| |
| |||||||
Log-Analyse und Auswertung: Exploit.Drop.GS, EXP/CVE-2012-0507Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.12.2012, 15:38
| #1 |
| |  Exploit.Drop.GS, EXP/CVE-2012-0507 Hallo, ich habe mir offensichtlich eine Abart dieses Trojaners eingefangen, der zum Zahlen einer "Lösegeldsumme" auffordert. Mein Notebook arbeitet anscheinend ganz normal, bis ich es mit dem Internet verbinde. Dann dauert es einige Minuten, bis die Meldung erscheint dass mein Computer aus Sicherheitsgründen gesperrt wurde. Danach die bekannte Aufforderung, 100 EUR zu zahlen, "damit Ihr Computersystem schnellstens verbessert wird". Nachdem ich die Meldung vorgestern Abend zum ersten Mal gesehen habe, habe ich meine Vollversion von Avira einen Komplettscan machen lassen. Avira hat folgendes gemeldet: Code:
ATTFilter C:\Users\Privat\AB Datensic\I\Setu\Creat\nichtöffnen\testfer\individuals\ens\mendoza ensfunf\em05.jpg
[WARNUNG] Die Datei konnte nicht gelesen werden!
--> C:\Users\Privat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5b3d8ec2-1419a697
[1] Archivtyp: ZIP
--> hw.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DJ
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> mac.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DK
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> test.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DL
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Privat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5b3d8ec2-1419a697
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DL
--> C:\Users\Privat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5b3d8ec2-22c8f11d
[1] Archivtyp: ZIP
--> hw.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DJ
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> mac.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DK
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> test.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DL
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Privat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5b3d8ec2-22c8f11d
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DL
Beginne mit der Suche in 'D:\'
--> C:\Users\Privat\Documents\Programme, Setup\setup\BitTorrent-6.1.2.exe
[1] Archivtyp: NSIS
--> C:\Users\Privat\Program Files (x86)\DNA\btdna.exe
[2] Archivtyp: Runtime Packed
--> D:\BELLO\Backup Set 2012-11-22 200005\Backup Files 2012-11-22 200005\Backup files 101.zip
[3] Archivtyp: ZIP
--> C/Users/Privat/Downloads/301.42-notebook-win7-winvista-64bit-international-whql.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
D:\BELLO\Backup Set 2012-11-22 200005\Backup Files 2012-11-22 200005\Backup files 101.zip
[WARNUNG] Die Datei konnte nicht gelesen werden!
Beginne mit der Desinfektion:
C:\Users\Privat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5b3d8ec2-22c8f11d
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DL
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58512e46.qua' verschoben!
C:\Users\Privat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5b3d8ec2-1419a697
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DL
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '40c601e1.qua' verschoben!
Mir ist noch etwas aufgefallen: Ich habe in der Windows-Systemwiederherstellung geschaut, was sich in der fraglichen Zeit (d. h. in den letzten Tagen) getan hat (Funktion "Nach betroffenen Programmen suchen"). Es scheint, als wäre "Microsoft Remote Desktop Services (Printer) 06/21/2006 6.1.7601.17514" durch "Microsoft-Remotedesktopdienste (Printer) 06/21/2006 6.1.7601.17514" ersetzt worden - also die gleiche Versionsnummer, aber in einer anderen Sprachen. Danach habe ich über einen USB-Stick MBAM heruntergeladen und (ebenfalls offline) aktualisiert. MBAM hat nun den Exploit.Drop.GS gefunden: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.10.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Syiam :: BELLO [Administrator] 13.12.2012 12:48:06 mbam-log-2012-12-13 (12-48-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 283215 Laufzeit: 4 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Privat\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 13.12.2012 13:34:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\Removal 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 75,07% Memory free 15,95 Gb Paging File | 13,79 Gb Available in Paging File | 86,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 681,77 Gb Total Space | 267,07 Gb Free Space | 39,17% Space Free | Partition Type: NTFS Drive D: | 698,63 Gb Total Space | 298,29 Gb Free Space | 42,70% Space Free | Partition Type: NTFS Drive E: | 7,65 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 963,70 Mb Total Space | 890,44 Mb Free Space | 92,40% Space Free | Partition Type: FAT Computer Name: BELLO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.13 12:15:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\Removal\OTL.exe PRC - [2012.11.26 10:47:55 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.26 10:47:48 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.11.26 10:47:47 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.26 10:47:47 | 000,379,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.11.26 10:47:47 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.26 10:47:46 | 000,633,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.27 10:02:54 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\Update\realsched.exe PRC - [2012.06.24 12:55:23 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.09.22 21:21:12 | 000,395,344 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.08.18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe PRC - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.03.11 23:14:58 | 000,030,064 | ---- | M] () -- c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe PRC - [2011.03.11 18:12:34 | 000,714,104 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe PRC - [2011.03.10 19:20:00 | 000,701,856 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe PRC - [2011.02.01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.08.16 19:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2010.05.21 01:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2010.03.11 23:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.07.22 22:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2009.03.11 03:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2005.09.30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ) SRV:64bit: - [2011.04.20 20:45:38 | 000,480,256 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2011.04.07 22:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2011.04.06 04:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2010.12.25 05:14:38 | 000,526,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv) SRV:64bit: - [2010.12.09 00:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2010.10.20 23:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.11.26 10:47:55 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.26 10:47:48 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.11.26 10:47:47 | 000,379,168 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.11.26 10:47:47 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.26 10:47:46 | 000,633,632 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.24 12:55:23 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.06.14 23:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.11.14 10:16:38 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\***\AppData\Local\Temp\7zS7227\hpslpsvc64.dll -- (HPSLPSVC) SRV - [2011.09.22 21:21:28 | 001,114,280 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.08.18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0) SRV - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.03.11 23:14:58 | 000,030,064 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe -- (UDSS) SRV - [2011.02.11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2011.02.10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2011.02.01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.05.21 01:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2010.04.12 19:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.11 23:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.29 01:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.11 03:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.09.30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.26 10:47:57 | 000,140,936 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot) DRV:64bit: - [2012.11.26 10:47:57 | 000,114,168 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim) DRV:64bit: - [2012.11.15 18:47:04 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.11.15 18:47:03 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.10.03 21:40:22 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.24 12:55:28 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012.06.24 12:55:20 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) DRV:64bit: - [2012.06.24 12:55:19 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.06.24 12:55:10 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.05.15 13:55:40 | 000,398,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB) DRV:64bit: - [2012.04.18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.12.26 05:07:57 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.03 02:45:04 | 000,175,192 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2011.04.26 05:51:04 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.02.09 04:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2011.02.04 04:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.01.28 00:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.03 23:16:24 | 000,994,304 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvb7700all.sys -- (DVB7700ALL) DRV:64bit: - [2010.12.18 04:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.18 23:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.06.19 01:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec) DRV:64bit: - [2010.03.22 19:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.31 05:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.15 00:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.30 01:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm) DRV:64bit: - [2009.06.29 19:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv) DRV:64bit: - [2009.06.29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009.06.20 04:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.20 06:59:00 | 000,014,848 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid) DRV:64bit: - [2008.04.25 03:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma) DRV:64bit: - [2007.04.17 20:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {2488A919-E127-42D8-9F7D-ABD1481E78A2} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2488A919-E127-42D8-9F7D-ABD1481E78A2}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_deDE489 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.24 16:21:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.27 10:03:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.30 21:49:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.03 22:07:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.24 16:21:29 | 000,000,000 | ---D | M] [2012.06.30 21:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.06.30 21:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.14 23:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll [2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\ProgramData\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\FILME_~1\TrayServer.exe (MAGIX AG) O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.13 13:27:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Removal [2012.12.13 12:46:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2012.12.13 12:45:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.12.13 12:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.13 12:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.13 12:45:34 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.12.13 12:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.11 23:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2012.12.10 07:31:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Zattoo [2012.12.10 07:31:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo [2012.12.10 07:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo [2012.12.10 07:31:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo [2012.12.09 17:20:41 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat [2012.12.09 17:20:40 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat [2012.12.08 11:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.08 11:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.12.08 11:47:46 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.12.04 10:00:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CEB66F71-947F-4594-9D7B-CE74069DA866} [2012.12.04 10:00:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{84FFCA4B-ECCC-46CA-87BD-D9EE75CC871C} [2012.12.03 02:08:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc ========== Files - Modified Within 30 Days ========== [2012.12.13 13:29:23 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.12.13 13:29:15 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.13 13:29:15 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.13 13:20:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.12.13 13:20:17 | 2129,149,951 | -HS- | M] () -- C:\hiberfil.sys [2012.12.13 13:07:11 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.13 12:45:23 | 001,507,106 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.12.13 12:45:23 | 000,657,676 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.12.13 12:45:23 | 000,618,912 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.12.13 12:45:23 | 000,131,016 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.12.13 12:45:23 | 000,107,232 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.12.12 14:42:05 | 001,526,948 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.12.11 23:44:53 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.10 07:31:03 | 000,001,858 | ---- | M] () -- C:\Users\***\Desktop\Zattoo.lnk [2012.12.03 02:17:47 | 000,007,670 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.12.02 19:22:08 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\lvuvc.hs [2012.11.26 10:48:42 | 000,000,038 | ---- | M] () -- C:\windows\SysNative\InstallationInfs [2012.11.26 10:47:57 | 000,140,936 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avfwot.sys [2012.11.26 10:47:57 | 000,114,168 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avfwim.sys [2012.11.17 19:33:27 | 000,230,142 | ---- | M] () -- C:\Users\***\Desktop\Checkliste_für_Verkäufer.pdf [2012.11.15 18:47:04 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2012.11.15 18:47:03 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2012.11.14 18:52:14 | 000,465,936 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.12.13 13:29:23 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.12.12 14:42:05 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.12.10 07:31:03 | 000,001,858 | ---- | C] () -- C:\Users\***\Desktop\Zattoo.lnk [2012.11.17 19:33:27 | 000,230,142 | ---- | C] () -- C:\Users\***\Desktop\Checkliste_für_Verkäufer.pdf [2012.11.15 18:47:20 | 000,000,038 | ---- | C] () -- C:\windows\SysNative\InstallationInfs [2012.11.14 09:23:13 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 09:14:50 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.09.23 12:17:09 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE [2012.09.13 07:31:07 | 000,245,561 | ---- | C] () -- C:\windows\hpoins19.dat.temp [2012.08.07 23:55:59 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.07.26 21:39:14 | 000,011,425 | ---- | C] () -- C:\Users\***\gsview64.ini [2012.06.26 09:59:42 | 000,007,670 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.06.24 16:27:07 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat.temp [2012.06.24 16:15:37 | 000,245,227 | ---- | C] () -- C:\windows\hpoins19.dat [2012.06.24 16:15:37 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat [2012.06.24 15:11:56 | 000,120,200 | ---- | C] () -- C:\windows\SysWow64\DLLDEV32i.dll [2012.06.24 15:10:09 | 000,007,119 | ---- | C] () -- C:\windows\mgxoschk.ini [2012.06.24 01:38:26 | 000,000,020 | ---- | C] () -- C:\windows\LauschAngriff.ini [2012.06.24 00:30:35 | 000,000,798 | ---- | C] () -- C:\windows\wiso.ini [2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe [2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll [2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll [2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe [2011.12.26 05:48:09 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI [2011.02.04 04:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2010.10.29 16:54:35 | 000,008,813 | ---- | C] () -- C:\Users\***\gsview32.ini [2010.10.29 16:52:05 | 000,035,328 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.29 16:36:30 | 000,000,138 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.06.22 00:59:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis [2012.06.22 00:59:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\benibela [2012.09.10 20:44:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent [2012.06.22 00:59:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2012.06.22 00:59:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DDMSettings [2012.06.22 00:59:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ! [2012.06.22 00:59:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC [2012.06.29 19:33:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.06.22 00:59:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterTrust [2012.06.24 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2012.06.22 00:59:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OfficeUpdate12 [2012.09.06 22:00:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook [2012.06.22 00:59:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.06.22 00:59:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SecureMaker [2012.06.22 00:59:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TerraTec [2012.08.06 15:15:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba [2012.06.24 10:21:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TOSHIBA Online Product Information [2012.09.04 19:53:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems [2012.06.22 00:59:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WEB.DE [2012.09.23 14:33:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xm1 ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.12.2012 13:34:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\Removal
