03:30 | 028,791,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.08 20:39:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.08.27 17:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe PRC - [2010.06.03 16:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.07.28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe ========== Modules (No Company Name) ========== MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.10.05 20:51:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2012.12.14 20:05:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.12 15:54:14 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.09.28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.27 17:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2010.05.11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.02.05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV - [2010.01.28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.10.06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.28 07:19:33 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.05 21:23:18 | 007,884,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.05 20:15:14 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.09.15 08:46:14 | 000,060,288 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10) DRV:64bit: - [2010.06.23 16:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.04.28 11:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010.03.22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2010.03.10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.01.15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.01.07 09:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{9100891C-4EA9-47F7-90B7-E69EAE105DF2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0983608B-031F-4040-83DC-561014255CA0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/die_wichtigsten_nachrichten_als_video/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{7831094E-9EFE-405C-9E3B-F04E45EF3D2F}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKCU\..\SearchScopes\{C2D705D6-95B1-4B51-9D7C-D633786398FE}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/100sekunden/|https://ovidius.uni-tuebingen.de/ilias3/ilias.php?baseClass=ilPersonalDesktopGUI" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.14 20:05:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.14 20:05:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.14 20:05:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.14 20:05:53 | 000,000,000 | ---D | M] [2011.02.12 13:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions [2012.12.18 13:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\md39k90p.default\extensions [2012.09.07 08:30:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\md39k90p.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.12.18 13:41:11 | 000,532,971 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.11.23 15:52:43 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.21 14:54:39 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-1.xml [2012.01.25 17:07:25 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-10.xml [2012.04.04 08:36:48 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-11.xml [2012.04.10 14:03:23 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-12.xml [2012.04.24 21:30:19 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-13.xml [2012.09.01 14:18:16 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-14.xml [2012.09.23 12:13:46 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-15.xml [2012.09.23 20:05:30 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-16.xml [2011.05.29 12:45:19 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-2.xml [2011.07.02 09:41:21 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-3.xml [2011.08.03 12:38:01 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-4.xml [2011.09.15 21:19:00 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-5.xml [2011.10.04 15:13:23 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-6.xml [2011.11.17 13:49:44 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-7.xml [2011.12.02 20:21:24 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-8.xml [2011.12.30 19:53:09 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-9.xml [2011.04.29 10:22:40 | 000,001,056 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin.xml [2012.12.14 20:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.12.14 20:05:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.07.07 15:12:08 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101115212137.dll File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110213124945.dll File not found O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKCU..\Run: [HP Officejet 6700 (NET)] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FD2ADC3-00F5-4C4C-8F79-5BC536E6F8A9}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1C680D7-D66C-472D-B81F-89243DD65C09}: DhcpNameServer = 82.212.62.62 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.23 14:05:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2012.12.23 11:46:27 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.23 11:46:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.23 11:46:26 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.23 11:46:26 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.17 10:35:05 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Chemie Protokolle [2012.12.14 20:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.12 18:19:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.12 18:19:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.12 18:19:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.12 18:19:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.12 18:19:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.12 18:19:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.12 18:19:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.12 18:19:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.12 18:19:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.12 18:19:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.12 18:19:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.12 18:19:52 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.12 18:19:51 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.12 18:19:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.12 18:19:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.12 14:13:22 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 14:13:22 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 14:13:22 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 14:13:22 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 14:13:21 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 14:13:21 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 14:13:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 14:13:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 14:13:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 14:13:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 14:13:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 14:13:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 14:13:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 14:13:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 14:13:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 14:13:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 14:13:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 14:13:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 14:13:06 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 14:13:06 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Home\*.tmp files -> C:\Users\Home\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.24 17:41:25 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.24 17:41:25 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.24 17:41:25 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.24 17:41:25 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.24 17:41:25 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.24 17:37:36 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.24 17:37:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.23 16:18:06 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.23 16:18:06 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.23 16:10:38 | 000,417,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.23 16:10:11 | 3110,080,512 | -HS- | M] () -- C:\hiberfil.sys [2012.12.23 14:05:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2012.12.23 11:58:12 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.22 09:02:45 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.18 13:48:31 | 000,116,469 | ---- | M] () -- C:\Users\Home\Documents\Scan0005.jpg [2012.12.17 11:30:18 | 000,124,292 | ---- | M] () -- C:\Users\Home\Documents\Scan0004.jpg [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.12 15:54:14 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.12 15:54:14 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.10 20:23:05 | 000,022,528 | -H-- | M] () -- C:\Users\Home\Desktop\photothumb.db [2012.12.10 18:30:21 | 000,156,280 | ---- | M] () -- C:\Users\Home\Documents\Scan0003.jpg [2012.12.10 11:46:43 | 000,205,657 | ---- | M] () -- C:\Users\Home\Documents\Scan0002.jpg [2012.12.10 11:37:09 | 000,185,057 | ---- | M] () -- C:\Users\Home\Documents\Scan0001.jpg [2012.11.27 14:49:13 | 000,001,055 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.11.27 14:49:07 | 000,001,021 | ---- | M] () -- C:\Users\Home\Desktop\Dropbox.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Home\*.tmp files -> C:\Users\Home\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.23 11:58:12 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.21 21:32:24 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.18 13:48:31 | 000,116,469 | ---- | C] () -- C:\Users\Home\Documents\Scan0005.jpg [2012.12.17 11:30:18 | 000,124,292 | ---- | C] () -- C:\Users\Home\Documents\Scan0004.jpg [2012.12.10 18:30:21 | 000,156,280 | ---- | C] () -- C:\Users\Home\Documents\Scan0003.jpg [2012.12.10 11:46:43 | 000,205,657 | ---- | C] () -- C:\Users\Home\Documents\Scan0002.jpg [2012.12.10 11:37:09 | 000,185,057 | ---- | C] () -- C:\Users\Home\Documents\Scan0001.jpg [2012.10.18 14:56:12 | 000,003,584 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.10 18:58:47 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.06.13 19:53:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.11.23 14:11:50 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.11.23 14:11:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.12.28 07:28:54 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2010.12.28 07:24:02 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Sorry, war der normale Scan, die beiden Logs des QuickScans folgen gleich... |
|
24.12.2012, 18:07
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner: trojan.reveton und exploit.drop Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.12.2012, 12:14
| #5 |
| | GVU-Trojaner: trojan.reveton und exploit.dropCode:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.24.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Home :: HOME-PC [administrator]
24.12.2012 18:45:04
mbar-log-2012-12-24 (18-45-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29951