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 75,07% Memory free
15,95 Gb Paging File | 13,79 Gb Available in Paging File | 86,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681,77 Gb Total Space | 267,07 Gb Free Space | 39,17% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 298,29 Gb Free Space | 42,70% Space Free | Partition Type: NTFS
Drive E: | 7,65 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 963,70 Mb Total Space | 890,44 Mb Free Space | 92,40% Space Free | Partition Type: FAT
Computer Name: BELLO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038EC91A-81EF-41F7-ADB2-A45E6485F072}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1EE05105-FE7E-4941-A228-92CD511F7A43}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2025BD89-EB6C-4DEE-9FAB-5583137B68D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24A0B5F7-63F5-4F11-A7D7-907C92C9CF6E}" = lport=139 | protocol=6 | dir=in | app=system |
"{28009C4D-CEED-498C-9BDD-FEE87198430A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{41B6E6C9-E370-494A-A402-193602E72C05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49DD7CAF-7939-4853-BCAB-940358F31163}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4B26896E-B224-4BF8-A30A-A164E72D55B6}" = lport=137 | protocol=17 | dir=in | app=system |
"{55573354-52B1-40E9-B418-FEEB18035DF8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{644FC42A-822B-4C47-8440-B733D07D429C}" = rport=138 | protocol=17 | dir=out | app=system |
"{6518F657-E1C7-4107-A3ED-08FAB8DC1FC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70023757-0F1C-4A7F-AEC3-F1048945778D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{76D4F081-B3E1-4478-B913-656A78762990}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85C79BC7-E422-499A-B21C-712382188AB3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9255BA45-7679-470D-8210-D993E630CA4C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{96FD718F-9377-44F8-84CA-470636253353}" = lport=138 | protocol=17 | dir=in | app=system |
"{AB5585EA-2DCB-4123-92C2-89B613387648}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B509444A-8BA7-44FE-9BE4-D1647628506A}" = rport=137 | protocol=17 | dir=out | app=system |
"{C12D3C56-909F-45E4-8FE2-98ACA8E12B85}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C80B4BCE-94E2-463A-93E1-5279E21D589C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3CEA99A-7013-4EA5-B07D-655C61229035}" = lport=445 | protocol=6 | dir=in | app=system |
"{E82968A2-3452-4978-8157-8D84781279F8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{EE362142-2D88-43AB-8109-0DEBD17455F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0D43D0B-D41D-4BEE-845B-21A0D1DFAA96}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6A694AA-F608-4447-8131-C4B62091371F}" = rport=139 | protocol=6 | dir=out | app=system |
"{FFFEA947-0242-4F72-9515-A14C8AADC6A6}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022349FC-1B43-4AFA-AB8A-F9D65FC7D199}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{0DFCB2A6-20F0-4EC6-8F78-7F0425FF323E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{10F9467F-E92C-433B-B049-A0E61DDA7314}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{12512FF6-8F0C-48EC-9AE0-E4A135666D6E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{15A7C2F0-7885-4AD6-8D9D-0CC9C02FE824}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs7227\hppiw.exe |
"{18C97AD7-5DD4-467A-86F2-B29BFEC6F074}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{198942F7-01D2-4A19-AEA9-F26443FDCB77}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1A06EF99-539C-44F7-B17B-F31055F08084}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A443ACB-0A1B-4858-891C-E40E5D8739F3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{1BCD95A5-E5B8-4699-8721-0F0FE4E44753}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1DE60A5E-A9F9-4DEC-9191-21D1B6FDE670}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{28E7C85B-4B02-4B48-B40A-535331C64F5A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{2A2548CB-DF26-4ED9-AB54-3E60947C0A2F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2A71FE4C-7665-4CA0-A669-C79045AD6DB6}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{33501230-AB57-4B0C-9DD6-437A70AC4BE1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{390903BE-56D9-4FBB-B9F2-DB318A5CD033}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39AF9CD5-0647-496F-86FF-CBA8A38D1F1E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D821BB4-712F-4E82-8DAA-67983F762046}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46916F3A-72EB-4818-8CA4-8EB1FF82799C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{46AB7881-6E0F-457F-B115-3502C9EB04E6}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{4A23F5F6-B427-4B0E-9A50-70FBFAB4FDC6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{5026D411-99D0-4A4D-BFB2-857DDAA56E3B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5B9C09E2-4F8E-4226-A8D6-CC197E14149A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{64648E7C-A4C2-4F55-B622-F9D9E6BAF64C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{64BAE59E-D7AD-458D-A26D-300DE8DF3FCC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65093F32-CDCD-449B-A328-930FF242A051}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6A3CFE33-B739-4DC8-9295-D88B8B10B762}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6B0F0691-4A70-4126-A45F-5D847B588FCB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{6B6169C0-A1F5-4083-80C5-6C604A5889D5}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{6E792302-E542-4840-AD50-4C90B99F9823}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F58E755-A299-4EBF-AE0D-399BEDF3C92F}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{76ECFCF5-FAFB-4165-86C7-3667574BC722}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{7FF49F2D-2572-41AF-8164-396F8F247F74}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80DEC9C4-B5AA-4B41-87AF-19E2AB31176E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{861B1BF6-1495-4169-98DA-6615357DAA68}" = protocol=6 | dir=out | app=system |
"{8D8FCDAA-2999-41E3-910A-6808D30238A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92DBE179-8085-4275-B9DF-FAB4383E2282}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{98F5AA0A-619A-46F4-9305-8E0D0A5E898A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{9EA5DE48-1817-4C7C-A116-75F408D18ACF}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs7227\hppiw.exe |
"{9F1B8A14-9821-48B3-86AE-DC2AD3E0FFE5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{A269A2B6-0842-4178-9CC6-CE85D68EB029}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AAD7D07F-43FC-4BA5-82EC-7E897D478052}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF106CBF-F229-49DB-801E-140823078C9C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{AF7C149A-E99C-41BC-9E20-B4AC43162949}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{B2A67EBC-2EF9-47FD-B594-C6A8BB37D3FC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B39DD0C1-0AB8-48F3-AAED-4DB8271E8752}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{BE79AF47-FDA0-4C91-9663-6F1A8EA04351}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{CF130B73-9A1D-48BF-84A3-A2A0DC348BD4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF905CBB-FE5E-4F36-AE65-E2DA3F2FA1BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{D7BE05E8-7C61-4B1C-9F40-276C908082CE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{E54A05D0-2B76-478E-90D9-17F062176927}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8FB4C70-4F14-444E-8971-528F0AE40852}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9D2A67E-F94D-4361-86C8-A47A89D793B6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E9D98E3D-C8CC-4C05-A874-377FD76C72F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{EE3A68E1-9221-4C34-B40B-0CA7733F0258}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{FBD35597-66E4-4A33-8B62-4AC11A2F0061}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FCC5C296-ED82-4421-ADD6-C62F4939A8AD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"TCP Query User{3019F626-C22D-456E-96D3-46980A6C0943}C:\users\privat\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\privat\program files (x86)\dna\btdna.exe |
"UDP Query User{BA402333-A8CD-47EB-8ACD-E935F35693EA}C:\users\privat\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\privat\program files (x86)\dna\btdna.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}" = Adobe PDF iFilter 9 for 64-bit platforms
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6FF9A012-0254-41E9-81E2-F538C4B53611}" = TOSHIBA eco Utility
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E2C24FE1-C6BB-4A4B-8B7F-BF2521DEB91E}" = Share64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042" = ENE CIR Receiver Driver
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{E185BD5C-0E10-479F-AF44-63D3A068446A}" = Corel Digital Studio SE
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{123F0CCE-21AA-401D-A335-3EDF9C13AA52}" = NVIDIA 3D Vision Video Player
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}" = TOSHIBA ConfigFree
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1754ED2-CD39-4F5F-AC98-0271EAE1C116}" = Setup
"{E185BD5C-0E10-479F-AF44-63D3A068446A}" = ICA
"{E24A5C1E-8647-43FD-838B-DF7149D492E4}" = DeviceIO
"{E2C2F547-4C5B-45F9-8445-C59E223CCB08}" = ContentHD
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3C1C994-CA69-4B3C-A290-C311617DE271}" = Contents
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5636C06-A318-4CF3-803B-5BD9F5C10822}" = PureHD
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5D50A9A-B973-46DE-89E4-8BDDD8A9F988}" = Share
"{E6ABA0E9-65E7-4366-9770-514ED4341611}" = VIO
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E7EFA8C8-4CDE-4466-8E0E-01C04589ED90}" = ISCOM
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA6625D5-E563-4FE3-8D98-B3F5B64CBC67}" = IPM_OEM
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDD9E0C4-B402-40DF-B33D-405CA1E23BA6}" = DFPro
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1100000-0008-0000-0001-074957833700}" = ABBYY FineReader 11
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8C366C2-66A9-4F5C-A8A7-5108A0251F58}" = Microsoft Tool Web Package : OLEVIEW.EXE
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Internet Security
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"Duplicate Cleaner" = Duplicate Cleaner 2.1b
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LauschAngriff" = LauschAngriff
"MAGIX Filme auf DVD 8 D" = MAGIX Filme auf DVD 8 8.0.0.11 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MiKTeX 2.9" = MiKTeX 2.9
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 15.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SmartToolsBildervorschauv2.00" = SmartTools Publishing • Outlook Bildervorschau
"Texmaker" = Texmaker
"VLC media player" = VLC media player 2.0.3
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WTA-0d00f72d-886f-4094-a542-6fa31533b4b1" = Diner Dash 2 Restaurant Rescue
"WTA-1e3e143d-6d53-40b3-860c-361b9b1b136e" = Bejeweled 2 Deluxe
"WTA-41ea00f4-9290-419c-af13-ee8453539f55" = Chuzzle Deluxe
"WTA-4690ad67-25b7-44ad-9b09-edd51c3d45d0" = Zuma Deluxe
"WTA-5e3f7167-b86b-4582-89b5-dd25e07ac571" = Insaniquarium Deluxe
"WTA-61256105-e65f-47c7-8310-5561d1ff7b25" = FATE
"WTA-735228a7-78ef-47e5-a230-36c7dbd388ed" = Chicken Invaders 3 - Revenge of the Yolk
"WTA-76b0ddf1-d5cf-4711-8866-b8b76ff3e42b" = Final Drive: Nitro
"WTA-87caa045-0ddf-44cd-a440-4903293984e2" = Bejeweled 3
"WTA-9985a6f5-cf6e-4bb5-a9c2-cb4b738e5270" = Penguins!
"WTA-becdbb96-e4ff-4660-9eb4-d8f62a866ed0" = Slingo Deluxe
"WTA-c1a03938-601e-41d8-af87-317987f38efc" = Wedding Dash 2 - Rings Around the World
"WTA-cd8bd1b8-5be9-4e34-a4ee-7b6cd9bc90ef" = Plants vs. Zombies - Game of the Year
"WTA-f05d6f46-3745-49ed-a22d-64930f53dbda" = Polar Bowler
"Zattoo" = Zattoo 3.3.2 Beta
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.11.2012 18:55:53 | Computer Name = Bello | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CALMAIN.exe, Version: 8.1.0.14, Zeitstempel:
0x433d11f9 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel:
0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009966 ID des fehlerhaften Prozesses:
0xc20 Startzeit der fehlerhaften Anwendung: 0x01cdb92db90d7de7 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Canon\CAL\CALMAIN.exe Pfad des fehlerhaften Moduls:
C:\windows\syswow64\msvcrt.dll Berichtskennung: 73ee49a4-2540-11e2-b933-dc0ea13d5b5e
Error - 03.11.2012 06:39:08 | Computer Name = Bello | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: aec Startzeit: 01cdb92ea6e683c4 Endzeit: 120 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 03.11.2012 06:50:54 | Computer Name = Bello | Source = WinMgmt | ID = 10
Description =
Error - 03.11.2012 16:31:26 | Computer Name = Bello | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: TOSHIBAMediaControllerIE.dll,
Version: 1.0.6.1, Zeitstempel: 0x4cf89027 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00005e8b ID des fehlerhaften Prozesses: 0x618 Startzeit der fehlerhaften Anwendung:
0x01cdb9ff0d3f05df Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\TOSHIBA\TOSHIBA
Media Controller Plug-in\TOSHIBAMediaControllerIE.dll Berichtskennung: 70259946-25f5-11e2-af50-dc0ea13d5b5e
Error - 06.11.2012 09:09:06 | Computer Name = Bello | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1a1c Startzeit: 01cdbc1fd2024982 Endzeit: 58 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 06.11.2012 09:09:56 | Computer Name = Bello | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 2284 Startzeit: 01cdbc1feaa09ae2 Endzeit: 65 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 06.11.2012 09:16:31 | Computer Name = Bello | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: a88 Startzeit: 01cdbc20c06e6675 Endzeit: 106 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 07.11.2012 16:20:36 | Computer Name = Bello | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: Flash32_11_4_402_287.ocx,
Version: 11.4.402.287, Zeitstempel: 0x5066dd49 Ausnahmecode: 0xc0000005 Fehleroffset:
0x0000750c ID des fehlerhaften Prozesses: 0x12e4 Startzeit der fehlerhaften Anwendung:
0x01cdbc238e8be583 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\windows\SysWOW64\Macromed\Flash\Flash32_11_4_402_287.ocx
Berichtskennung:
96282aac-2918-11e2-af50-dc0ea13d5b5e
Error - 07.11.2012 18:05:40 | Computer Name = Bello | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x24448b34 ID des fehlerhaften
Prozesses: 0x638 Startzeit der fehlerhaften Anwendung: 0x01cdbc921ea5aafd Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 440e60c7-2927-11e2-af50-dc0ea13d5b5e
Error - 08.11.2012 16:10:03 | Computer Name = Bello | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 5d0 Startzeit: 01cdbc23d507a1fd Endzeit: 182 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
[ Media Center Events ]
Error - 07.12.2012 06:02:04 | Computer Name = Bello | Source = MCUpdate | ID = 0
Description = 11:02:03 - Fehler beim Herstellen der Internetverbindung. 11:02:04
- Serververbindung konnte nicht hergestellt werden..
Error - 07.12.2012 07:02:09 | Computer Name = Bello | Source = MCUpdate | ID = 0
Description = 12:02:09 - Fehler beim Herstellen der Internetverbindung. 12:02:09
- Serververbindung konnte nicht hergestellt werden..
Error - 07.12.2012 08:02:14 | Computer Name = Bello | Source = MCUpdate | ID = 0
Description = 13:02:14 - Fehler beim Herstellen der Internetverbindung. 13:02:14
- Serververbindung konnte nicht hergestellt werden..
Error - 07.12.2012 09:02:19 | Computer Name = Bello | Source = MCUpdate | ID = 0
Description = 14:02:19 - Fehler beim Herstellen der Internetverbindung. 14:02:19
- Serververbindung konnte nicht hergestellt werden..
Error - 11.12.2012 22:13:17 | Computer Name = Bello | Source = MCUpdate | ID = 0
Description = 03:13:17 - Fehler beim Herstellen der Internetverbindung. 03:13:17
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 29.11.2012 18:14:40 | Computer Name = Bello | Source = bowser | ID = 8003
Description =
Error - 30.11.2012 05:41:57 | Computer Name = Bello | Source = Application Popup | ID = 262200
Description = Treiber USB hat eine ungültige ID für das untergeordnete Gerät (SH19VTR02064)
zurückgegeben.
Error - 30.11.2012 17:12:40 | Computer Name = Bello | Source = DCOM | ID = 10010
Description =
Error - 30.11.2012 17:31:22 | Computer Name = Bello | Source = DCOM | ID = 10010
Description =
Error - 30.11.2012 17:42:20 | Computer Name = Bello | Source = Service Control Manager | ID = 7034
Description = Dienst "Canon Camera Access Library 8" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 01.12.2012 18:53:34 | Computer Name = Bello | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.0.2 mit
dem Computer mit der Netzwerkhardwareadresse E8-E0-B7-F4-38-8F ermittelt. Netzwerkvorgänge
könnten daher auf diesem System unterbrochen werden.
Error - 02.12.2012 17:25:47 | Computer Name = Bello | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f020b fehlgeschlagen: JMicron Technology Corp. - Storage - JMicron
PCIe xD Host Controller
Error - 02.12.2012 17:25:47 | Computer Name = Bello | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f020b fehlgeschlagen: JMicron Technology Corp. - Storage - JMicron
PCIe SD Host Controller
Error - 02.12.2012 17:27:22 | Computer Name = Bello | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f020b fehlgeschlagen: JMicron Technology Corp. - Storage - JMicron
PCIe SD/MMC Host Controller
Error - 02.12.2012 17:27:22 | Computer Name = Bello | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f020b fehlgeschlagen: JMicron Technology Corp. - Storage - JMicron
PCIe MS Host Controller
< End of report >
Was meint Ihr dazu? Strang, Kugel oder Schlaftabletten?  Vielen Dank im Voraus!! |
|
16.12.2012, 12:08
| #2 |
| /// TB-Ausbilder   | Exploit.Drop.GS, EXP/CVE-2012-0507 Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 2 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
17.12.2012, 18:04
| #3 |
| | Exploit.Drop.GS, EXP/CVE-2012-0507 Hi Matthias,
__________________ich danke Dir und freue mich, dass Du mir hilfst! Ich muss noch sagen, dass ich in der Zwischenzeit meine Avira-Vollversion nochmal losgeschickt habe. Avira hat noch einen TR/Ransom.EJ.84 gefunden und in die Quarantäne verschoben. Jetzt läuft mein Computer recht gut, ich bekomme keine Meldung mehr, dass ich Geld bezahlen soll. Das Einzige, was mit noch aufgefallen ist: Ich habe das Programm "Lauschangriff" laufen lassen, das alle Festplatten-Zugriffe mitschneidet. Ich konnte sehen, dass bei ganz ganz vielen Dateien und Ordnern die Zugriffszeit geändert wurde. Außerdem hat Windows Backup fast alle Dateien nochmal gesichert, offenbar dachte Backup, dass sich die Dateien verändert haben. Hier die beiden angeforderten Logs: Code:
ATTFilter 17:47:07.0684 8332 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:47:09.0714 8332 ============================================================
17:47:09.0714 8332 Current date / time: 2012/12/17 17:47:09.0714
17:47:09.0714 8332 SystemInfo:
17:47:09.0714 8332
17:47:09.0714 8332 OS Version: 6.1.7601 ServicePack: 1.0
17:47:09.0714 8332 Product type: Workstation
17:47:09.0714 8332 ComputerName: BELLO
17:47:09.0714 8332 UserName: Privat
17:47:09.0714 8332 Windows directory: C:\windows
17:47:09.0714 8332 System windows directory: C:\windows
17:47:09.0714 8332 Running under WOW64
17:47:09.0714 8332 Processor architecture: Intel x64
17:47:09.0714 8332 Number of processors: 8
17:47:09.0714 8332 Page size: 0x1000
17:47:09.0714 8332 Boot type: Normal boot
17:47:09.0714 8332 ============================================================
17:47:10.0484 8332 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:47:10.0844 8332 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:47:10.0854 8332 Drive \Device\Harddisk2\DR2 - Size: 0x3C3FFE00 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:47:10.0864 8332 ============================================================
17:47:10.0864 8332 \Device\Harddisk0\DR0:
17:47:10.0884 8332 MBR partitions:
17:47:10.0884 8332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x5538B800
17:47:10.0884 8332 \Device\Harddisk1\DR1:
17:47:10.0884 8332 MBR partitions:
17:47:10.0894 8332 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1000, BlocksNum 0x57545000
17:47:10.0894 8332 \Device\Harddisk2\DR2:
17:47:10.0894 8332 MBR partitions:
17:47:10.0894 8332 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1E1FC0
17:47:10.0894 8332 ============================================================
17:47:10.0924 8332 C: <-> \Device\Harddisk0\DR0\Partition1
17:47:10.0944 8332 D: <-> \Device\Harddisk1\DR1\Partition1
17:47:10.0944 8332 ============================================================
17:47:10.0944 8332 Initialize success
17:47:10.0944 8332 ============================================================
17:47:22.0184 6344 ============================================================
17:47:22.0184 6344 Scan started
17:47:22.0184 6344 Mode: Manual;
17:47:22.0184 6344 ============================================================
17:47:23.0754 6344 ================ Scan system memory ========================
17:47:23.0754 6344 System memory - ok
17:47:23.0754 6344 ================ Scan services =============================
17:47:23.0974 6344 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:47:23.0984 6344 1394ohci - ok
17:47:24.0144 6344 [ 656F06850D02BAED19F0E2E72B047CE2 ] ABBYY.Licensing.FineReader.Professional.11.0 C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
17:47:24.0164 6344 ABBYY.Licensing.FineReader.Professional.11.0 - ok
17:47:24.0234 6344 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:47:24.0244 6344 ACPI - ok
17:47:24.0284 6344 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:47:24.0284 6344 AcpiPmi - ok
17:47:24.0444 6344 [ 249386D5903657326265C996B32A0EDB ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
17:47:24.0454 6344 AcrSch2Svc - ok
17:47:24.0554 6344 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:47:24.0554 6344 AdobeARMservice - ok
17:47:24.0604 6344 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
17:47:24.0614 6344 adp94xx - ok
17:47:24.0684 6344 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
17:47:24.0694 6344 adpahci - ok
17:47:24.0734 6344 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
17:47:24.0744 6344 adpu320 - ok
17:47:24.0804 6344 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:47:24.0814 6344 AeLookupSvc - ok
17:47:24.0864 6344 [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp C:\windows\system32\DRIVERS\afcdp.sys
17:47:24.0874 6344 afcdp - ok
17:47:24.0984 6344 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
17:47:25.0034 6344 afcdpsrv - ok
17:47:25.0084 6344 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
17:47:25.0094 6344 AFD - ok
17:47:25.0154 6344 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
17:47:25.0154 6344 agp440 - ok
17:47:25.0204 6344 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
17:47:25.0214 6344 ALG - ok
17:47:25.0264 6344 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
17:47:25.0264 6344 aliide - ok
17:47:25.0284 6344 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
17:47:25.0284 6344 amdide - ok
17:47:25.0384 6344 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
17:47:25.0404 6344 AmdK8 - ok
17:47:25.0444 6344 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
17:47:25.0444 6344 AmdPPM - ok
17:47:25.0474 6344 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
17:47:25.0474 6344 amdsata - ok
17:47:25.0494 6344 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
17:47:25.0504 6344 amdsbs - ok
17:47:25.0534 6344 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:47:25.0534 6344 amdxata - ok
17:47:25.0634 6344 [ BCD725206E7CBBF253F326202244A125 ] AntiVirFirewallService C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
17:47:25.0644 6344 AntiVirFirewallService - ok
17:47:25.0694 6344 [ FCAE7984609FD0662B48D64603D1DAFF ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
17:47:25.0704 6344 AntiVirMailService - ok
17:47:25.0754 6344 [ FBF39613CA267F851186F93180AE2ED4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:47:25.0754 6344 AntiVirSchedulerService - ok
17:47:25.0814 6344 [ 476750076D102DC5F5B45ECE3C676853 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:47:25.0814 6344 AntiVirService - ok
17:47:25.0844 6344 [ E95B3655198C4DD65A7031EF8358CEF8 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:47:25.0854 6344 AntiVirWebService - ok
17:47:25.0884 6344 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
17:47:25.0894 6344 AppID - ok
17:47:25.0914 6344 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:47:25.0924 6344 AppIDSvc - ok
17:47:25.0934 6344 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
17:47:25.0934 6344 Appinfo - ok
17:47:25.0984 6344 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
17:47:25.0984 6344 arc - ok
17:47:25.0994 6344 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
17:47:26.0004 6344 arcsas - ok
17:47:26.0024 6344 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:47:26.0024 6344 AsyncMac - ok
17:47:26.0044 6344 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
17:47:26.0044 6344 atapi - ok
17:47:26.0124 6344 [ B2931C83CFB12A3223A47B180473AE1A ] athr C:\windows\system32\DRIVERS\athrx.sys
17:47:26.0164 6344 athr - ok
17:47:26.0214 6344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:47:26.0244 6344 AudioEndpointBuilder - ok
17:47:26.0254 6344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
17:47:26.0264 6344 AudioSrv - ok
17:47:26.0334 6344 [ EC1317EBA9579D71CFF1CB2546CCD058 ] avfwim C:\windows\system32\DRIVERS\avfwim.sys
17:47:26.0334 6344 avfwim - ok
17:47:26.0384 6344 [ 8AB499A6C2B5CFF0A357908AB12D95CD ] avfwot C:\windows\system32\DRIVERS\avfwot.sys
17:47:26.0384 6344 avfwot - ok
17:47:26.0454 6344 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
17:47:26.0454 6344 avgntflt - ok
17:47:26.0484 6344 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
17:47:26.0494 6344 avipbb - ok
17:47:26.0514 6344 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
17:47:26.0514 6344 avkmgr - ok
17:47:26.0554 6344 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
17:47:26.0564 6344 AxInstSV - ok
17:47:26.0624 6344 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
17:47:26.0624 6344 b06bdrv - ok
17:47:26.0674 6344 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
17:47:26.0684 6344 b57nd60a - ok
17:47:26.0724 6344 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
17:47:26.0744 6344 BDESVC - ok
17:47:26.0764 6344 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
17:47:26.0764 6344 Beep - ok
17:47:26.0824 6344 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
17:47:26.0864 6344 BFE - ok
17:47:26.0944 6344 [ 8DC837789BBF0E1BEF252A8F7C101F7B ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
17:47:26.0944 6344 BingDesktopUpdate - ok
17:47:26.0974 6344 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
17:47:26.0984 6344 BITS - ok
17:47:27.0024 6344 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
17:47:27.0034 6344 blbdrive - ok
17:47:27.0044 6344 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:47:27.0054 6344 bowser - ok
17:47:27.0084 6344 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
17:47:27.0084 6344 BrFiltLo - ok
17:47:27.0104 6344 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
17:47:27.0104 6344 BrFiltUp - ok
17:47:27.0144 6344 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
17:47:27.0154 6344 Browser - ok
17:47:27.0204 6344 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:47:27.0214 6344 Brserid - ok
17:47:27.0254 6344 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:47:27.0254 6344 BrSerWdm - ok
17:47:27.0274 6344 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:47:27.0274 6344 BrUsbMdm - ok
17:47:27.0324 6344 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:47:27.0324 6344 BrUsbSer - ok
17:47:27.0364 6344 [ 2347ABBD13BADA65826FDAB4CAAFE357 ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
17:47:27.0364 6344 BtFilter - ok
17:47:27.0404 6344 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
17:47:27.0404 6344 BTHMODEM - ok
17:47:27.0454 6344 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
17:47:27.0464 6344 bthserv - ok
17:47:27.0534 6344 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
17:47:27.0534 6344 CCALib8 - ok
17:47:27.0564 6344 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:47:27.0574 6344 cdfs - ok
17:47:27.0604 6344 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:47:27.0604 6344 cdrom - ok
17:47:27.0644 6344 [ A965B206921C55F2D1481789D609B711 ] CeKbFilter C:\windows\system32\DRIVERS\CeKbFilter.sys
17:47:27.0644 6344 CeKbFilter - ok
17:47:27.0684 6344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
17:47:27.0694 6344 CertPropSvc - ok
17:47:27.0774 6344 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
17:47:27.0774 6344 cfWiMAXService - ok
17:47:27.0824 6344 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
17:47:27.0824 6344 circlass - ok
17:47:27.0874 6344 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
17:47:27.0884 6344 CLFS - ok
17:47:27.0934 6344 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:47:27.0954 6344 clr_optimization_v2.0.50727_32 - ok
17:47:28.0004 6344 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:47:28.0014 6344 clr_optimization_v2.0.50727_64 - ok
17:47:28.0094 6344 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:47:28.0094 6344 clr_optimization_v4.0.30319_32 - ok
17:47:28.0134 6344 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:47:28.0144 6344 clr_optimization_v4.0.30319_64 - ok
17:47:28.0184 6344 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
17:47:28.0184 6344 CmBatt - ok
17:47:28.0194 6344 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
17:47:28.0204 6344 cmdide - ok
17:47:28.0274 6344 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
17:47:28.0284 6344 CNG - ok
17:47:28.0314 6344 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
17:47:28.0324 6344 Compbatt - ok
17:47:28.0354 6344 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
17:47:28.0364 6344 CompositeBus - ok
17:47:28.0374 6344 COMSysApp - ok
17:47:28.0404 6344 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
17:47:28.0404 6344 ConfigFree Service - ok
17:47:28.0424 6344 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
17:47:28.0424 6344 crcdisk - ok
17:47:28.0484 6344 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
17:47:28.0484 6344 CryptSvc - ok
17:47:28.0544 6344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
17:47:28.0554 6344 DcomLaunch - ok
17:47:28.0594 6344 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
17:47:28.0614 6344 defragsvc - ok
17:47:28.0664 6344 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:47:28.0664 6344 DfsC - ok
17:47:28.0704 6344 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
17:47:28.0724 6344 Dhcp - ok
17:47:28.0744 6344 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
17:47:28.0744 6344 discache - ok
17:47:28.0764 6344 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
17:47:28.0764 6344 Disk - ok
17:47:28.0794 6344 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:47:28.0794 6344 Dnscache - ok
17:47:28.0814 6344 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