Time elapsed: 6 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.27.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Home :: HOME-PC [administrator]
27.12.2012 12:11:08
mbar-log-2012-12-27 (12-11-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29947
Time elapsed: 10 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
27.12.2012, 12:45
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner: trojan.reveton und exploit.drop 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> GVU-Trojaner: trojan.reveton und exploit.drop |
|
27.12.2012, 13:42
| #7 |
| | GVU-Trojaner: trojan.reveton und exploit.dropCode:
ATTFilter 13:38:52.0041 5124 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:38:52.0181 5124 ============================================================
13:38:52.0181 5124 Current date / time: 2012/12/27 13:38:52.0181
13:38:52.0181 5124 SystemInfo:
13:38:52.0181 5124
13:38:52.0181 5124 OS Version: 6.1.7601 ServicePack: 1.0
13:38:52.0181 5124 Product type: Workstation
13:38:52.0181 5124 ComputerName: HOME-PC
13:38:52.0181 5124 UserName: Home
13:38:52.0181 5124 Windows directory: C:\Windows
13:38:52.0181 5124 System windows directory: C:\Windows
13:38:52.0181 5124 Running under WOW64
13:38:52.0181 5124 Processor architecture: Intel x64
13:38:52.0181 5124 Number of processors: 4
13:38:52.0181 5124 Page size: 0x1000
13:38:52.0181 5124 Boot type: Normal boot
13:38:52.0181 5124 ============================================================
13:38:52.0727 5124 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:38:52.0727 5124 ============================================================
13:38:52.0727 5124 \Device\Harddisk0\DR0:
13:38:52.0727 5124 MBR partitions:
13:38:52.0727 5124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000
13:38:52.0727 5124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000
13:38:52.0727 5124 ============================================================
13:38:52.0758 5124 C: <-> \Device\Harddisk0\DR0\Partition1
13:38:52.0789 5124 D: <-> \Device\Harddisk0\DR0\Partition2
13:38:52.0789 5124 ============================================================
13:38:52.0789 5124 Initialize success
13:38:52.0789 5124 ============================================================
13:39:45.0751 4112 ============================================================
13:39:45.0751 4112 Scan started
13:39:45.0751 4112 Mode: Manual; SigCheck; TDLFS;
13:39:45.0751 4112 ============================================================
13:39:46.0017 4112 ================ Scan system memory ========================
13:39:46.0017 4112 System memory - ok
13:39:46.0017 4112 ================ Scan services =============================
13:39:46.0219 4112 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:39:46.0422 4112 1394ohci - ok
13:39:46.0453 4112 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:39:46.0469 4112 ACPI - ok
13:39:46.0500 4112 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:39:46.0609 4112 AcpiPmi - ok
13:39:46.0734 4112 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:39:46.0765 4112 AdobeARMservice - ok
13:39:46.0890 4112 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:39:46.0921 4112 AdobeFlashPlayerUpdateSvc - ok
13:39:46.0968 4112 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:39:47.0015 4112 adp94xx - ok
13:39:47.0046 4112 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:39:47.0062 4112 adpahci - ok
13:39:47.0093 4112 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:39:47.0109 4112 adpu320 - ok
13:39:47.0124 4112 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:39:47.0296 4112 AeLookupSvc - ok
13:39:47.0343 4112 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:39:47.0421 4112 AFD - ok
13:39:47.0467 4112 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:39:47.0483 4112 agp440 - ok
13:39:47.0514 4112 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:39:47.0592 4112 ALG - ok
13:39:47.0639 4112 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:39:47.0655 4112 aliide - ok
13:39:47.0686 4112 [ F581CE4A97766833FBBC8581734E2BBF ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:39:47.0779 4112 AMD External Events Utility - ok
13:39:47.0795 4112 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:39:47.0826 4112 amdide - ok
13:39:47.0857 4112 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:39:47.0935 4112 AmdK8 - ok
13:39:48.0123 4112 [ 91890B3670C129E2B3466D2AFAE05EAC ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:39:48.0372 4112 amdkmdag - ok
13:39:48.0403 4112 [ CC5B75D4A24E7493408510D061DF51AA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:39:48.0435 4112 amdkmdap - ok
13:39:48.0466 4112 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:39:48.0513 4112 AmdPPM - ok
13:39:48.0559 4112 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:39:48.0591 4112 amdsata - ok
13:39:48.0622 4112 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:39:48.0637 4112 amdsbs - ok
13:39:48.0653 4112 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:39:48.0669 4112 amdxata - ok
13:39:48.0778 4112 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:39:48.0809 4112 AntiVirSchedulerService - ok
13:39:48.0840 4112 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:39:48.0856 4112 AntiVirService - ok
13:39:48.0903 4112 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:39:49.0090 4112 AppID - ok
13:39:49.0121 4112 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:39:49.0199 4112 AppIDSvc - ok
13:39:49.0246 4112 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:39:49.0339 4112 Appinfo - ok
13:39:49.0433 4112 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:39:49.0449 4112 Apple Mobile Device - ok
13:39:49.0495 4112 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:39:49.0511 4112 arc - ok
13:39:49.0527 4112 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:39:49.0542 4112 arcsas - ok
13:39:49.0573 4112 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:39:49.0667 4112 AsyncMac - ok
13:39:49.0729 4112 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:39:49.0745 4112 atapi - ok
13:39:49.0807 4112 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:39:49.0901 4112 AudioEndpointBuilder - ok
13:39:49.0917 4112 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:39:49.0948 4112 AudioSrv - ok
13:39:49.0995 4112 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:39:50.0026 4112 avgntflt - ok
13:39:50.0088 4112 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:39:50.0104 4112 avipbb - ok
13:39:50.0119 4112 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:39:50.0135 4112 avkmgr - ok
13:39:50.0166 4112 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:39:50.0275 4112 AxInstSV - ok
13:39:50.0322 4112 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:39:50.0385 4112 b06bdrv - ok
13:39:50.0416 4112 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:39:50.0463 4112 b57nd60a - ok
13:39:50.0525 4112 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:39:50.0587 4112 BDESVC - ok
13:39:50.0603 4112 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:39:50.0681 4112 Beep - ok
13:39:50.0759 4112 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:39:50.0837 4112 BFE - ok
13:39:50.0868 4112 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:39:50.0931 4112 BITS - ok
13:39:50.0962 4112 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:39:51.0009 4112 blbdrive - ok
13:39:51.0102 4112 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:39:51.0133 4112 Bonjour Service - ok
13:39:51.0180 4112 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:39:51.0227 4112 bowser - ok
13:39:51.0258 4112 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:39:51.0352 4112 BrFiltLo - ok
13:39:51.0367 4112 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:39:51.0399 4112 BrFiltUp - ok
13:39:51.0430 4112 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:39:51.0477 4112 Browser - ok
13:39:51.0508 4112 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:39:51.0601 4112 Brserid - ok
13:39:51.0617 4112 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:39:51.0648 4112 BrSerWdm - ok
13:39:51.0679 4112 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:39:51.0742 4112 BrUsbMdm - ok
13:39:51.0757 4112 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:39:51.0789 4112 BrUsbSer - ok
13:39:51.0835 4112 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:39:51.0882 4112 BTHMODEM - ok
13:39:51.0929 4112 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:39:51.0991 4112 bthserv - ok
13:39:52.0007 4112 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:39:52.0054 4112 cdfs - ok
13:39:52.0101 4112 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:39:52.0147 4112 cdrom - ok
13:39:52.0210 4112 [ 7E83E47BD1FF93E11CD69F1AD65A9581 ] CeKbFilter C:\Windows\system32\DRIVERS\CeKbFilter.sys
13:39:52.0225 4112 CeKbFilter - ok
13:39:52.0272 4112 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:39:52.0350 4112 CertPropSvc - ok
13:39:52.0444 4112 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
13:39:52.0475 4112 cfWiMAXService - ok
13:39:52.0491 4112 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:39:52.0537 4112 circlass - ok
13:39:52.0584 4112 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:39:52.0615 4112 CLFS - ok
13:39:52.0693 4112 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:39:52.0709 4112 clr_optimization_v2.0.50727_32 - ok
13:39:52.0756 4112 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:39:52.0787 4112 clr_optimization_v2.0.50727_64 - ok
13:39:52.0849 4112 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:39:52.0881 4112 clr_optimization_v4.0.30319_32 - ok
13:39:52.0912 4112 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:39:52.0927 4112 clr_optimization_v4.0.30319_64 - ok
13:39:52.0974 4112 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:39:53.0021 4112 CmBatt - ok
13:39:53.0052 4112 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:39:53.0083 4112 cmdide - ok
13:39:53.0130 4112 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:39:53.0177 4112 CNG - ok
13:39:53.0208 4112 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:39:53.0224 4112 Compbatt - ok
13:39:53.0255 4112 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:39:53.0302 4112 CompositeBus - ok
13:39:53.0333 4112 COMSysApp - ok
13:39:53.0349 4112 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
13:39:53.0364 4112 ConfigFree Service - ok
13:39:53.0395 4112 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:39:53.0411 4112 crcdisk - ok
13:39:53.0442 4112 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:39:53.0505 4112 CryptSvc - ok
13:39:53.0536 4112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:39:53.0629 4112 DcomLaunch - ok
13:39:53.0661 4112 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:39:53.0723 4112 defragsvc - ok
13:39:53.0770 4112 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:39:53.0832 4112 DfsC - ok
13:39:53.0895 4112 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:39:53.0957 4112 Dhcp - ok
13:39:53.0988 4112 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:39:54.0035 4112 discache - ok
13:39:54.0082 4112 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:39:54.0113 4112 Disk - ok
13:39:54.0160 4112 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:39:54.0191 4112 Dnscache - ok
13:39:54.0238 4112 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:39:54.0316 4112 dot3svc - ok
13:39:54.0331 4112 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:39:54.0425 4112 DPS - ok
13:39:54.0456 4112 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:39:54.0503 4112 drmkaud - ok
13:39:54.0565 4112 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:39:54.0612 4112 DXGKrnl - ok
13:39:54.0643 4112 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:39:54.0721 4112 EapHost - ok
13:39:54.0815 4112 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:39:54.0955 4112 ebdrv - ok
13:39:54.0987 4112 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:39:55.0049 4112 EFS - ok
13:39:55.0127 4112 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:39:55.0205 4112 ehRecvr - ok
13:39:55.0236 4112 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:39:55.0314 4112 ehSched - ok
13:39:55.0361 4112 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:39:55.0408 4112 elxstor - ok
13:39:55.0408 4112 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:39:55.0455 4112 ErrDev - ok
13:39:55.0517 4112 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:39:55.0595 4112 EventSystem - ok
13:39:55.0611 4112 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:39:55.0689 4112 exfat - ok
13:39:55.0720 4112 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:39:55.0813 4112 fastfat - ok
13:39:55.0876 4112 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:39:55.0954 4112 Fax - ok
13:39:55.0969 4112 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:39:56.0001 4112 fdc - ok
13:39:56.0032 4112 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:39:56.0110 4112 fdPHost - ok
13:39:56.0141 4112 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:39:56.0203 4112 FDResPub - ok
13:39:56.0250 4112 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:39:56.0281 4112 FileInfo - ok
13:39:56.0281 4112 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:39:56.0391 4112 Filetrace - ok
13:39:56.0391 4112 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:39:56.0406 4112 flpydisk - ok
13:39:56.0453 4112 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:39:56.0484 4112 FltMgr - ok
13:39:56.0531 4112 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:39:56.0578 4112 FontCache - ok
13:39:56.0640 4112 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:39:56.0671 4112 FontCache3.0.0.0 - ok
13:39:56.0703 4112 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:39:56.0718 4112 FsDepends - ok
13:39:56.0749 4112 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:39:56.0781 4112 Fs_Rec - ok
13:39:56.0827 4112 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:39:56.0843 4112 fvevol - ok
13:39:56.0874 4112 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:39:56.0890 4112 gagp30kx - ok
13:39:56.0921 4112 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:39:56.0921 4112 GEARAspiWDM - ok
13:39:56.0968 4112 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:39:57.0061 4112 gpsvc - ok
13:39:57.0077 4112 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:39:57.0108 4112 hcw85cir - ok
13:39:57.0171 4112 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:39:57.0202 4112 HdAudAddService - ok
13:39:57.0217 4112 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:39:57.0264 4112 HDAudBus - ok
13:39:57.0311 4112 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:39:57.0327 4112 HECIx64 - ok
13:39:57.0358 4112 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:39:57.0389 4112 HidBatt - ok
13:39:57.0420 4112 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:39:57.0451 4112 HidBth - ok
13:39:57.0483 4112 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:39:57.0514 4112 HidIr - ok
13:39:57.0545 4112 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:39:57.0607 4112 hidserv - ok
13:39:57.0670 4112 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:39:57.0701 4112 HidUsb - ok
13:39:57.0748 4112 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:39:57.0826 4112 hkmsvc - ok
13:39:57.0857 4112 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:39:57.0919 4112 HomeGroupListener - ok
13:39:57.0966 4112 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:39:57.0997 4112 HomeGroupProvider - ok
13:39:58.0060 4112 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:39:58.0091 4112 HpSAMD - ok
13:39:58.0153 4112 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:39:58.0263 4112 HTTP - ok
13:39:58.0294 4112 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:39:58.0294 4112 hwpolicy - ok
13:39:58.0341 4112 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:39:58.0372 4112 i8042prt - ok
13:39:58.0403 4112 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:39:58.0419 4112 iaStor - ok
13:39:58.0465 4112 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:39:58.0497 4112 iaStorV - ok
13:39:58.0606 4112 [ 4DE2EE2A5186D74BABC4E7F60D2AE989 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
13:39:58.0668 4112 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
13:39:58.0668 4112 IconMan_R - detected UnsignedFile.Multi.Generic (1)
13:39:58.0731 4112 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:39:58.0762 4112 idsvc - ok
13:39:58.0824 4112 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:39:58.0840 4112 iirsp - ok
13:39:58.0902 4112 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:39:58.0996 4112 IKEEXT - ok
13:39:59.0105 4112 [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:39:59.0167 4112 IntcAzAudAddService - ok
13:39:59.0183 4112 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:39:59.0199 4112 intelide - ok
13:39:59.0230 4112 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:39:59.0261 4112 intelppm - ok
13:39:59.0323 4112 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:39:59.0386 4112 IPBusEnum - ok
13:39:59.0433 4112 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:39:59.0495 4112 IpFilterDriver - ok
13:39:59.0573 4112 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:39:59.0620 4112 iphlpsvc - ok
13:39:59.0651 4112 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:39:59.0698 4112 IPMIDRV - ok
13:39:59.0760 4112 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:39:59.0823 4112 IPNAT - ok
13:39:59.0885 4112 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:39:59.0932 4112 iPod Service - ok
13:39:59.0947 4112 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:40:00.0041 4112 IRENUM - ok
13:40:00.0072 4112 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:40:00.0072 4112 isapnp - ok
13:40:00.0119 4112 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:40:00.0150 4112 iScsiPrt - ok
13:40:00.0166 4112 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:40:00.0181 4112 kbdclass - ok
13:40:00.0197 4112 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:40:00.0244 4112 kbdhid - ok
13:40:00.0259 4112 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:40:00.0275 4112 KeyIso - ok
13:40:00.0306 4112 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:40:00.0337 4112 KSecDD - ok
13:40:00.0369 4112 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:40:00.0384 4112 KSecPkg - ok
13:40:00.0415 4112 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:40:00.0493 4112 ksthunk - ok
13:40:00.0525 4112 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:40:00.0587 4112 KtmRm - ok
13:40:00.0634 4112 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:40:00.0696 4112 LanmanServer - ok
13:40:00.0727 4112 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:40:00.0805 4112 LanmanWorkstation - ok
13:40:00.0852 4112 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:40:00.0930 4112 lltdio - ok
13:40:00.0977 4112 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:40:01.0071 4112 lltdsvc - ok
13:40:01.0102 4112 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:40:01.0149 4112 lmhosts - ok
13:40:01.0211 4112 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:40:01.0227 4112 LMS - ok
13:40:01.0289 4112 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
13:40:01.0305 4112 LPCFilter - ok
13:40:01.0336 4112 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:40:01.0351 4112 LSI_FC - ok
13:40:01.0383 4112 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:40:01.0383 4112 LSI_SAS - ok
13:40:01.0414 4112 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:40:01.0414 4112 LSI_SAS2 - ok
13:40:01.0445 4112 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:40:01.0461 4112 LSI_SCSI - ok
13:40:01.0492 4112 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:40:01.0570 4112 luafv - ok
13:40:01.0632 4112 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:40:01.0663 4112 MBAMProtector - ok
13:40:01.0710 4112 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:40:01.0741 4112 MBAMScheduler - ok
13:40:01.0757 4112 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:40:01.0788 4112 MBAMService - ok
13:40:01.0819 4112 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:40:01.0866 4112 Mcx2Svc - ok
13:40:01.0897 4112 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:40:01.0929 4112 megasas - ok
13:40:01.0944 4112 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:40:01.0960 4112 MegaSR - ok
13:40:02.0007 4112 [ BA7E071E855D4C502916164A31B05D4D ] MHIKEY10 C:\Windows\system32\Drivers\MHIKEY10x64.sys
13:40:02.0053 4112 MHIKEY10 - ok
13:40:02.0085 4112 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:40:02.0194 4112 MMCSS - ok
13:40:02.0209 4112 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:40:02.0256 4112 Modem - ok
13:40:02.0303 4112 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:40:02.0350 4112 monitor - ok
13:40:02.0381 4112 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:40:02.0397 4112 mouclass - ok
13:40:02.0443 4112 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:40:02.0475 4112 mouhid - ok
13:40:02.0506 4112 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:40:02.0521 4112 mountmgr - ok
13:40:02.0584 4112 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:40:02.0599 4112 MozillaMaintenance - ok
13:40:02.0615 4112 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:40:02.0646 4112 mpio - ok
13:40:02.0677 4112 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:40:02.0740 4112 mpsdrv - ok
13:40:02.0787 4112 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:40:02.0880 4112 MpsSvc - ok
13:40:02.0911 4112 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:40:02.0927 4112 MRxDAV - ok
13:40:02.0958 4112 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:40:03.0021 4112 mrxsmb - ok
13:40:03.0052 4112 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:40:03.0099 4112 mrxsmb10 - ok
13:40:03.0114 4112 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:40:03.0130 4112 mrxsmb20 - ok
13:40:03.0177 4112 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:40:03.0192 4112 msahci - ok
13:40:03.0239 4112 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:40:03.0270 4112 msdsm - ok
13:40:03.0270 4112 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:40:03.0301 4112 MSDTC - ok
13:40:03.0317 4112 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:40:03.0348 4112 Msfs - ok
13:40:03.0364 4112 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:40:03.0411 4112 mshidkmdf - ok