17:47:28.0824 6344 dot3svc - ok
17:47:28.0884 6344 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
17:47:28.0884 6344 Dot4 - ok
17:47:28.0904 6344 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
17:47:28.0914 6344 Dot4Print - ok
17:47:28.0934 6344 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
17:47:28.0934 6344 dot4usb - ok
17:47:28.0974 6344 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
17:47:28.0974 6344 DPS - ok
17:47:29.0014 6344 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:47:29.0024 6344 drmkaud - ok
17:47:29.0084 6344 [ 04930F585EFBAEDDF79773ADD1A5EF4E ] DVB7700ALL C:\windows\system32\Drivers\dvb7700all.sys
17:47:29.0094 6344 DVB7700ALL - ok
17:47:29.0134 6344 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:47:29.0154 6344 DXGKrnl - ok
17:47:29.0224 6344 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
17:47:29.0234 6344 EapHost - ok
17:47:29.0314 6344 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
17:47:29.0354 6344 ebdrv - ok
17:47:29.0404 6344 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
17:47:29.0404 6344 EFS - ok
17:47:29.0464 6344 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:47:29.0474 6344 ehRecvr - ok
17:47:29.0494 6344 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
17:47:29.0494 6344 ehSched - ok
17:47:29.0554 6344 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
17:47:29.0564 6344 elxstor - ok
17:47:29.0594 6344 [ 524C79054636D2E5751169005006460B ] enecir C:\windows\system32\DRIVERS\enecir.sys
17:47:29.0594 6344 enecir - ok
17:47:29.0614 6344 [ E17EB95358F396E27D573A1B20F891F8 ] enecirhid C:\windows\system32\DRIVERS\enecirhid.sys
17:47:29.0614 6344 enecirhid - ok
17:47:29.0634 6344 [ 8492D808C79BD6FE439F77BE84956CDF ] enecirhidma C:\windows\system32\DRIVERS\enecirhidma.sys
17:47:29.0634 6344 enecirhidma - ok
17:47:29.0654 6344 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
17:47:29.0654 6344 ErrDev - ok
17:47:29.0684 6344 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
17:47:29.0694 6344 EventSystem - ok
17:47:29.0714 6344 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
17:47:29.0724 6344 exfat - ok
17:47:29.0754 6344 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
17:47:29.0754 6344 fastfat - ok
17:47:29.0794 6344 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
17:47:29.0804 6344 Fax - ok
17:47:29.0834 6344 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
17:47:29.0834 6344 fdc - ok
17:47:29.0864 6344 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
17:47:29.0874 6344 fdPHost - ok
17:47:29.0884 6344 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
17:47:29.0884 6344 FDResPub - ok
17:47:29.0934 6344 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:47:29.0944 6344 FileInfo - ok
17:47:29.0954 6344 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:47:29.0954 6344 Filetrace - ok
17:47:30.0104 6344 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
17:47:30.0134 6344 FirebirdServerMAGIXInstance - ok
17:47:30.0174 6344 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
17:47:30.0174 6344 flpydisk - ok
17:47:30.0194 6344 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:47:30.0194 6344 FltMgr - ok
17:47:30.0244 6344 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
17:47:30.0274 6344 FontCache - ok
17:47:30.0324 6344 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:47:30.0324 6344 FontCache3.0.0.0 - ok
17:47:30.0344 6344 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:47:30.0344 6344 FsDepends - ok
17:47:30.0374 6344 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:47:30.0374 6344 Fs_Rec - ok
17:47:30.0394 6344 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:47:30.0404 6344 fvevol - ok
17:47:30.0434 6344 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
17:47:30.0444 6344 gagp30kx - ok
17:47:30.0504 6344 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:47:30.0524 6344 GamesAppService - ok
17:47:30.0564 6344 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
17:47:30.0594 6344 gpsvc - ok
17:47:30.0644 6344 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:47:30.0654 6344 gupdate - ok
17:47:30.0674 6344 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:47:30.0674 6344 gupdatem - ok
17:47:30.0724 6344 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:47:30.0724 6344 gusvc - ok
17:47:30.0754 6344 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:47:30.0754 6344 hcw85cir - ok
17:47:30.0794 6344 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:47:30.0804 6344 HdAudAddService - ok
17:47:30.0834 6344 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
17:47:30.0844 6344 HDAudBus - ok
17:47:30.0854 6344 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
17:47:30.0854 6344 HidBatt - ok
17:47:30.0884 6344 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
17:47:30.0884 6344 HidBth - ok
17:47:30.0914 6344 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
17:47:30.0924 6344 HidIr - ok
17:47:30.0944 6344 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
17:47:30.0944 6344 hidserv - ok
17:47:30.0984 6344 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
17:47:30.0994 6344 HidUsb - ok
17:47:31.0014 6344 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
17:47:31.0024 6344 hkmsvc - ok
17:47:31.0034 6344 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:47:31.0054 6344 HomeGroupListener - ok
17:47:31.0084 6344 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:47:31.0084 6344 HomeGroupProvider - ok
17:47:31.0264 6344 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:47:31.0274 6344 hpqcxs08 - ok
17:47:31.0324 6344 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:47:31.0324 6344 hpqddsvc - ok
17:47:31.0354 6344 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:47:31.0364 6344 HpSAMD - ok
17:47:31.0544 6344 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Users\Syiam\AppData\Local\Temp\7zS7227\hpslpsvc64.dll
17:47:31.0564 6344 HPSLPSVC - ok
17:47:31.0624 6344 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\windows\system32\Drivers\ANDROIDUSB.sys
17:47:31.0624 6344 HTCAND64 - ok
17:47:31.0654 6344 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\windows\system32\DRIVERS\htcnprot.sys
17:47:31.0664 6344 htcnprot - ok
17:47:31.0724 6344 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:47:31.0734 6344 HTTP - ok
17:47:31.0754 6344 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:47:31.0754 6344 hwpolicy - ok
17:47:31.0794 6344 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
17:47:31.0794 6344 i8042prt - ok
17:47:31.0844 6344 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
17:47:31.0844 6344 iaStor - ok
17:47:31.0894 6344 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:47:31.0904 6344 iaStorV - ok
17:47:31.0984 6344 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:47:32.0034 6344 idsvc - ok
17:47:32.0074 6344 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
17:47:32.0074 6344 iirsp - ok
17:47:32.0124 6344 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
17:47:32.0144 6344 IKEEXT - ok
17:47:32.0234 6344 [ 4B2151F04BB466EC1924AA27315E1118 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
17:47:32.0264 6344 IntcAzAudAddService - ok
17:47:32.0294 6344 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
17:47:32.0294 6344 intelide - ok
17:47:32.0344 6344 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:47:32.0344 6344 intelppm - ok
17:47:32.0384 6344 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:47:32.0404 6344 IPBusEnum - ok
17:47:32.0434 6344 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:47:32.0434 6344 IpFilterDriver - ok
17:47:32.0514 6344 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
17:47:32.0524 6344 iphlpsvc - ok
17:47:32.0544 6344 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:47:32.0544 6344 IPMIDRV - ok
17:47:32.0574 6344 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:47:32.0574 6344 IPNAT - ok
17:47:32.0594 6344 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
17:47:32.0594 6344 IRENUM - ok
17:47:32.0624 6344 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
17:47:32.0624 6344 isapnp - ok
17:47:32.0634 6344 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:47:32.0644 6344 iScsiPrt - ok
17:47:32.0694 6344 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
17:47:32.0704 6344 IviRegMgr - ok
17:47:32.0754 6344 [ 935301DD8306CEEAEF0B84DD6ABFFDC6 ] JMCR C:\windows\system32\DRIVERS\jmcr.sys
17:47:32.0764 6344 JMCR - ok
17:47:32.0784 6344 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
17:47:32.0784 6344 kbdclass - ok
17:47:32.0814 6344 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
17:47:32.0814 6344 kbdhid - ok
17:47:32.0844 6344 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
17:47:32.0844 6344 KeyIso - ok
17:47:32.0894 6344 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:47:32.0904 6344 KSecDD - ok
17:47:32.0954 6344 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:47:32.0964 6344 KSecPkg - ok
17:47:32.0984 6344 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
17:47:32.0994 6344 ksthunk - ok
17:47:33.0034 6344 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
17:47:33.0064 6344 KtmRm - ok
17:47:33.0104 6344 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
17:47:33.0114 6344 LanmanServer - ok
17:47:33.0184 6344 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:47:33.0204 6344 LanmanWorkstation - ok
17:47:33.0324 6344 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:47:33.0344 6344 LBTServ - ok
17:47:33.0374 6344 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\windows\system32\DRIVERS\LHidFilt.Sys
17:47:33.0384 6344 LHidFilt - ok
17:47:33.0414 6344 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:47:33.0424 6344 lltdio - ok
17:47:33.0454 6344 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
17:47:33.0474 6344 lltdsvc - ok
17:47:33.0504 6344 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
17:47:33.0514 6344 lmhosts - ok
17:47:33.0544 6344 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\windows\system32\DRIVERS\LMouFilt.Sys
17:47:33.0544 6344 LMouFilt - ok
17:47:33.0594 6344 [ 50C7CE53EF461870410355F1F2E7D515 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:47:33.0604 6344 LMS - ok
17:47:33.0634 6344 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
17:47:33.0634 6344 LPCFilter - ok
17:47:33.0674 6344 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
17:47:33.0674 6344 LSI_FC - ok
17:47:33.0704 6344 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
17:47:33.0714 6344 LSI_SAS - ok
17:47:33.0724 6344 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
17:47:33.0734 6344 LSI_SAS2 - ok
17:47:33.0744 6344 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
17:47:33.0754 6344 LSI_SCSI - ok
17:47:33.0774 6344 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
17:47:33.0774 6344 luafv - ok
17:47:33.0834 6344 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\windows\system32\DRIVERS\lvrs64.sys
17:47:33.0844 6344 LVRS64 - ok
17:47:34.0004 6344 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\windows\system32\DRIVERS\lvuvc64.sys
17:47:34.0114 6344 LVUVC64 - ok
17:47:34.0154 6344 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:47:34.0164 6344 Mcx2Svc - ok
17:47:34.0284 6344 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
17:47:34.0294 6344 MDM - ok
17:47:34.0314 6344 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
17:47:34.0324 6344 megasas - ok
17:47:34.0364 6344 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
17:47:34.0374 6344 MegaSR - ok
17:47:34.0404 6344 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
17:47:34.0414 6344 MEIx64 - ok
17:47:34.0494 6344 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:47:34.0504 6344 Microsoft Office Groove Audit Service - ok
17:47:34.0534 6344 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
17:47:34.0534 6344 MMCSS - ok
17:47:34.0554 6344 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
17:47:34.0554 6344 Modem - ok
17:47:34.0614 6344 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:47:34.0614 6344 monitor - ok
17:47:34.0654 6344 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:47:34.0664 6344 mouclass - ok
17:47:34.0684 6344 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:47:34.0684 6344 mouhid - ok
17:47:34.0714 6344 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:47:34.0714 6344 mountmgr - ok
17:47:34.0804 6344 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:47:34.0814 6344 MozillaMaintenance - ok
17:47:34.0834 6344 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
17:47:34.0844 6344 mpio - ok
17:47:34.0854 6344 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:47:34.0854 6344 mpsdrv - ok
17:47:34.0904 6344 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
17:47:34.0924 6344 MpsSvc - ok
17:47:34.0944 6344 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:47:34.0954 6344 MRxDAV - ok
17:47:34.0994 6344 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:47:34.0994 6344 mrxsmb - ok
17:47:35.0024 6344 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:47:35.0034 6344 mrxsmb10 - ok
17:47:35.0054 6344 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:47:35.0054 6344 mrxsmb20 - ok
17:47:35.0064 6344 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
17:47:35.0074 6344 msahci - ok
17:47:35.0084 6344 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:47:35.0094 6344 msdsm - ok
17:47:35.0124 6344 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
17:47:35.0144 6344 MSDTC - ok
17:47:35.0184 6344 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
17:47:35.0184 6344 Msfs - ok
17:47:35.0204 6344 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:47:35.0214 6344 mshidkmdf - ok
17:47:35.0234 6344 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:47:35.0234 6344 msisadrv - ok
17:47:35.0264 6344 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:47:35.0274 6344 MSiSCSI - ok
17:47:35.0284 6344 msiserver - ok
17:47:35.0324 6344 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:47:35.0334 6344 MSKSSRV - ok
17:47:35.0344 6344 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:47:35.0354 6344 MSPCLOCK - ok
17:47:35.0374 6344 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:47:35.0374 6344 MSPQM - ok
17:47:35.0404 6344 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:47:35.0404 6344 MsRPC - ok
17:47:35.0434 6344 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
17:47:35.0434 6344 mssmbios - ok
17:47:35.0454 6344 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:47:35.0454 6344 MSTEE - ok
17:47:35.0484 6344 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
17:47:35.0484 6344 MTConfig - ok
17:47:35.0504 6344 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
17:47:35.0504 6344 Mup - ok
17:47:35.0534 6344 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
17:47:35.0544 6344 napagent - ok
17:47:35.0584 6344 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:47:35.0584 6344 NativeWifiP - ok
17:47:35.0654 6344 [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
17:47:35.0664 6344 NAUpdate - ok
17:47:35.0754 6344 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
17:47:35.0774 6344 NDIS - ok
17:47:35.0804 6344 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:47:35.0804 6344 NdisCap - ok
17:47:35.0834 6344 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:47:35.0834 6344 NdisTapi - ok
17:47:35.0854 6344 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:47:35.0854 6344 Ndisuio - ok
17:47:35.0874 6344 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:47:35.0874 6344 NdisWan - ok
17:47:35.0914 6344 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:47:35.0914 6344 NDProxy - ok
17:47:35.0974 6344 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:47:35.0984 6344 Net Driver HPZ12 - ok
17:47:36.0004 6344 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:47:36.0004 6344 NetBIOS - ok
17:47:36.0044 6344 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:47:36.0054 6344 NetBT - ok
17:47:36.0074 6344 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
17:47:36.0084 6344 Netlogon - ok
17:47:36.0124 6344 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
17:47:36.0134 6344 Netman - ok
17:47:36.0154 6344 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
17:47:36.0164 6344 netprofm - ok
17:47:36.0194 6344 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:47:36.0214 6344 NetTcpPortSharing - ok
17:47:36.0264 6344 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
17:47:36.0264 6344 nfrd960 - ok
17:47:36.0324 6344 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
17:47:36.0344 6344 NlaSvc - ok
17:47:36.0364 6344 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
17:47:36.0364 6344 Npfs - ok
17:47:36.0384 6344 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
17:47:36.0394 6344 nsi - ok
17:47:36.0414 6344 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:47:36.0414 6344 nsiproxy - ok
17:47:36.0494 6344 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:47:36.0524 6344 Ntfs - ok
17:47:36.0544 6344 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
17:47:36.0544 6344 Null - ok
17:47:36.0584 6344 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
17:47:36.0584 6344 nusb3hub - ok
17:47:36.0604 6344 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
17:47:36.0614 6344 nusb3xhc - ok
17:47:36.0664 6344 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
17:47:36.0664 6344 NVHDA - ok
17:47:36.0964 6344 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
17:47:37.0194 6344 nvlddmkm - ok
17:47:37.0214 6344 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
17:47:37.0214 6344 nvraid - ok
17:47:37.0254 6344 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
17:47:37.0254 6344 nvstor - ok
17:47:37.0324 6344 [ 4B451CFD408FE3356F44438A3631DFB5 ] NvStUSB C:\windows\system32\DRIVERS\nvstusb.sys
17:47:37.0334 6344 NvStUSB - ok
17:47:37.0414 6344 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] NVSvc C:\windows\system32\nvvsvc.exe
17:47:37.0424 6344 NVSvc - ok
17:47:37.0454 6344 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:47:37.0454 6344 nv_agp - ok
17:47:37.0544 6344 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:47:37.0554 6344 odserv - ok
17:47:37.0584 6344 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:47:37.0584 6344 ohci1394 - ok
17:47:37.0644 6344 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:47:37.0644 6344 ose - ok
17:47:37.0684 6344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:47:37.0684 6344 p2pimsvc - ok
17:47:37.0714 6344 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
17:47:37.0734 6344 p2psvc - ok
17:47:37.0764 6344 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
17:47:37.0764 6344 Parport - ok
17:47:37.0794 6344 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
17:47:37.0794 6344 partmgr - ok
17:47:37.0904 6344 [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
17:47:37.0914 6344 PassThru Service - ok
17:47:37.0944 6344 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
17:47:37.0954 6344 PcaSvc - ok
17:47:37.0984 6344 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
17:47:37.0994 6344 pci - ok
17:47:38.0004 6344 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
17:47:38.0014 6344 pciide - ok
17:47:38.0034 6344 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
17:47:38.0044 6344 pcmcia - ok
17:47:38.0054 6344 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
17:47:38.0054 6344 pcw - ok
17:47:38.0094 6344 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:47:38.0104 6344 PEAUTH - ok
17:47:38.0174 6344 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
17:47:38.0184 6344 PerfHost - ok
17:47:38.0214 6344 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
17:47:38.0214 6344 PGEffect - ok
17:47:38.0274 6344 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
17:47:38.0304 6344 pla - ok
17:47:38.0354 6344 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:47:38.0364 6344 PlugPlay - ok
17:47:38.0414 6344 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:47:38.0424 6344 Pml Driver HPZ12 - ok
17:47:38.0464 6344 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:47:38.0474 6344 PNRPAutoReg - ok
17:47:38.0494 6344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:47:38.0504 6344 PNRPsvc - ok
17:47:38.0544 6344 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:47:38.0564 6344 PolicyAgent - ok
17:47:38.0604 6344 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
17:47:38.0614 6344 Power - ok
17:47:38.0664 6344 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:47:38.0664 6344 PptpMiniport - ok
17:47:38.0694 6344 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
17:47:38.0694 6344 Processor - ok
17:47:38.0714 6344 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
17:47:38.0714 6344 ProfSvc - ok
17:47:38.0734 6344 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
17:47:38.0734 6344 ProtectedStorage - ok
17:47:38.0764 6344 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:47:38.0764 6344 Psched - ok
17:47:38.0784 6344 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:47:38.0784 6344 PSI_SVC_2 - ok
17:47:38.0854 6344 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
17:47:38.0874 6344 ql2300 - ok
17:47:38.0904 6344 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
17:47:38.0904 6344 ql40xx - ok
17:47:38.0934 6344 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
17:47:38.0964 6344 QWAVE - ok
17:47:38.0994 6344 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:47:38.0994 6344 QWAVEdrv - ok
17:47:39.0014 6344 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:47:39.0014 6344 RasAcd - ok
17:47:39.0054 6344 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:47:39.0064 6344 RasAgileVpn - ok
17:47:39.0094 6344 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
17:47:39.0114 6344 RasAuto - ok
17:47:39.0134 6344 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:47:39.0134 6344 Rasl2tp - ok
17:47:39.0164 6344 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
17:47:39.0174 6344 RasMan - ok
17:47:39.0204 6344 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:47:39.0214 6344 RasPppoe - ok
17:47:39.0254 6344 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:47:39.0254 6344 RasSstp - ok
17:47:39.0304 6344 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:47:39.0314 6344 rdbss - ok
17:47:39.0354 6344 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
17:47:39.0354 6344 rdpbus - ok
17:47:39.0394 6344 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:47:39.0394 6344 RDPCDD - ok
17:47:39.0444 6344 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:47:39.0444 6344 RDPENCDD - ok
17:47:39.0464 6344 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:47:39.0464 6344 RDPREFMP - ok
17:47:39.0524 6344 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
17:47:39.0524 6344 RdpVideoMiniport - ok
17:47:39.0554 6344 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:47:39.0564 6344 RDPWD - ok
17:47:39.0594 6344 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:47:39.0604 6344 rdyboost - ok
17:47:39.0624 6344 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\windows\system32\drivers\regi.sys
17:47:39.0624 6344 regi - ok
17:47:39.0654 6344 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
17:47:39.0664 6344 RemoteAccess - ok
17:47:39.0694 6344 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:47:39.0714 6344 RemoteRegistry - ok
17:47:39.0724 6344 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:47:39.0734 6344 RpcEptMapper - ok
17:47:39.0764 6344 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
17:47:39.0764 6344 RpcLocator - ok
17:47:39.0784 6344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
17:47:39.0784 6344 RpcSs - ok
17:47:39.0814 6344 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:47:39.0814 6344 rspndr - ok
17:47:39.0874 6344 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
17:47:39.0874 6344 RTL8167 - ok
17:47:39.0884 6344 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
17:47:39.0894 6344 SamSs - ok
17:47:39.0904 6344 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:47:39.0904 6344 sbp2port - ok
17:47:39.0924 6344 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
17:47:39.0924 6344 SCardSvr - ok
17:47:39.0944 6344 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:47:39.0944 6344 scfilter - ok
17:47:39.0984 6344 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
17:47:40.0014 6344 Schedule - ok
17:47:40.0034 6344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
17:47:40.0034 6344 SCPolicySvc - ok
17:47:40.0054 6344 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
17:47:40.0064 6344 sdbus - ok
17:47:40.0094 6344 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:47:40.0114 6344 SDRSVC - ok
17:47:40.0144 6344 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:47:40.0144 6344 secdrv - ok
17:47:40.0164 6344 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
17:47:40.0184 6344 seclogon - ok
17:47:40.0204 6344 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
17:47:40.0214 6344 SENS - ok
17:47:40.0244 6344 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
17:47:40.0244 6344 SensrSvc - ok
17:47:40.0264 6344 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
17:47:40.0274 6344 Serenum - ok
17:47:40.0294 6344 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
17:47:40.0304 6344 Serial - ok
17:47:40.0334 6344 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
17:47:40.0334 6344 sermouse - ok
17:47:40.0374 6344 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
17:47:40.0384 6344 SessionEnv - ok
17:47:40.0404 6344 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:47:40.0404 6344 sffdisk - ok
17:47:40.0434 6344 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:47:40.0434 6344 sffp_mmc - ok
17:47:40.0454 6344 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:47:40.0454 6344 sffp_sd - ok
17:47:40.0464 6344 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
17:47:40.0464 6344 sfloppy - ok
17:47:40.0524 6344 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
17:47:40.0534 6344 SharedAccess - ok
17:47:40.0564 6344 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:47:40.0574 6344 ShellHWDetection - ok
17:47:40.0604 6344 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
17:47:40.0604 6344 SiSRaid2 - ok
17:47:40.0624 6344 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
17:47:40.0624 6344 SiSRaid4 - ok
17:47:40.0684 6344 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:47:40.0694 6344 SkypeUpdate - ok
17:47:40.0714 6344 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:47:40.0714 6344 Smb - ok
17:47:40.0774 6344 [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman C:\windows\system32\DRIVERS\snapman.sys
17:47:40.0774 6344 snapman - ok
17:47:40.0814 6344 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:47:40.0824 6344 SNMPTRAP - ok
17:47:40.0844 6344 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
17:47:40.0854 6344 spldr - ok
17:47:40.0894 6344 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
17:47:40.0904 6344 Spooler - ok
17:47:40.0974 6344 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
17:47:41.0014 6344 sppsvc - ok
17:47:41.0044 6344 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:47:41.0044 6344 sppuinotify - ok
17:47:41.0074 6344 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
17:47:41.0084 6344 srv - ok
17:47:41.0104 6344 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:47:41.0114 6344 srv2 - ok
17:47:41.0134 6344 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:47:41.0134 6344 srvnet - ok
17:47:41.0174 6344 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:47:41.0184 6344 SSDPSRV - ok
17:47:41.0224 6344 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
17:47:41.0224 6344 SstpSvc - ok
17:47:41.0384 6344 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:47:41.0384 6344 Stereo Service - ok
17:47:41.0404 6344 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
17:47:41.0414 6344 stexstor - ok
17:47:41.0464 6344 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
17:47:41.0474 6344 stisvc - ok
17:47:41.0494 6344 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
17:47:41.0504 6344 swenum - ok
17:47:41.0534 6344 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
17:47:41.0544 6344 swprv - ok
17:47:41.0614 6344 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
17:47:41.0634 6344 SynTP - ok
17:47:41.0704 6344 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
17:47:41.0724 6344 SysMain - ok
17:47:41.0734 6344 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
17:47:41.0744 6344 TabletInputService - ok
17:47:41.0764 6344 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
17:47:41.0774 6344 TapiSrv - ok
17:47:41.0794 6344 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
17:47:41.0804 6344 TBS - ok
17:47:41.0914 6344 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:47:41.0934 6344 Tcpip - ok
17:47:41.0964 6344 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:47:41.0974 6344 TCPIP6 - ok
17:47:41.0994 6344 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:47:41.0994 6344 tcpipreg - ok
17:47:42.0024 6344 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
17:47:42.0034 6344 tdcmdpst - ok
17:47:42.0064 6344 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:47:42.0064 6344 TDPIPE - ok
17:47:42.0144 6344 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\windows\system32\DRIVERS\tdrpm273.sys
17:47:42.0154 6344 tdrpman273 - ok
17:47:42.0174 6344 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:47:42.0184 6344 TDTCP - ok
17:47:42.0194 6344 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:47:42.0194 6344 tdx - ok
17:47:42.0234 6344 [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
17:47:42.0244 6344 TemproMonitoringService - ok
17:47:42.0274 6344 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
17:47:42.0274 6344 TermDD - ok
17:47:42.0314 6344 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
17:47:42.0354 6344 TermService - ok
17:47:42.0374 6344 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
17:47:42.0384 6344 Themes - ok
17:47:42.0414 6344 [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
17:47:42.0414 6344 Thpdrv - ok
17:47:42.0444 6344 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
17:47:42.0444 6344 Thpevm - ok
17:47:42.0494 6344 [ 9B032A63A0553A2D872815C64A0288BE ] Thpsrv C:\windows\system32\ThpSrv.exe
17:47:42.0504 6344 Thpsrv - ok
17:47:42.0514 6344 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
17:47:42.0524 6344 THREADORDER - ok
17:47:42.0594 6344 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter C:\windows\system32\DRIVERS\timntr.sys
17:47:42.0614 6344 timounter - ok
17:47:42.0694 6344 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
17:47:42.0694 6344 TMachInfo - ok
17:47:42.0744 6344 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
17:47:42.0744 6344 TODDSrv - ok
17:47:42.0854 6344 [ 63B379F8885CB1C557771BB8B16162E3 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
17:47:42.0864 6344 TosCoSrv - ok
17:47:42.0914 6344 [ 8F099BE5DB17D025E19652851399B9F1 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
17:47:42.0914 6344 TOSHIBA Bluetooth Service - ok
17:47:42.0974 6344 [ 2ECC833EA37CECE0052D4D9ADC184177 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
17:47:42.0984 6344 TOSHIBA eco Utility Service - ok
17:47:43.0024 6344 [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
17:47:43.0024 6344 TOSHIBA HDD SSD Alert Service - ok
17:47:43.0034 6344 Tosrfcom - ok
17:47:43.0064 6344 [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