13:40:03.0442 4112 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:40:03.0442 4112 msisadrv - ok
13:40:03.0473 4112 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:40:03.0567 4112 MSiSCSI - ok
13:40:03.0582 4112 msiserver - ok
13:40:03.0613 4112 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:40:03.0676 4112 MSKSSRV - ok
13:40:03.0707 4112 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:40:03.0754 4112 MSPCLOCK - ok
13:40:03.0785 4112 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:40:03.0847 4112 MSPQM - ok
13:40:03.0894 4112 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:40:03.0925 4112 MsRPC - ok
13:40:03.0957 4112 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:40:03.0972 4112 mssmbios - ok
13:40:04.0003 4112 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:40:04.0035 4112 MSTEE - ok
13:40:04.0050 4112 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:40:04.0081 4112 MTConfig - ok
13:40:04.0113 4112 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:40:04.0113 4112 Mup - ok
13:40:04.0159 4112 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:40:04.0253 4112 napagent - ok
13:40:04.0300 4112 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:40:04.0362 4112 NativeWifiP - ok
13:40:04.0425 4112 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:40:04.0471 4112 NDIS - ok
13:40:04.0487 4112 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:40:04.0565 4112 NdisCap - ok
13:40:04.0612 4112 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:40:04.0690 4112 NdisTapi - ok
13:40:04.0737 4112 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:40:04.0815 4112 Ndisuio - ok
13:40:04.0861 4112 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:40:04.0939 4112 NdisWan - ok
13:40:04.0971 4112 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:40:05.0017 4112 NDProxy - ok
13:40:05.0064 4112 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:40:05.0142 4112 NetBIOS - ok
13:40:05.0173 4112 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:40:05.0267 4112 NetBT - ok
13:40:05.0283 4112 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:40:05.0298 4112 Netlogon - ok
13:40:05.0345 4112 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:40:05.0407 4112 Netman - ok
13:40:05.0423 4112 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:40:05.0501 4112 netprofm - ok
13:40:05.0532 4112 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:40:05.0548 4112 NetTcpPortSharing - ok
13:40:05.0579 4112 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:40:05.0595 4112 nfrd960 - ok
13:40:05.0626 4112 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:40:05.0657 4112 NlaSvc - ok
13:40:05.0688 4112 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:40:05.0719 4112 Npfs - ok
13:40:05.0751 4112 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:40:05.0829 4112 nsi - ok
13:40:05.0844 4112 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:40:05.0922 4112 nsiproxy - ok
13:40:06.0000 4112 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:40:06.0063 4112 Ntfs - ok
13:40:06.0094 4112 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:40:06.0156 4112 Null - ok
13:40:06.0187 4112 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:40:06.0219 4112 nvraid - ok
13:40:06.0250 4112 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:40:06.0265 4112 nvstor - ok
13:40:06.0312 4112 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:40:06.0328 4112 nv_agp - ok
13:40:06.0328 4112 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:40:06.0359 4112 ohci1394 - ok
13:40:06.0421 4112 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:40:06.0437 4112 ose - ok
13:40:06.0593 4112 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:40:06.0780 4112 osppsvc - ok
13:40:06.0827 4112 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:40:06.0889 4112 p2pimsvc - ok
13:40:06.0905 4112 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:40:06.0936 4112 p2psvc - ok
13:40:06.0967 4112 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:40:06.0983 4112 Parport - ok
13:40:07.0030 4112 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:40:07.0030 4112 partmgr - ok
13:40:07.0061 4112 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:40:07.0092 4112 PcaSvc - ok
13:40:07.0139 4112 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:40:07.0155 4112 pci - ok
13:40:07.0170 4112 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:40:07.0170 4112 pciide - ok
13:40:07.0201 4112 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:40:07.0217 4112 pcmcia - ok
13:40:07.0233 4112 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:40:07.0248 4112 pcw - ok
13:40:07.0279 4112 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:40:07.0342 4112 PEAUTH - ok
13:40:07.0420 4112 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:40:07.0467 4112 PerfHost - ok
13:40:07.0529 4112 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
13:40:07.0529 4112 PGEffect - ok
13:40:07.0591 4112 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:40:07.0669 4112 pla - ok
13:40:07.0732 4112 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:40:07.0763 4112 PlugPlay - ok
13:40:07.0779 4112 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:40:07.0810 4112 PNRPAutoReg - ok
13:40:07.0841 4112 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:40:07.0857 4112 PNRPsvc - ok
13:40:07.0903 4112 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:40:07.0966 4112 PolicyAgent - ok
13:40:07.0997 4112 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:40:08.0091 4112 Power - ok
13:40:08.0137 4112 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:40:08.0215 4112 PptpMiniport - ok
13:40:08.0231 4112 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:40:08.0278 4112 Processor - ok
13:40:08.0325 4112 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:40:08.0356 4112 ProfSvc - ok
13:40:08.0371 4112 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:40:08.0387 4112 ProtectedStorage - ok
13:40:08.0434 4112 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:40:08.0496 4112 Psched - ok
13:40:08.0559 4112 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:40:08.0605 4112 ql2300 - ok
13:40:08.0621 4112 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:40:08.0621 4112 ql40xx - ok
13:40:08.0652 4112 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:40:08.0715 4112 QWAVE - ok
13:40:08.0746 4112 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:40:08.0808 4112 QWAVEdrv - ok
13:40:08.0824 4112 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:40:08.0886 4112 RasAcd - ok
13:40:08.0917 4112 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:40:08.0980 4112 RasAgileVpn - ok
13:40:08.0995 4112 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:40:09.0042 4112 RasAuto - ok
13:40:09.0089 4112 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:40:09.0151 4112 Rasl2tp - ok
13:40:09.0214 4112 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:40:09.0307 4112 RasMan - ok
13:40:09.0339 4112 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:40:09.0401 4112 RasPppoe - ok
13:40:09.0417 4112 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:40:09.0510 4112 RasSstp - ok
13:40:09.0557 4112 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:40:09.0635 4112 rdbss - ok
13:40:09.0666 4112 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:40:09.0713 4112 rdpbus - ok
13:40:09.0744 4112 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:40:09.0791 4112 RDPCDD - ok
13:40:09.0807 4112 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:40:09.0853 4112 RDPENCDD - ok
13:40:09.0885 4112 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:40:09.0916 4112 RDPREFMP - ok
13:40:09.0947 4112 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:40:10.0009 4112 RDPWD - ok
13:40:10.0056 4112 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:40:10.0072 4112 rdyboost - ok
13:40:10.0103 4112 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:40:10.0181 4112 RemoteAccess - ok
13:40:10.0212 4112 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:40:10.0259 4112 RemoteRegistry - ok
13:40:10.0275 4112 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:40:10.0337 4112 RpcEptMapper - ok
13:40:10.0353 4112 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:40:10.0384 4112 RpcLocator - ok
13:40:10.0415 4112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:40:10.0493 4112 RpcSs - ok
13:40:10.0524 4112 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:40:10.0618 4112 rspndr - ok
13:40:10.0649 4112 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
13:40:10.0665 4112 RSUSBSTOR - ok
13:40:10.0696 4112 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:40:10.0711 4112 RTL8167 - ok
13:40:10.0758 4112 [ FFC748D848740D1BC8F330A8879C2674 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
13:40:10.0805 4112 RTL8192Ce - ok
13:40:10.0821 4112 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:40:10.0836 4112 SamSs - ok
13:40:10.0867 4112 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:40:10.0883 4112 sbp2port - ok
13:40:10.0899 4112 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:40:10.0992 4112 SCardSvr - ok
13:40:11.0023 4112 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:40:11.0101 4112 scfilter - ok
13:40:11.0164 4112 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:40:11.0257 4112 Schedule - ok
13:40:11.0289 4112 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:40:11.0351 4112 SCPolicySvc - ok
13:40:11.0398 4112 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:40:11.0460 4112 SDRSVC - ok
13:40:11.0491 4112 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:40:11.0538 4112 secdrv - ok
13:40:11.0569 4112 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:40:11.0663 4112 seclogon - ok
13:40:11.0694 4112 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:40:11.0803 4112 SENS - ok
13:40:11.0819 4112 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:40:11.0866 4112 SensrSvc - ok
13:40:11.0881 4112 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:40:11.0897 4112 Serenum - ok
13:40:11.0944 4112 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:40:11.0975 4112 Serial - ok
13:40:12.0037 4112 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:40:12.0069 4112 sermouse - ok
13:40:12.0131 4112 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:40:12.0209 4112 SessionEnv - ok
13:40:12.0225 4112 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:40:12.0256 4112 sffdisk - ok
13:40:12.0271 4112 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:40:12.0318 4112 sffp_mmc - ok
13:40:12.0334 4112 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:40:12.0381 4112 sffp_sd - ok
13:40:12.0412 4112 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:40:12.0427 4112 sfloppy - ok
13:40:12.0474 4112 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:40:12.0552 4112 SharedAccess - ok
13:40:12.0599 4112 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:40:12.0661 4112 ShellHWDetection - ok
13:40:12.0693 4112 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:40:12.0708 4112 SiSRaid2 - ok
13:40:12.0724 4112 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:40:12.0724 4112 SiSRaid4 - ok
13:40:12.0802 4112 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:40:12.0817 4112 SkypeUpdate - ok
13:40:12.0849 4112 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:40:12.0895 4112 Smb - ok
13:40:12.0927 4112 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:40:12.0973 4112 SNMPTRAP - ok
13:40:12.0989 4112 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:40:13.0005 4112 spldr - ok
13:40:13.0051 4112 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:40:13.0098 4112 Spooler - ok
13:40:13.0207 4112 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:40:13.0379 4112 sppsvc - ok
13:40:13.0395 4112 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:40:13.0473 4112 sppuinotify - ok
13:40:13.0519 4112 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:40:13.0566 4112 srv - ok
13:40:13.0597 4112 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:40:13.0629 4112 srv2 - ok
13:40:13.0675 4112 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:40:13.0707 4112 srvnet - ok
13:40:13.0753 4112 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:40:13.0831 4112 SSDPSRV - ok
13:40:13.0847 4112 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:40:13.0878 4112 SstpSvc - ok
13:40:13.0909 4112 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:40:13.0925 4112 stexstor - ok
13:40:13.0956 4112 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
13:40:14.0003 4112 StillCam - ok
13:40:14.0065 4112 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:40:14.0143 4112 stisvc - ok
13:40:14.0175 4112 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:40:14.0190 4112 swenum - ok
13:40:14.0221 4112 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:40:14.0284 4112 swprv - ok
13:40:14.0362 4112 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:40:14.0393 4112 SynTP - ok
13:40:14.0455 4112 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:40:14.0518 4112 SysMain - ok
13:40:14.0549 4112 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:40:14.0565 4112 TabletInputService - ok
13:40:14.0580 4112 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:40:14.0643 4112 TapiSrv - ok
13:40:14.0674 4112 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:40:14.0736 4112 TBS - ok
13:40:14.0814 4112 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:40:14.0877 4112 Tcpip - ok
13:40:14.0923 4112 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:40:14.0970 4112 TCPIP6 - ok
13:40:15.0001 4112 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:40:15.0033 4112 tcpipreg - ok
13:40:15.0126 4112 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
13:40:15.0142 4112 tdcmdpst - ok
13:40:15.0157 4112 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:40:15.0204 4112 TDPIPE - ok
13:40:15.0235 4112 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:40:15.0267 4112 TDTCP - ok
13:40:15.0313 4112 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:40:15.0391 4112 tdx - ok
13:40:15.0438 4112 [ 40E154B3125E17CE6F2AFAD57AFCFEB2 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
13:40:15.0469 4112 TemproMonitoringService - ok
13:40:15.0501 4112 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:40:15.0516 4112 TermDD - ok
13:40:15.0547 4112 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:40:15.0594 4112 TermService - ok
13:40:15.0641 4112 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:40:15.0688 4112 Themes - ok
13:40:15.0703 4112 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:40:15.0750 4112 THREADORDER - ok
13:40:15.0813 4112 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
13:40:15.0828 4112 TMachInfo - ok
13:40:15.0859 4112 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
13:40:15.0875 4112 TODDSrv - ok
13:40:15.0953 4112 [ DB9719688C08F42705FEB3F6A0C98B91 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
13:40:15.0984 4112 TosCoSrv - ok
13:40:16.0031 4112 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
13:40:16.0031 4112 TOSHIBA HDD SSD Alert Service - ok
13:40:16.0062 4112 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:40:16.0109 4112 TrkWks - ok
13:40:16.0171 4112 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:40:16.0265 4112 TrustedInstaller - ok
13:40:16.0296 4112 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:40:16.0343 4112 tssecsrv - ok
13:40:16.0374 4112 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:40:16.0437 4112 TsUsbFlt - ok
13:40:16.0483 4112 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:40:16.0561 4112 tunnel - ok
13:40:16.0593 4112 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:40:16.0608 4112 TVALZ - ok
13:40:16.0639 4112 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:40:16.0655 4112 uagp35 - ok
13:40:16.0702 4112 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:40:16.0764 4112 udfs - ok
13:40:16.0811 4112 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:40:16.0842 4112 UI0Detect - ok
13:40:16.0873 4112 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:40:16.0889 4112 uliagpkx - ok
13:40:16.0936 4112 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:40:16.0967 4112 umbus - ok
13:40:16.0998 4112 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:40:17.0014 4112 UmPass - ok
13:40:17.0123 4112 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:40:17.0185 4112 UNS - ok
13:40:17.0217 4112 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:40:17.0279 4112 upnphost - ok
13:40:17.0326 4112 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:40:17.0373 4112 USBAAPL64 - ok
13:40:17.0419 4112 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:40:17.0466 4112 usbccgp - ok
13:40:17.0513 4112 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:40:17.0544 4112 usbcir - ok
13:40:17.0575 4112 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:40:17.0607 4112 usbehci - ok
13:40:17.0653 4112 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:40:17.0700 4112 usbhub - ok
13:40:17.0716 4112 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:40:17.0763 4112 usbohci - ok
13:40:17.0809 4112 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:40:17.0856 4112 usbprint - ok
13:40:17.0887 4112 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:40:17.0903 4112 usbscan - ok
13:40:17.0903 4112 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:40:17.0934 4112 USBSTOR - ok
13:40:17.0997 4112 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:40:18.0012 4112 usbuhci - ok
13:40:18.0075 4112 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:40:18.0137 4112 usbvideo - ok
13:40:18.0153 4112 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:40:18.0215 4112 UxSms - ok
13:40:18.0231 4112 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:40:18.0246 4112 VaultSvc - ok
13:40:18.0262 4112 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:40:18.0277 4112 vdrvroot - ok
13:40:18.0324 4112 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:40:18.0418 4112 vds - ok
13:40:18.0465 4112 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:40:18.0480 4112 vga - ok
13:40:18.0496 4112 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:40:18.0574 4112 VgaSave - ok
13:40:18.0605 4112 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:40:18.0636 4112 vhdmp - ok
13:40:18.0652 4112 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:40:18.0667 4112 viaide - ok
13:40:18.0683 4112 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:40:18.0699 4112 volmgr - ok
13:40:18.0730 4112 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:40:18.0761 4112 volmgrx - ok
13:40:18.0808 4112 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:40:18.0839 4112 volsnap - ok
13:40:18.0886 4112 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:40:18.0901 4112 vsmraid - ok
13:40:18.0964 4112 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:40:19.0042 4112 VSS - ok
13:40:19.0073 4112 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:40:19.0104 4112 vwifibus - ok
13:40:19.0135 4112 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:40:19.0151 4112 vwififlt - ok
13:40:19.0182 4112 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:40:19.0229 4112 W32Time - ok
13:40:19.0245 4112 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:40:19.0276 4112 WacomPen - ok
13:40:19.0323 4112 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:40:19.0385 4112 WANARP - ok
13:40:19.0385 4112 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:40:19.0432 4112 Wanarpv6 - ok
13:40:19.0525 4112 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:40:19.0588 4112 WatAdminSvc - ok
13:40:19.0650 4112 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:40:19.0713 4112 wbengine - ok
13:40:19.0744 4112 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:40:19.0759 4112 WbioSrvc - ok
13:40:19.0791 4112 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:40:19.0806 4112 wcncsvc - ok
13:40:19.0822 4112 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:40:19.0837 4112 WcsPlugInService - ok
13:40:19.0869 4112 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:40:19.0869 4112 Wd - ok
13:40:19.0931 4112 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:40:19.0978 4112 Wdf01000 - ok
13:40:19.0993 4112 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:40:20.0087 4112 WdiServiceHost - ok
13:40:20.0103 4112 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:40:20.0118 4112 WdiSystemHost - ok
13:40:20.0165 4112 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:40:20.0212 4112 WebClient - ok
13:40:20.0243 4112 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:40:20.0321 4112 Wecsvc - ok
13:40:20.0352 4112 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:40:20.0415 4112 wercplsupport - ok
13:40:20.0446 4112 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:40:20.0524 4112 WerSvc - ok
13:40:20.0571 4112 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:40:20.0633 4112 WfpLwf - ok
13:40:20.0633 4112 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:40:20.0649 4112 WIMMount - ok
13:40:20.0664 4112 WinDefend - ok
13:40:20.0664 4112 WinHttpAutoProxySvc - ok
13:40:20.0727 4112 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:40:20.0805 4112 Winmgmt - ok
13:40:20.0883 4112 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:40:20.0961 4112 WinRM - ok
13:40:21.0007 4112 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:40:21.0054 4112 Wlansvc - ok
13:40:21.0101 4112 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:40:21.0117 4112 wlcrasvc - ok
13:40:21.0241 4112 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:40:21.0304 4112 wlidsvc - ok
13:40:21.0335 4112 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:40:21.0366 4112 WmiAcpi - ok
13:40:21.0397 4112 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:40:21.0429 4112 wmiApSrv - ok
13:40:21.0475 4112 WMPNetworkSvc - ok
13:40:21.0507 4112 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:40:21.0553 4112 WPCSvc - ok
13:40:21.0585 4112 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:40:21.0616 4112 WPDBusEnum - ok
13:40:21.0647 4112 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:40:21.0709 4112 ws2ifsl - ok
13:40:21.0725 4112 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:40:21.0772 4112 wscsvc - ok
13:40:21.0772 4112 WSearch - ok
13:40:21.0865 4112 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:40:21.0928 4112 wuauserv - ok