17:47:43.0064 6344 tosrfec - ok
17:47:43.0084 6344 [ 7A0048693F98460FF537BE31C741B927 ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
17:47:43.0084 6344 Tosrfusb - ok
17:47:43.0144 6344 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
17:47:43.0144 6344 tos_sps64 - ok
17:47:43.0264 6344 [ 9F8410CCC72B3470C96DA415BE0CF423 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
17:47:43.0284 6344 TPCHSrv - ok
17:47:43.0314 6344 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
17:47:43.0324 6344 TrkWks - ok
17:47:43.0364 6344 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:47:43.0374 6344 TrustedInstaller - ok
17:47:43.0394 6344 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:47:43.0394 6344 tssecsrv - ok
17:47:43.0434 6344 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:47:43.0444 6344 TsUsbFlt - ok
17:47:43.0484 6344 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
17:47:43.0484 6344 TsUsbGD - ok
17:47:43.0534 6344 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:47:43.0534 6344 tunnel - ok
17:47:43.0574 6344 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
17:47:43.0574 6344 TVALZ - ok
17:47:43.0594 6344 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
17:47:43.0594 6344 TVALZFL - ok
17:47:43.0614 6344 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
17:47:43.0624 6344 uagp35 - ok
17:47:43.0644 6344 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:47:43.0664 6344 udfs - ok
17:47:43.0704 6344 [ D2B2AB4235B360A9CCAE8E891350A474 ] UDSS c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
17:47:43.0704 6344 UDSS - ok
17:47:43.0734 6344 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
17:47:43.0754 6344 UI0Detect - ok
17:47:43.0784 6344 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:47:43.0794 6344 uliagpkx - ok
17:47:43.0824 6344 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
17:47:43.0824 6344 umbus - ok
17:47:43.0854 6344 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
17:47:43.0854 6344 UmPass - ok
17:47:43.0934 6344 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
17:47:43.0944 6344 UMVPFSrv - ok
17:47:44.0044 6344 [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:47:44.0074 6344 UNS - ok
17:47:44.0104 6344 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
17:47:44.0114 6344 upnphost - ok
17:47:44.0194 6344 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
17:47:44.0234 6344 UPnPService - ok
17:47:44.0264 6344 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
17:47:44.0274 6344 usbaudio - ok
17:47:44.0294 6344 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:47:44.0304 6344 usbccgp - ok
17:47:44.0324 6344 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
17:47:44.0334 6344 usbcir - ok
17:47:44.0344 6344 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
17:47:44.0344 6344 usbehci - ok
17:47:44.0364 6344 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\drivers\usbhub.sys
17:47:44.0374 6344 usbhub - ok
17:47:44.0404 6344 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
17:47:44.0404 6344 usbohci - ok
17:47:44.0434 6344 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
17:47:44.0434 6344 usbprint - ok
17:47:44.0474 6344 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
17:47:44.0484 6344 usbscan - ok
17:47:44.0504 6344 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:47:44.0504 6344 USBSTOR - ok
17:47:44.0524 6344 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
17:47:44.0524 6344 usbuhci - ok
17:47:44.0544 6344 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
17:47:44.0554 6344 usbvideo - ok
17:47:44.0574 6344 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
17:47:44.0584 6344 UxSms - ok
17:47:44.0604 6344 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
17:47:44.0604 6344 VaultSvc - ok
17:47:44.0634 6344 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:47:44.0634 6344 vdrvroot - ok
17:47:44.0654 6344 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
17:47:44.0674 6344 vds - ok
17:47:44.0684 6344 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:47:44.0694 6344 vga - ok
17:47:44.0704 6344 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
17:47:44.0704 6344 VgaSave - ok
17:47:44.0714 6344 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:47:44.0724 6344 vhdmp - ok
17:47:44.0744 6344 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
17:47:44.0744 6344 viaide - ok
17:47:44.0774 6344 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:47:44.0774 6344 volmgr - ok
17:47:44.0794 6344 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:47:44.0804 6344 volmgrx - ok
17:47:44.0814 6344 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
17:47:44.0824 6344 volsnap - ok
17:47:44.0844 6344 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
17:47:44.0854 6344 vsmraid - ok
17:47:44.0894 6344 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
17:47:44.0914 6344 VSS - ok
17:47:44.0944 6344 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:47:44.0944 6344 vwifibus - ok
17:47:44.0964 6344 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:47:44.0964 6344 vwififlt - ok
17:47:44.0984 6344 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
17:47:44.0984 6344 vwifimp - ok
17:47:45.0024 6344 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
17:47:45.0054 6344 W32Time - ok
17:47:45.0074 6344 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
17:47:45.0084 6344 WacomPen - ok
17:47:45.0114 6344 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:47:45.0114 6344 WANARP - ok
17:47:45.0114 6344 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:47:45.0124 6344 Wanarpv6 - ok
17:47:45.0254 6344 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
17:47:45.0314 6344 WatAdminSvc - ok
17:47:45.0394 6344 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
17:47:45.0424 6344 wbengine - ok
17:47:45.0434 6344 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:47:45.0444 6344 WbioSrvc - ok
17:47:45.0454 6344 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
17:47:45.0474 6344 wcncsvc - ok
17:47:45.0494 6344 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:47:45.0504 6344 WcsPlugInService - ok
17:47:45.0524 6344 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
17:47:45.0534 6344 Wd - ok
17:47:45.0574 6344 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:47:45.0584 6344 Wdf01000 - ok
17:47:45.0594 6344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
17:47:45.0614 6344 WdiServiceHost - ok
17:47:45.0614 6344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
17:47:45.0614 6344 WdiSystemHost - ok
17:47:45.0644 6344 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
17:47:45.0664 6344 WebClient - ok
17:47:45.0684 6344 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
17:47:45.0704 6344 Wecsvc - ok
17:47:45.0714 6344 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
17:47:45.0724 6344 wercplsupport - ok
17:47:45.0754 6344 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
17:47:45.0764 6344 WerSvc - ok
17:47:45.0804 6344 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:47:45.0804 6344 WfpLwf - ok
17:47:45.0824 6344 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:47:45.0824 6344 WIMMount - ok
17:47:45.0844 6344 WinDefend - ok
17:47:45.0844 6344 WinHttpAutoProxySvc - ok
17:47:45.0904 6344 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:47:45.0924 6344 Winmgmt - ok
17:47:46.0004 6344 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
17:47:46.0034 6344 WinRM - ok
17:47:46.0094 6344 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
17:47:46.0094 6344 WinUsb - ok
17:47:46.0134 6344 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
17:47:46.0154 6344 Wlansvc - ok
17:47:46.0224 6344 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:47:46.0224 6344 wlcrasvc - ok
17:47:46.0304 6344 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:47:46.0324 6344 wlidsvc - ok
17:47:46.0364 6344 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
17:47:46.0364 6344 WmiAcpi - ok
17:47:46.0404 6344 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:47:46.0414 6344 wmiApSrv - ok
17:47:46.0454 6344 WMPNetworkSvc - ok
17:47:46.0484 6344 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
17:47:46.0494 6344 WPCSvc - ok
17:47:46.0514 6344 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:47:46.0534 6344 WPDBusEnum - ok
17:47:46.0564 6344 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:47:46.0564 6344 ws2ifsl - ok
17:47:46.0594 6344 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
17:47:46.0594 6344 wscsvc - ok
17:47:46.0604 6344 WSearch - ok
17:47:46.0704 6344 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
17:47:46.0744 6344 wuauserv - ok
17:47:46.0784 6344 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:47:46.0784 6344 WudfPf - ok
17:47:46.0834 6344 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:47:46.0844 6344 WUDFRd - ok
17:47:46.0894 6344 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:47:46.0914 6344 wudfsvc - ok
17:47:46.0944 6344 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
17:47:46.0964 6344 WwanSvc - ok
17:47:47.0004 6344 ================ Scan global ===============================
17:47:47.0024 6344 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
17:47:47.0064 6344 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
17:47:47.0094 6344 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
17:47:47.0144 6344 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
17:47:47.0194 6344 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
17:47:47.0204 6344 [Global] - ok
17:47:47.0204 6344 ================ Scan MBR ==================================
17:47:47.0234 6344 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
17:47:47.0414 6344 \Device\Harddisk0\DR0 - ok
17:47:47.0424 6344 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
17:47:47.0424 6344 \Device\Harddisk1\DR1 - ok
17:47:47.0434 6344 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk2\DR2
17:47:47.0444 6344 \Device\Harddisk2\DR2 - ok
17:47:47.0444 6344 ================ Scan VBR ==================================
17:47:47.0454 6344 [ 135C63E47C05441ED961045B59866756 ] \Device\Harddisk0\DR0\Partition1
17:47:47.0454 6344 \Device\Harddisk0\DR0\Partition1 - ok
17:47:47.0454 6344 [ D2BFF469E7347C10C7D873494137D024 ] \Device\Harddisk1\DR1\Partition1
17:47:47.0454 6344 \Device\Harddisk1\DR1\Partition1 - ok
17:47:47.0464 6344 [ 3BD57ACA21BB0D59926E7ABAC044A078 ] \Device\Harddisk2\DR2\Partition1
17:47:47.0464 6344 \Device\Harddisk2\DR2\Partition1 - ok
17:47:47.0464 6344 ============================================================
17:47:47.0464 6344 Scan finished
17:47:47.0464 6344 ============================================================
17:47:47.0474 8164 Detected object count: 0
17:47:47.0474 8164 Actual detected object count: 0
17:51:05.0044 7280 Deinitialize success
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-16 22:57:27
-----------------------------
22:57:27.640 OS Version: Windows x64 6.1.7601 Service Pack 1
22:57:27.640 Number of processors: 8 586 0x2A07
22:57:27.640 ComputerName: BELLO UserName:
22:57:42.725 Initialize success
22:58:09.849 AVAST engine defs: 12121302
22:58:25.277 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:58:25.277 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
22:58:25.277 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
22:58:25.293 Disk 1 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
22:58:25.433 Disk 0 MBR read successfully
22:58:25.449 Disk 0 MBR scan
22:58:25.511 Disk 0 Windows VISTA default MBR code
22:58:25.527 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:58:25.620 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 698135 MB offset 3074048
22:58:25.714 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15768 MB offset 1432854528
22:58:25.901 Disk 0 scanning C:\windows\system32\drivers
22:58:56.430 Service scanning
23:00:51.356 Modules scanning
23:00:51.371 Disk 0 trace - called modules:
23:00:51.402 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys
23:00:51.402 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007af4790]
23:00:51.402 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8007aee710]
23:00:58.875 AVAST engine scan C:\windows
23:01:04.335 AVAST engine scan C:\windows\system32
23:10:15.858 AVAST engine scan C:\windows\system32\drivers
23:10:49.835 AVAST engine scan C:\Users\Privat
03:01:39.401 File: C:\Users\Privat\Documents\Programme, Setup\setup\winamp plugins\highpersonic.exe **INFECTED** Win32:Malware-gen
03:14:39.340 AVAST engine scan C:\ProgramData
04:08:16.893 Scan finished successfully
10:36:00.004 Disk 0 MBR has been saved successfully to "C:\Users\Privat\Desktop\MBR.dat"
10:36:00.019 The log file has been saved successfully to "C:\Users\Privat\Desktop\aswMBR.txt"
Viele Grüße |
|
18.12.2012, 14:40
| #4 | ||
| /// TB-Ausbilder | Exploit.Drop.GS, EXP/CVE-2012-0507 Servus, Zitat:
Gibt es einen Grund dafür? Es ist dein Rechner und du kannst mit dem machen was du willst... aber damit machst du uns das Leben hier nur schwerer... Zudem: Zitat:
Bitte alle Logs mit Funden posten Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
|
18.12.2012, 19:47
| #5 |
| | Exploit.Drop.GS, EXP/CVE-2012-0507 Es tut mir leid, ich habe den Rechner dringend benötigt und wollte sicher sein, dass nicht ein Keylogger oder so mitläuft... Es sind teilweise halt auch heikle Daten... Und ich ja wusste, dass es ein paar Tage gehen kann, also habe ich Antivir nochmal laufen lassen  . Ich habe das Log dann nicht gepostet, weil ich die Anweisungen so verstanden hatte, dass man nur eine Stunde den Beitrag editieren kann und dann nichts mehr ändern sollte. Aber natürlich reiche ich es gern nach und freue mich über Deine Hilfe - und Geduld!!Das war das Resultat von Avira: Code:
ATTFilter
Avira Internet Security
Erstellungsdatum der Reportdatei: Freitag, 14. Dezember 2012 11:39
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : ***
Seriennummer : 2220316572-ISECE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : BELLO
Versionsinformationen:
BUILD.DAT : 13.0.0.2890 57207 Bytes 05.12.2012 17:09:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 14.12.2012 00:48:04
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 14.12.2012 00:48:04
LUKE.DLL : 13.6.0.400 67360 Bytes 14.12.2012 00:48:22
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 10.12.2012 19:13:13
AVREG.DLL : 13.6.0.406 248096 Bytes 10.12.2012 19:13:11
avlode.dll : 13.6.1.402 428832 Bytes 10.12.2012 19:13:14
avlode.rdf : 13.0.0.26 7958 Bytes 10.12.2012 19:13:13
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 21:38:54
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 21:40:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:41:12
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 21:41:28
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 21:41:57
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:56:30
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 17:11:59
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 11:34:28
VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 11:34:28
VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 11:34:28
VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 11:34:28
VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 11:34:28
VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 11:34:28
VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 11:34:28
VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 21:35:24
VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 13:47:41
VBASE016.VDF : 7.11.51.221 164352 Bytes 29.11.2012 21:54:20
VBASE017.VDF : 7.11.52.29 158208 Bytes 01.12.2012 14:45:47
VBASE018.VDF : 7.11.52.91 116736 Bytes 03.12.2012 20:59:37
VBASE019.VDF : 7.11.52.151 137728 Bytes 05.12.2012 20:25:50
VBASE020.VDF : 7.11.52.225 157696 Bytes 06.12.2012 20:22:47
VBASE021.VDF : 7.11.53.35 126976 Bytes 08.12.2012 14:14:11
VBASE022.VDF : 7.11.53.55 225792 Bytes 09.12.2012 18:06:07
VBASE023.VDF : 7.11.53.93 157184 Bytes 10.12.2012 19:13:09
VBASE024.VDF : 7.11.53.169 153088 Bytes 12.12.2012 00:47:53
VBASE025.VDF : 7.11.53.170 2048 Bytes 12.12.2012 00:47:53
VBASE026.VDF : 7.11.53.171 2048 Bytes 12.12.2012 00:47:53
VBASE027.VDF : 7.11.53.172 2048 Bytes 12.12.2012 00:47:53
VBASE028.VDF : 7.11.53.173 2048 Bytes 12.12.2012 00:47:54
VBASE029.VDF : 7.11.53.174 2048 Bytes 12.12.2012 00:47:54
VBASE030.VDF : 7.11.53.175 2048 Bytes 12.12.2012 00:47:54
VBASE031.VDF : 7.11.53.224 99328 Bytes 14.12.2012 09:28:01
Engineversion : 8.2.10.222
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 11:38:32
AESCRIPT.DLL : 8.1.4.76 467324 Bytes 14.12.2012 00:47:56
AESCN.DLL : 8.1.10.0 131445 Bytes 14.12.2012 00:47:55
AESBX.DLL : 8.2.5.12 606578 Bytes 21.06.2012 21:42:56
AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 15:52:40
AEPACK.DLL : 8.3.1.0 819574 Bytes 14.12.2012 00:47:55
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 06.11.2012 23:28:09
AEHEUR.DLL : 8.1.4.160 5624184 Bytes 07.12.2012 20:24:46
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 15:54:35
AEGEN.DLL : 8.1.6.12 434549 Bytes 14.12.2012 00:47:54
AEEXP.DLL : 8.3.0.0 184692 Bytes 14.12.2012 00:47:56
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 11:38:31
AECORE.DLL : 8.1.30.0 201079 Bytes 14.12.2012 00:47:54
AEBB.DLL : 8.1.1.4 53619 Bytes 06.11.2012 23:28:07
AVWINLL.DLL : 13.4.0.163 25888 Bytes 03.10.2012 20:39:17
AVPREF.DLL : 13.4.0.360 50464 Bytes 14.12.2012 00:48:03
AVREP.DLL : 13.4.0.360 177952 Bytes 10.12.2012 19:13:12
AVARKT.DLL : 13.6.0.402 260384 Bytes 14.12.2012 00:47:57
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 14.12.2012 00:48:00
SQLITE3.DLL : 3.7.0.1 397088 Bytes 03.10.2012 20:40:10
AVSMTP.DLL : 13.4.0.163 62752 Bytes 03.10.2012 20:39:43
NETNT.DLL : 13.4.0.360 15648 Bytes 14.12.2012 00:48:22
RCIMAGE.DLL : 13.4.0.360 5154080 Bytes 14.12.2012 00:47:51
RCTEXT.DLL : 13.4.0.360 68384 Bytes 14.12.2012 00:47:51
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50ca77da\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Freitag, 14. Dezember 2012 11:39
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '156' Modul(e) wurden durchsucht
Durchsuche Prozess 'UMVPFSrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'NetworkLicenseServer.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedul2.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'afcdpsrv.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'PassThruSvr.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'ThpSrv.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'TODDSrv.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosCoSrv.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'UDSS.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'CALMAIN.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'TecoService.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '187' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPwrMain.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'TCrdMain.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVBg64.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'ThpSrv.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'HDMICtrlMan.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosReelTimeMonitor.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosNcCore.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'TemproTray.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedhlp.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'TOPI.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'msnmsgr.exe' - '167' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosDIMonitor.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'TcrdKBB.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'HCMSoundChanger.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPointII.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'KeNotify.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'ItSecMng.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'TSleepSrv.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ToshibaServiceStation.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'TRCMan.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'LWS.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueImageMonitor.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'CameraHelperShell.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'HpqSRmon.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'htcUPCTLoader.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'TMachInfo.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFIWmxSvcs64.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPCHSrv.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosSmartSrv.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosSENotify.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPCHWMsg.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'IELowutil.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '128' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_5_502_110_ActiveX.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '143' Modul(e) wurden durchsucht
Durchsuche Prozess 'aswMBR.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\windows\system32\svchost.exe'
Signiert -> 'C:\windows\system32\winlogon.exe'
Signiert -> 'C:\windows\explorer.exe'
Signiert -> 'C:\windows\system32\smss.exe'
Signiert -> 'C:\windows\system32\wininet.DLL'
Signiert -> 'C:\windows\system32\wsock32.DLL'
Signiert -> 'C:\windows\system32\ws2_32.DLL'
Signiert -> 'C:\windows\system32\services.exe'
Signiert -> 'C:\windows\system32\lsass.exe'
Signiert -> 'C:\windows\system32\csrss.exe'
Signiert -> 'C:\windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\windows\system32\spoolsv.exe'
Signiert -> 'C:\windows\system32\alg.exe'
Signiert -> 'C:\windows\system32\wuauclt.exe'
Signiert -> 'C:\windows\system32\advapi32.DLL'
Signiert -> 'C:\windows\system32\user32.DLL'
Signiert -> 'C:\windows\system32\gdi32.DLL'
Signiert -> 'C:\windows\system32\kernel32.DLL'
Signiert -> 'C:\windows\system32\ntdll.DLL'
Signiert -> 'C:\windows\system32\ntoskrnl.exe'
Signiert -> 'C:\windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Privat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5b3d8ec2-6571ae40'
C:\Users\Privat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5b3d8ec2-6571ae40
[FUND] Ist das Trojanische Pferd TR/Ransom.EJ.84
Beginne mit der Desinfektion:
C:\Users\Privat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5b3d8ec2-6571ae40
[FUND] Ist das Trojanische Pferd TR/Ransom.EJ.84
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5934a1e8.qua' verschoben!
Ende des Suchlaufs: Freitag, 14. Dezember 2012 11:42
Benötigte Zeit: 00:54 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1190 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1189 Dateien ohne Befall
11 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Die Suchergebnisse werden an den Guard übermittelt.
Code:
ATTFilter
Avira Internet Security
Erstellungsdatum der Reportdatei: Freitag, 14. Dezember 2012 12:39
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : ***
Seriennummer : 2220316572-ISECE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Privat
Computername : BELLO
Versionsinformationen:
BUILD.DAT : 13.0.0.2890 57207 Bytes 05.12.2012 17:09:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 14.12.2012 00:48:04
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 14.12.2012 00:48:04
LUKE.DLL : 13.6.0.400 67360 Bytes 14.12.2012 00:48:22
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 10.12.2012 19:13:13
AVREG.DLL : 13.6.0.406 248096 Bytes 10.12.2012 19:13:11
avlode.dll : 13.6.1.402 428832 Bytes 10.12.2012 19:13:14
avlode.rdf : 13.0.0.26 7958 Bytes 10.12.2012 19:13:13
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 21:38:54
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 21:40:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:41:12
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 21:41:28
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 21:41:57
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:56:30
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 17:11:59
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 11:34:28
VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 11:34:28
VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 11:34:28
VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 11:34:28
VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 11:34:28
VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 11:34:28
VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 11:34:28
VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 21:35:24
VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 13:47:41
VBASE016.VDF : 7.11.51.221 164352 Bytes 29.11.2012 21:54:20
VBASE017.VDF : 7.11.52.29 158208 Bytes 01.12.2012 14:45:47
VBASE018.VDF : 7.11.52.91 116736 Bytes 03.12.2012 20:59:37
VBASE019.VDF : 7.11.52.151 137728 Bytes 05.12.2012 20:25:50
VBASE020.VDF : 7.11.52.225 157696 Bytes 06.12.2012 20:22:47
VBASE021.VDF : 7.11.53.35 126976 Bytes 08.12.2012 14:14:11
VBASE022.VDF : 7.11.53.55 225792 Bytes 09.12.2012 18:06:07
VBASE023.VDF : 7.11.53.93 157184 Bytes 10.12.2012 19:13:09
VBASE024.VDF : 7.11.53.169 153088 Bytes 12.12.2012 00:47:53
VBASE025.VDF : 7.11.53.170 2048 Bytes 12.12.2012 00:47:53
VBASE026.VDF : 7.11.53.171 2048 Bytes 12.12.2012 00:47:53
VBASE027.VDF : 7.11.53.172 2048 Bytes 12.12.2012 00:47:53
VBASE028.VDF : 7.11.53.173 2048 Bytes 12.12.2012 00:47:54
VBASE029.VDF : 7.11.53.174 2048 Bytes 12.12.2012 00:47:54
VBASE030.VDF : 7.11.53.175 2048 Bytes 12.12.2012 00:47:54
VBASE031.VDF : 7.11.53.226 111616 Bytes 14.12.2012 11:28:03
Engineversion : 8.2.10.222
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 11:38:32
AESCRIPT.DLL : 8.1.4.76 467324 Bytes 14.12.2012 00:47:56
AESCN.DLL : 8.1.10.0 131445 Bytes 14.12.2012 00:47:55
AESBX.DLL : 8.2.5.12 606578 Bytes 21.06.2012 21:42:56
AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 15:52:40
AEPACK.DLL : 8.3.1.0 819574 Bytes 14.12.2012 00:47:55
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 06.11.2012 23:28:09
AEHEUR.DLL : 8.1.4.160 5624184 Bytes 07.12.2012 20:24:46
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 15:54:35
AEGEN.DLL : 8.1.6.12 434549 Bytes 14.12.2012 00:47:54
AEEXP.DLL : 8.3.0.0 184692 Bytes 14.12.2012 00:47:56
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 11:38:31
AECORE.DLL : 8.1.30.0 201079 Bytes 14.12.2012 00:47:54
AEBB.DLL : 8.1.1.4 53619 Bytes 06.11.2012 23:28:07
AVWINLL.DLL : 13.4.0.163 25888 Bytes 03.10.2012 20:39:17
AVPREF.DLL : 13.4.0.360 50464 Bytes 14.12.2012 00:48:03
AVREP.DLL : 13.4.0.360 177952 Bytes 10.12.2012 19:13:12
AVARKT.DLL : 13.6.0.402 260384 Bytes 14.12.2012 00:47:57
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 14.12.2012 00:48:00
SQLITE3.DLL : 3.7.0.1 397088 Bytes 03.10.2012 20:40:10
AVSMTP.DLL : 13.4.0.163 62752 Bytes 03.10.2012 20:39:43
NETNT.DLL : 13.4.0.360 15648 Bytes 14.12.2012 00:48:22
RCIMAGE.DLL : 13.4.0.360 5154080 Bytes 14.12.2012 00:47:51
RCTEXT.DLL : 13.4.0.360 68384 Bytes 14.12.2012 00:47:51
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Freitag, 14. Dezember 2012 12:39
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'UMVPFSrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'NetworkLicenseServer.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedul2.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'afcdpsrv.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingDesktopUpdater.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'PassThruSvr.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'ThpSrv.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'TODDSrv.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosCoSrv.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'UDSS.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'CALMAIN.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'TecoService.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '175' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPwrMain.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'TCrdMain.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVBg64.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'ThpSrv.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'HDMICtrlMan.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosReelTimeMonitor.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosNcCore.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'TemproTray.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedhlp.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'TOPI.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'msnmsgr.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosDIMonitor.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'LauschAngriff.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'TcrdKBB.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'HCMSoundChanger.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'KeNotify.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'ItSecMng.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'TSleepSrv.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'ToshibaServiceStation.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'TRCMan.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'LWS.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueImageMonitor.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'CameraHelperShell.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'HpqSRmon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'htcUPCTLoader.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingDesktop.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFIWmxSvcs64.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'TMachInfo.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosSmartSrv.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPCHSrv.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosSENotify.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPCHWMsg.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'EXCEL.EXE' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'OSE.EXE' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'OUTLOOK.EXE' - '224' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\windows\system32\svchost.exe'
Signiert -> 'C:\windows\system32\winlogon.exe'
Signiert -> 'C:\windows\explorer.exe'
Signiert -> 'C:\windows\system32\smss.exe'
Signiert -> 'C:\windows\system32\wininet.DLL'
Signiert -> 'C:\windows\system32\wsock32.DLL'
Signiert -> 'C:\windows\system32\ws2_32.DLL'
Signiert -> 'C:\windows\system32\services.exe'
Signiert -> 'C:\windows\system32\lsass.exe'
Signiert -> 'C:\windows\system32\csrss.exe'
Signiert -> 'C:\windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\windows\system32\spoolsv.exe'
Signiert -> 'C:\windows\system32\alg.exe'
Signiert -> 'C:\windows\system32\wuauclt.exe'
Signiert -> 'C:\windows\system32\advapi32.DLL'
Signiert -> 'C:\windows\system32\user32.DLL'
Signiert -> 'C:\windows\system32\gdi32.DLL'
Signiert -> 'C:\windows\system32\kernel32.DLL'
Signiert -> 'C:\windows\system32\ntdll.DLL'
Signiert -> 'C:\windows\system32\ntoskrnl.exe'
Signiert -> 'C:\windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '13567' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <TI30780700C>
[0] Archivtyp: Runtime Packed
--> C:\Users\Privat\AB Datensic\I\Setu\Creat\***\testfer\individuals\ens\***\em05.jpg
[1] Archivtyp: MacBinary
--> em05jpg.rsrc
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\Privat\AB Datensic\I\Setu\Creat\***\testfer\individuals\ens\***\em05.jpg
[WARNUNG] Die Datei konnte nicht gelesen werden!