13:40:21.0959 4112 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:40:22.0006 4112 WudfPf - ok
13:40:22.0021 4112 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:40:22.0068 4112 WUDFRd - ok
13:40:22.0099 4112 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:40:22.0131 4112 wudfsvc - ok
13:40:22.0162 4112 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:40:22.0209 4112 WwanSvc - ok
13:40:22.0209 4112 ================ Scan global ===============================
13:40:22.0240 4112 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:40:22.0271 4112 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
13:40:22.0271 4112 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
13:40:22.0302 4112 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:40:22.0333 4112 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:40:22.0349 4112 [Global] - ok
13:40:22.0349 4112 ================ Scan MBR ==================================
13:40:22.0365 4112 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:40:22.0739 4112 \Device\Harddisk0\DR0 - ok
13:40:22.0739 4112 ================ Scan VBR ==================================
13:40:22.0755 4112 [ EF05A1928D9FBF94F29C69D093CE8559 ] \Device\Harddisk0\DR0\Partition1
13:40:22.0755 4112 \Device\Harddisk0\DR0\Partition1 - ok
13:40:22.0786 4112 [ 5E930CB43151D283C04E40C1DB2D5B20 ] \Device\Harddisk0\DR0\Partition2
13:40:22.0801 4112 \Device\Harddisk0\DR0\Partition2 - ok
13:40:22.0801 4112 ============================================================
13:40:22.0801 4112 Scan finished
13:40:22.0801 4112 ============================================================
13:40:22.0801 3436 Detected object count: 1
13:40:22.0801 3436 Actual detected object count: 1
13:40:35.0874 3436 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
13:40:35.0874 3436 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-27 13:30:25
-----------------------------
13:30:25.725 OS Version: Windows x64 6.1.7601 Service Pack 1
13:30:25.725 Number of processors: 4 586 0x2505
13:30:25.725 ComputerName: HOME-PC UserName: Home
13:30:26.427 Initialize success
13:30:33.072 AVAST engine defs: 12122700
13:30:54.538 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:30:54.554 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
13:30:54.569 Disk 0 MBR read successfully
13:30:54.569 Disk 0 MBR scan
13:30:54.585 Disk 0 Windows 7 default MBR code
13:30:54.585 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
13:30:54.600 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152622 MB offset 821248
13:30:54.632 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 152222 MB offset 313391104
13:30:54.678 Disk 0 scanning C:\Windows\system32\drivers
13:31:07.049 Service scanning
13:31:36.721 Modules scanning
13:31:36.736 Disk 0 trace - called modules:
13:31:36.767 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:31:36.783 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a1d060]
13:31:36.783 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a33050]
13:31:36.799 Scan finished successfully
13:36:13.450 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
13:36:13.450 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
|
|
27.12.2012, 14:04
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner: trojan.reveton und exploit.drop Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.12.2012, 14:57
| #9 |
| | GVU-Trojaner: trojan.reveton und exploit.drop Hier die ComboFix-Datei: Code:
ATTFilter ComboFix 12-12-27.02 - Home 27.12.2012 14:27:46.1.4 - x64
ausgeführt von:: c:\users\Home\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Home\4.0
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-27 bis 2012-12-27 ))))))))))))))))))))))))))))))
.
.
2012-12-27 13:32 . 2012-12-27 13:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-27 10:58 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24C1BA08-54A5-4368-A48B-DBDD743B6077}\mpengine.dll
2012-12-23 10:46 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-23 10:46 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-23 10:46 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-23 10:46 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-12 13:13 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 17:21 . 2011-03-05 10:30 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 14:54 . 2012-10-01 13:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 14:54 . 2012-10-01 13:35 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-28 12:26 . 2012-10-28 12:26 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-28 10:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 10:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 10:17 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 14:37 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 14:37 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 14:37 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 14:37 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 13:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 14:37 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 14:37 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 14:37 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 14:37 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 14:37 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 14:37 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 14:37 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 14:37 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 14:37 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 14:37 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 14:37 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-29 18:54 . 2012-09-25 11:22 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 20:29 . 2012-09-28 20:13 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-28 20:29 . 2010-11-15 20:11 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-05 98304]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Home\Desktop\mbar\mbar.exe" [2012-12-24 1342312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [2010-09-15 60288]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-24 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-05 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2010-12-28 20592]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 83746273
*NewlyCreated* - 99923506
*NewlyCreated* - ASWMBR
*Deregistered* - 83746273
*Deregistered* - 99923506
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-01 14:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.tagesschau.de/die_wichtigsten_nachrichten_als_video/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\md39k90p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/100sekunden/|https://ovidius.uni-tuebingen.de/ilias3/ilias.php?baseClass=ilPersonalDesktopGUI
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-27 14:34:05
ComboFix-quarantined-files.txt 2012-12-27 13:34
.
Vor Suchlauf: 7 Verzeichnis(se), 111.627.902.976 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 111.600.496.640 Bytes frei
.
- - End Of File - - CE504ECF56A0D65EB94D8EC6A6D31A83
|
|
27.12.2012, 21:10
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner: trojan.reveton und exploit.drop adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.12.2012, 12:16
| #11 |
| | GVU-Trojaner: trojan.reveton und exploit.dropCode:
ATTFilter # AdwCleaner v2.103 - Datei am 28/12/2012 um 12:15:47 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Home - HOME-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Home\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\md39k90p.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\md39k90p.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\md39k90p.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\md39k90p.default\searchplugins\icqplugin-3.xml
Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\md39k90p.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-57750583-270369740-31274254-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\md39k90p.default\prefs.js
Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2061 octets] - [28/12/2012 12:15:47]
########## EOF - C:\AdwCleaner[R1].txt - [2121 octets] ##########
|
|
28.12.2012, 12:20
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner: trojan.reveton und exploit.drop adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.12.2012, 12:35
| #13 |
| | GVU-Trojaner: trojan.reveton und exploit.drop Erstmal das adw-logfile: Code:
ATTFilter # AdwCleaner v2.103 - Datei am 28/12/2012 um 12:33:14 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Home - HOME-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Home\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\md39k90p.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\md39k90p.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\md39k90p.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\md39k90p.default\searchplugins\icqplugin-3.xml
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\md39k90p.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\md39k90p.default\prefs.js
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2188 octets] - [28/12/2012 12:15:47]
AdwCleaner[S1].txt - [2002 octets] - [28/12/2012 12:33:14]
########## EOF - C:\AdwCleaner[S1].txt - [2062 octets] ##########
|
|
28.12.2012, 12:45
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner: trojan.reveton und exploit.drop Kommt OTL noch?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.12.2012, 12:54
| #15 |
| | GVU-Trojaner: trojan.reveton und exploit.dropCode:
ATTFilter OTL logfile created on: 28.12.2012 12:37:22 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 68,42% Memory free 7,72 Gb Paging File | 6,33 Gb Available in Paging File | 81,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 104,27 Gb Free Space | 69,96% Space Free | Partition Type: NTFS Drive D: | 148,65 Gb Total Space | 140,58 Gb Free Space | 94,57% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: Home | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (MHIKEY10) -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys (Generic USB smartcard reader) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{9100891C-4EA9-47F7-90B7-E69EAE105DF2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0983608B-031F-4040-83DC-561014255CA0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-57750583-270369740-31274254-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/die_wichtigsten_nachrichten_als_video/ IE - HKU\S-1-5-21-57750583-270369740-31274254-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-57750583-270369740-31274254-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-57750583-270369740-31274254-1000\..\SearchScopes\{7831094E-9EFE-405C-9E3B-F04E45EF3D2F}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-57750583-270369740-31274254-1000\..\SearchScopes\{C2D705D6-95B1-4B51-9D7C-D633786398FE}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-57750583-270369740-31274254-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-57750583-270369740-31274254-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/100sekunden/|https://ovidius.uni-tuebingen.de/ilias3/ilias.php?baseClass=ilPersonalDesktopGUI" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.14 20:05:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.14 20:05:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.14 20:05:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.14 20:05:53 | 000,000,000 | ---D | M] [2011.02.12 13:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions [2012.12.28 12:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\md39k90p.default\extensions [2012.12.18 13:41:11 | 000,532,971 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.11.23 15:52:43 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.25 17:07:25 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-10.xml [2012.04.04 08:36:48 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-11.xml [2012.04.10 14:03:23 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-12.xml [2012.04.24 21:30:19 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-13.xml [2012.09.01 14:18:16 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-14.xml [2012.09.23 12:13:46 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-15.xml [2012.09.23 20:05:30 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-16.xml [2011.08.03 12:38:01 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-4.xml [2011.09.15 21:19:00 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-5.xml [2011.10.04 15:13:23 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-6.xml [2011.11.17 13:49:44 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-7.xml [2011.12.02 20:21:24 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-8.xml [2011.12.30 19:53:09 | 000,000,950 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\md39k90p.default\searchplugins\icqplugin-9.xml [2012.12.14 20:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.12.14 20:05:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.07.07 15:12:08 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101115212137.dll File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110213124945.dll File not found O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-21-57750583-270369740-31274254-1000..\Run: [HP Officejet 6700 (NET)] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-57750583-270369740-31274254-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-57750583-270369740-31274254-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FD2ADC3-00F5-4C4C-8F79-5BC536E6F8A9}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1C680D7-D66C-472D-B81F-89243DD65C09}: DhcpNameServer = 82.212.62.62 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.27 17:36:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.27 14:34:06 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.12.27 14:26:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.27 14:26:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.27 14:26:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.27 14:26:52 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.27 14:26:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.27 14:24:41 | 005,014,482 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe [2012.12.27 13:37:08 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\tdsskiller.exe [2012.12.27 13:19:13 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Home\Desktop\aswMBR.exe [2012.12.24 18:36:44 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\mbar [2012.12.23 14:05:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2012.12.23 11:46:27 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.23 11:46:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.23 11:46:26 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.23 11:46:26 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.17 10:35:05 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Chemie Protokolle [2012.12.14 20:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.12 18:19:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.12 18:19:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.12 18:19:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.12 18:19:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.12 18:19:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.12 18:19:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.12 18:19:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.12 18:19:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.12 18:19:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.12 18:19:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.12 18:19:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.12 18:19:52 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.12 18:19:51 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.12 18:19:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.12 18:19:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.12 14:13:22 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 14:13:22 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 14:13:22 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 14:13:22 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 14:13:21 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 14:13:21 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 14:13:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 14:13:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 14:13:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 14:13:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 14:13:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 14:13:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 14:13:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 14:13:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 14:13:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 14:13:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 14:13:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 14:13:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 14:13:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 14:13:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 14:13:06 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 14:13:06 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Home\*.tmp files -> C:\Users\Home\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.28 12:34:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.28 12:34:02 | 3110,080,512 | -HS- | M] () -- C:\hiberfil.sys [2012.12.28 12:15:28 | 000,550,017 | ---- | M] () -- C:\Users\Home\Desktop\adwcleaner.exe [2012.12.28 11:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.28 11:46:54 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 11:46:54 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 14:25:07 | 005,014,482 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe [2012.12.27 13:37:11 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\tdsskiller.exe [2012.12.27 13:36:13 | 000,000,512 | ---- | M] () -- C:\Users\Home\Desktop\MBR.dat [2012.12.27 13:20:04 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Home\Desktop\aswMBR.exe [2012.12.27 11:55:56 | 000,001,055 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.27 11:55:49 | 000,001,021 | ---- | M] () -- C:\Users\Home\Desktop\Dropbox.lnk [2012.12.27 11:45:51 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.27 11:45:51 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.27 11:45:51 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.27 11:45:51 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.27 11:45:51 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.23 16:10:38 | 000,417,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.23 14:05:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2012.12.23 11:58:12 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.18 13:48:31 | 000,116,469 | ---- | M] () -- C:\Users\Home\Documents\Scan0005.jpg [2012.12.17 11:30:18 | 000,124,292 | ---- | M] () -- C:\Users\Home\Documents\Scan0004.jpg [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.12 15:54:14 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.12 15:54:14 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.10 20:23:05 | 000,022,528 | -H-- | M] () -- C:\Users\Home\Desktop\photothumb.db [2012.12.10 18:30:21 | 000,156,280 | ---- | M] () -- C:\Users\Home\Documents\Scan0003.jpg [2012.12.10 11:46:43 | 000,205,657 | ---- | M] () -- C:\Users\Home\Documents\Scan0002.jpg [2012.12.10 11:37:09 | 000,185,057 | ---- | M] () -- C:\Users\Home\Documents\Scan0001.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Home\*.tmp files -> C:\Users\Home\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.28 12:15:23 | 000,550,017 | ---- | C] () -- C:\Users\Home\Desktop\adwcleaner.exe [2012.12.27 14:26:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.27 14:26:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.27 14:26:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.27 14:26:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.27 14:26:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.27 13:36:13 | 000,000,512 | ---- | C] () -- C:\Users\Home\Desktop\MBR.dat [2012.12.23 11:58:12 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.18 13:48:31 | 000,116,469 | ---- | C] () -- C:\Users\Home\Documents\Scan0005.jpg [2012.12.17 11:30:18 | 000,124,292 | ---- | C] () -- C:\Users\Home\Documents\Scan0004.jpg [2012.12.10 18:30:21 | 000,156,280 | ---- | C] () -- C:\Users\Home\Documents\Scan0003.jpg [2012.12.10 11:46:43 | 000,205,657 | ---- | C] () -- C:\Users\Home\Documents\Scan0002.jpg [2012.12.10 11:37:09 | 000,185,057 | ---- | C] () -- C:\Users\Home\Documents\Scan0001.jpg [2012.10.18 14:56:12 | 000,003,584 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.10 18:58:47 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.06.13 19:53:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.11.23 14:11:50 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.11.23 14:11:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.12.2012 12:37:22 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 68,42% Memory free
7,72 Gb Paging File | 6,33 Gb Available in Paging File | 81,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 104,27 Gb Free Space | 69,96% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 140,58 Gb Free Space | 94,57% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-57750583-270369740-31274254-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DDBB15C-7E67-4134-8A60-96B2AD206412}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1C33EF2F-823D-46E1-ADDB-51F5634642EF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1CCE2657-66DD-4345-80D4-034223506B66}" = lport=139 | protocol=6 | dir=in | app=system |
"{237CB528-0696-4B91-B134-41FAB405FF2B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4E55BA5E-44F9-47D4-82EA-D54EA72C6772}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52768C1B-FE36-4006-85C3-7B1EAFC51FF6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56B08733-F690-4BEA-839C-B82572D76F10}" = rport=445 | protocol=6 | dir=out | app=system |
"{64656734-4392-4FA9-BDBC-04CD38FCC7D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71EFADAB-BE6F-459D-B7CA-06EB65A5B2AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7592F6FE-16F6-4F6D-B353-09788BA3E275}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{84FC309C-487A-44C4-9A37-6BB4A89D1C39}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9642DB12-77FC-46C4-95D1-975846114174}" = lport=445 | protocol=6 | dir=in | app=system |
"{A929EC4E-B259-4CF7-9230-3EF1B728D89D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD8A73B7-5A96-4744-9E6A-712C4F67DC16}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF82F75E-2507-4B0C-BFF2-204B1A40F50F}" = rport=138 | protocol=17 | dir=out | app=system |
"{B085989A-1D3E-44C2-9BB7-2F85AD0E70B4}" = rport=137 | protocol=17 | dir=out | app=system |
"{B83106EF-E72C-42DB-907C-39096C5F6B59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B8645FB2-D80E-4E40-82CC-7E2D771B9B05}" = lport=137 | protocol=17 | dir=in | app=system |
"{C8E6D516-0715-4A50-9762-2A1FF3F0EAD1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2707DF0-59EE-4C67-A412-F584ABF85BA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DCC47C63-24E8-4AC2-A374-29CD3B80B458}" = rport=139 | protocol=6 | dir=out | app=system |
"{E029A493-EFD1-4C92-BE3A-DFAA05F41B3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{E2244F23-22E2-4BA9-8717-CE7EE0B39282}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E8DA98C3-7ED9-4C86-9A08-928DBDF42103}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F941708D-B08C-4FF4-B41D-07854AFECF95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE2AA1E5-816E-4D6C-B861-A4DCA35D6B57}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{098F3533-EAB1-4090-B002-A5659D7B969A}" = protocol=6 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe |
"{0B153FAA-9085-41A4-AF6E-A6418C4C7E7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C30AA32-D538-4B75-967E-DF007080987F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CFDA775-FA97-4E94-BEB7-64947621114A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3297D3A4-AE19-4911-A7FB-89F52F2E8994}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{32DF90A5-CF58-4E65-AA27-EAFE24C57AC2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3A688428-B268-4E74-BD4F-3CC9752DC2B2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{42AB4AD7-F3E7-4A88-9344-E4E499E8692B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{51F1F7EE-AC9E-478A-9140-6A64A0BEB1AA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{64DD4F83-7C88-43B1-83B1-0DEA6B03520A}" = protocol=6 | dir=out | app=system |
"{6576621B-07FC-4731-9130-619E4F6640D7}" = protocol=17 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe |
"{789A49FB-45C9-43B6-ACEE-57E2E7BCFF6C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78E93BB1-32BC-484B-96CA-52996F847899}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E0F2A2F-E41B-4A24-82A0-EC56FEDF3AEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FADCEC3-B3D8-49D2-912A-3D3316DAE50D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{87F6E3C5-3949-465F-B748-5923D840D655}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{899C88E5-F0C5-4F24-84CF-93F506B1F605}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8C49B340-82BC-46CC-8611-35FFCEE97ACE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8EC1F719-19EA-4F79-830D-DABC0A55B84B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A5623CE5-FCA2-4BCB-B457-652F6E872941}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A694D2C2-B84D-4880-9B29-44259B14DF72}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B4C216C9-CDA5-42B9-B037-8927C9ADBE94}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BBA5C148-0C48-49F4-9E1C-AB7EFFA18A9A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C0272B90-7639-408C-9823-F25EF1FA148F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C9C149CA-A901-4A04-800B-5A44B490355F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CB0C176D-367A-474B-9B5E-9146ECF07516}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CBD6D306-62F6-472C-AF2F-B0D0CEF4A1AC}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\devicesetup.exe |
"{D0CF4B1F-8F7A-4B34-99C7-B38B725B7D79}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DC970210-0546-4643-8D13-30D70176EF51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E15A091F-02E9-45B7-8451-02048451A520}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E3172243-BD28-4F17-B4B8-2A7AFBE337B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC9069DB-C581-402F-812B-16FB7E1137E7}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe |
"{ECD15FD2-2046-43FC-BA80-4F267D0CFFAD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EFAE5232-942A-4929-ABC2-EAB0E3A2674D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F8E2F3EA-623C-4E25-A2D7-AF39431E09E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA84791E-E07A-487E-9E98-CAE904F66B8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FF1BEF78-D8FA-4DE0-9E88-4B512D1D7EBE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{C18C0D6B-B0AB-4029-8547-79A4E72E6188}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{B302E4F2-EAF7-4D05-A64B-DC98F9CD6FC9}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E21ACD8-DA65-4FB6-AC75-AA626CBD2926}" = HP Officejet 6700 - Grundlegende Software für das Gerät
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{19087D46-BF7E-9A26-9270-9B36B77898AB}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A92CF2B1-6B11-49CE-66E4-0140C7F5784A}" = ATI Catalyst Install Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"4F214B105BE2C47A7C10086525680BB7DCF7DEEB" = Windows-Treiberpaket - ATI Technologies Inc. (amdkmdap) Display (10/05/2010 8.783.0.0000)
"CCleaner" = CCleaner
"E8AD071510D6DB50A4A5327191F59F7569D3BB7F" = Windows-Treiberpaket - ATI Technologies Inc. (amdkmdap) Display (10/05/2010 8.783.0.0000)
"EPSON Stylus SX400 Series" = Druckerdeinstallation für EPSON Stylus SX400 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0ABDFAA5-B009-D501-DF69-149E3616A158}" = CCC Help Hungarian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FCA0973-24C0-48EA-8CF6-71B53C135C09}" = Microsoft Office Communicator 2007
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25BDEE44-A62C-4DCE-9635-2D1646E2B663}" = USB Sharing
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2CA6BDD8-6408-5335-E168-3EC1D11794D2}" = CCC Help German
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3CDEEF17-0808-6986-A217-5E683487791C}" = CCC Help Chinese Standard
"{3DC44403-BC62-95DF-09B6-7ECA2497D020}" = ccc-core-static
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{423EE102-4E12-F41C-58D0-461D3854B3E8}" = CCC Help Greek
"{4517E23D-4BDF-4274-D13A-0D47422B4880}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}" = HP Officejet 6700 Hilfe
"{51B4D17E-89A1-6664-19FF-2D0D8B457683}" = CCC Help Japanese
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53CF942D-C13D-4252-A60D-82D8626E03A2}" = CCC Help Dutch
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{59C4A26F-060A-FE5D-8978-18C9CDA17ADD}" = CCC Help Norwegian
"{5CED4654-5416-F816-5464-106E21FF2484}" = CCC Help Thai
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6000D586-E066-3044-63BE-854ECC5DBC57}" = Catalyst Control Center InstallProxy
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BDD00D7-DBE1-EB7C-4EFF-79FDD5AB9471}" = CCC Help English
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{743280B5-F04D-909D-27FC-50074576A3C7}" = CCC Help Spanish
"{754B5075-86CF-499D-BB3A-C8716821153F}" = Catalyst Control Center Localization All
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AC3D68A-39E1-421D-8E7E-7071A6C6EFD0}" = Catalyst Control Center - Branding
"{7FCAD144-6740-77DC-E056-403362752EBB}" = CCC Help Italian
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D4E90A0-8E0B-B6DF-8F8D-57365E4BC567}" = Catalyst Control Center Graphics Previews Common
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EB0C95A-4532-F1F5-F9EE-1D2A065F7AFF}" = CCC Help Chinese Traditional
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{946D0475-A801-D3CE-5EF9-3058DB11228F}" = CCC Help Turkish
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9E80531C-FB38-F137-1A95-373581ACD4A0}" = CCC Help Russian
"{A19926A5-5057-E1D4-37AB-C11673A691E9}" = CCC Help Swedish
"{A7059FE7-EC11-DE4F-7343-DA8668DD1BDE}" = CCC Help Korean
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BC3AB0D7-5F53-3767-433C-1FBB8909FF83}" = CCC Help Polish
"{BD474DC3-3728-160E-0B81-7C3D14D01A8D}" = CCC Help Finnish
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5F45A2E-7D97-CE35-C35B-946062A4EED5}" = CCC Help Portuguese
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C6D3FE2A-D248-FA78-CFF3-9A5EA7FA23C2}" = CCC Help French
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF76F70B-342A-117C-E909-F1C08D2E8743}" = CCC Help Danish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FAA369-B0E3-48B8-9447-4873103B0012}" = TOSHIBA ConfigFree
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF52988E-45D6-F3AC-A7A6-2A3C1708EFC4}" = CCC Help Czech
"Able RAWer_is1" = Able RAWer 1.4.8.30
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"PhotoScape" = PhotoScape
"Trusted Software Assistant_is1" = File Type Assistant
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-57750583-270369740-31274254-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.07.2012 11:13:02 | Computer Name = Home-Pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 01.08.2012 12:18:41 | Computer Name = Home-Pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 02.08.2012 09:17:50 | Computer Name = Home-Pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 03.08.2012 08:42:26 | Computer Name = Home-Pc | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16447 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: db0 Startzeit: 01cd717532206a00 Endzeit: 16 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 03.08.2012 08:51:53 | Computer Name = Home-Pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 04.08.2012 03:46:13 | Computer Name = Home-Pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 07.08.2012 09:28:08 | Computer Name = Home-Pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 09.08.2012 12:36:11 | Computer Name = Home-Pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 09.08.2012 16:25:22 | Computer Name = Home-Pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10.08.2012 11:22:50 | Computer Name = Home-Pc | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 21.12.2012 16:43:50 | Computer Name = Home-Pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.12.2012 16:43:50 | Computer Name = Home-Pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.12.2012 16:43:50 | Computer Name = Home-Pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.12.2012 16:43:50 | Computer Name = Home-Pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.12.2012 16:54:05 | Computer Name = Home-Pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.12.2012 03:32:42 | Computer Name = Home-Pc | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 22.12.2012 03:32:42 | Computer Name = Home-Pc | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 22.12.2012 07:37:09 | Computer Name = Home-Pc | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 27.12.2012 09:30:09 | Computer Name = Home-Pc | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 27.12.2012 09:32:10 | Computer Name = Home-Pc | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
|
|
| Themen zu GVU-Trojaner: trojan.reveton und exploit.drop |
| .dll, administrator, anti-malware, appdata, autostart, avira, cache, code, dateien, desktop, dsgsdgdsgdsgw.pad, explorer, firefox, free, gen, logdatei, logfiles, malwarebytes, mas, mozilla, namen, programm, registry, speicher, treiber, versteckte |
Linear-Darstellung