Beginne mit der Suche in 'D:\'
--> C:\Users\Privat\Documents\Programme, Setup\setup\BitTorrent-6.1.2.exe
[1] Archivtyp: NSIS
--> C:\Users\Privat\Program Files (x86)\DNA\btdna.exe
[2] Archivtyp: Runtime Packed
--> D:\BELLO\Backup Set 2012-11-22 200005\Backup Files 2012-11-22 200005\Backup files 101.zip
[3] Archivtyp: ZIP
--> C/Users/Privat/Downloads/301.42-notebook-win7-winvista-64bit-international-whql.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
D:\BELLO\Backup Set 2012-11-22 200005\Backup Files 2012-11-22 200005\Backup files 101.zip
[WARNUNG] Die Datei konnte nicht gelesen werden!
--> D:\BELLO\Backup Set 2012-11-22 200005\Backup Files 2012-11-22 200005\Backup files 16.zip
[3] Archivtyp: ZIP
--> D:\BELLO\Backup Set 2012-11-22 200005\Backup Files 2012-11-22 200005\Backup files 21.zip
[4] Archivtyp: ZIP
--> D:\BELLO\Backup Set 2012-11-22 200005\Backup Files 2012-11-22 200005\Backup files 88.zip
[5] Archivtyp: ZIP
--> C/Users/Privat/Documents/Programme, Setup/setup/301.42-notebook-win7-winvista-64bit-international-whql.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
D:\BELLO\Backup Set 2012-11-22 200005\Backup Files 2012-11-22 200005\Backup files 88.zip
[WARNUNG] Die Datei konnte nicht gelesen werden!
--> D:\BELLO\Backup Set 2012-11-22 200005\Backup Files 2012-11-22 200005\Backup files 92.zip
[5] Archivtyp: ZIP
--> C/Users/Privat/Documents/Programme, Setup/setup/AIO_CDB_NonNet_Full_Win_WW_130_141.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
D:\BELLO\Backup Set 2012-11-22 200005\Backup Files 2012-11-22 200005\Backup files 92.zip
[WARNUNG] Die Datei konnte nicht gelesen werden!
--> D:\BELLO\Backup Set 2012-11-22 200005\Backup Files 2012-11-23 181857\Backup files 336.zip
[5] Archivtyp: ZIP
--> C/Users/Privat/AB Datensic/I/Setu/Creat/***/testfer/individuals/ens/***/em05.jpg
[6] Archivtyp: MacBinary
--> em05jpg.rsrc
[WARNUNG] Die Datei konnte nicht gelesen werden!
--> D:\BELLO\Backup Set 2012-11-22 200005\Backup Files 2012-12-09 200002\Backup files 1.zip
[5] Archivtyp: ZIP
--> C/Users/Privat/wgsdgsdgdsgsd.exe
[FUND] Ist das Trojanische Pferd TR/Ransom.EJ.84
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> C/Users/Privat/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/2/5b3d8ec2-1419a697
[6] Archivtyp: ZIP
--> hw.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DJ
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> mac.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DK
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> test.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DL
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> C/Users/Privat/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/2/5b3d8ec2-22c8f11d
[6] Archivtyp: ZIP
--> hw.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DJ
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> mac.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DK
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> test.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DL
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> C/Users/Privat/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/2/5b3d8ec2-6571ae40
[FUND] Ist das Trojanische Pferd TR/Ransom.EJ.84
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> C/Users/Privat/AppData/Roaming/Microsoft/eslione.exe
[FUND] Ist das Trojanische Pferd TR/Ransom.EJ.84
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
D:\BELLO\Backup Set 2012-11-22 200005\Backup Files 2012-12-09 200002\Backup files 1.zip
[FUND] Ist das Trojanische Pferd TR/Ransom.EJ.84
Beginne mit der Desinfektion:
D:\BELLO\Backup Set 2012-11-22 200005\Backup Files 2012-12-09 200002\Backup files 1.zip
[FUND] Ist das Trojanische Pferd TR/Ransom.EJ.84
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51f0dd34.qua' verschoben!
Ende des Suchlaufs: Freitag, 14. Dezember 2012 19:29
Benötigte Zeit: 5:51:29 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
43439 Verzeichnisse wurden überprüft
2372782 Dateien wurden geprüft
10 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
2372772 Dateien ohne Befall
32943 Archive wurden durchsucht
13 Warnungen
1 Hinweise
1286901 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Hier nun die Log-Datei von ADWCleaner: Code:
ATTFilter # AdwCleaner v2.101 - Datei am 18/12/2012 um 18:23:05 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Syiam - BELLO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Syiam\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Partner
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v13.0.1 (de)
Profilname : default
Datei : C:\Users\Syiam\AppData\Roaming\Mozilla\Firefox\Profiles\md98onoz.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [834 octets] - [18/12/2012 18:23:05]
########## EOF - C:\AdwCleaner[S1].txt - [893 octets] ##########
Code:
ATTFilter ComboFix 12-12-17.02 - *** 18.12.2012 18:38:11.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8169.5896 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\3D.lnk
c:\users\Privat\AppData\Local\assembly\tmp
c:\users\Privat\WINDOWS
c:\users\***\AppData\Local\Temp\7zS7227\HPSLPSVC64.DLL
c:\users\***\Documents\DPE.DUS
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-18 bis 2012-12-18 ))))))))))))))))))))))))))))))
.
.
2012-12-18 17:44 . 2012-12-18 17:44 -------- d-----w- c:\users\Privat\AppData\Local\temp
2012-12-18 17:44 . 2012-12-18 17:44 -------- d-----w- c:\users\Metauser\AppData\Local\temp
2012-12-15 18:22 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E38E5F3A-EEBE-4933-8849-E7ECE556D5C4}\mpengine.dll
2012-12-14 11:26 . 2012-12-14 11:26 -------- d-----w- C:\searchplugins
2012-12-14 11:19 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-14 11:18 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-14 11:18 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-14 11:18 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-14 11:18 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 11:18 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 11:18 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-14 11:18 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 11:18 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-14 11:18 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-14 00:03 . 2012-12-14 00:03 -------- d-----w- c:\users\Privat\AppData\Roaming\Malwarebytes
2012-12-13 11:46 . 2012-12-13 11:46 -------- d-----w- c:\users\***\AppData\Local\Programs
2012-12-13 11:45 . 2012-12-13 11:45 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-12-13 11:45 . 2012-12-13 11:45 -------- d-----w- c:\programdata\Malwarebytes
2012-12-13 11:45 . 2012-12-13 11:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-13 11:45 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 22:38 . 2012-12-11 22:38 -------- d-----w- c:\program files (x86)\Spyware Terminator
2012-12-10 06:31 . 2012-12-10 06:31 -------- d-----w- c:\users\***\AppData\Local\Zattoo
2012-12-10 06:31 . 2012-12-10 06:31 -------- d-----w- c:\program files (x86)\Zattoo
2012-12-09 16:20 . 2012-12-09 16:20 -------- d-----w- c:\windows\SysWow64\Wat
2012-12-09 16:20 . 2012-12-09 16:20 -------- d-----w- c:\windows\system32\Wat
2012-12-08 10:47 . 2012-12-08 10:47 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-08 10:47 . 2012-12-08 10:47 -------- d-----r- c:\program files (x86)\Skype
2012-12-03 01:08 . 2012-12-03 01:08 -------- d-----w- c:\users\***\AppData\Roaming\vlc
2012-11-22 18:38 . 2012-11-22 18:38 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-11-22 18:38 . 2012-11-22 18:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 14:14 . 2012-06-23 14:23 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 14:14 . 2012-06-23 14:23 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 11:22 . 2012-06-21 07:53 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-14 00:48 . 2012-10-03 20:59 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-14 00:48 . 2012-10-03 20:59 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-26 09:47 . 2012-10-03 20:59 140936 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-11-26 09:47 . 2012-10-03 20:59 114168 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-10-16 08:38 . 2012-12-02 21:25 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-02 21:25 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-02 21:25 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 08:11 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 08:11 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 08:11 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 08:11 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-14 11:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 20:40 . 2012-10-03 20:59 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-03 17:56 . 2012-11-14 08:11 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 08:10 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 08:10 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 08:10 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 08:10 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 08:10 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 08:10 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 08:10 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 08:10 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 08:10 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 08:10 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-26 09:02 . 2012-09-26 09:02 58368 ----a-w- c:\windows\SysWow64\drivers\FILEM701.SYS
2012-09-25 22:47 . 2012-11-14 08:10 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 08:10 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-23 11:17 . 2012-09-23 11:17 2560 ----a-w- c:\windows\_MSRSTRT.EXE
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2011-03-11 714104]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-22 5587832]
"TrayServer"="c:\progra~2\MAGIX\FILME_~1\TrayServer.exe" [2008-01-17 90112]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"TkBellExe"="c:\program files (x86)\Real\Update\realsched.exe" [2012-06-27 296056]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-14 384800]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-18 925960]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-11-22 2127896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
.
c:\users\Inter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-3 1492352]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-6-24 1380504]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-06-24 1263200]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-04-26 482384]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-11-26 140936]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-10-03 27800]
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-08-18 819976]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-06-24 3246040]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-12-14 656672]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-12-14 400160]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-14 85280]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-12-14 565024]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-29 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UDSS;UDSS;c:\program files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [2011-03-11 30064]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-06-24 285280]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-11-26 114168]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2011-12-26 20592]
S3 DVB7700ALL;TOSHIBA DIB7700 based TV tuner device;c:\windows\system32\Drivers\dvb7700all.sys [2011-01-03 994304]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-05-20 14848]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 6656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-03 175192]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [2012-05-15 398656]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 19:10]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 19:10]
.
2012-12-17 c:\windows\Tasks\ReclaimerUpdateFiles_Privat.job
- c:\users\Privat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-15 22:21]
.
2012-12-17 c:\windows\Tasks\ReclaimerUpdateXML_Privat.job
- c:\users\Privat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-15 22:21]
.
2012-12-18 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Privat.job
- c:\users\Privat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-15 22:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-05 11780712]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-02 2189416]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-03 150992]
"EvtMgr6"="c:\programdata\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-09-22 395344]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\md98onoz.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-06-24 17:21; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:44,28,47,6f,a9,a1,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Canon\CAL\CALMAIN.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-18 18:54:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-18 17:54
.
Vor Suchlauf: 9 Verzeichnis(se), 289.237.770.240 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 292.181.499.904 Bytes frei
.
- - End Of File - - E708C86EE3373B7AD3D5715FA4A21DD9
|
|
18.12.2012, 20:14
| #6 |
| /// TB-Ausbilder | Exploit.Drop.GS, EXP/CVE-2012-0507 Servus, wie läuft der Rechner derzeit?
Code:
ATTFilter C:\searchplugins\*.* /S
|
|
20.12.2012, 21:26
| #7 |
| | Exploit.Drop.GS, EXP/CVE-2012-0507 Der Rechner läuft gut! Hier das OTL-Protokoll: Code:
ATTFilter OTL logfile created on: 20.12.2012 21:09:30 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,44 Gb Available Physical Memory | 68,19% Memory free 15,95 Gb Paging File | 12,93 Gb Available in Paging File | 81,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 681,77 Gb Total Space | 272,09 Gb Free Space | 39,91% Space Free | Partition Type: NTFS Drive D: | 698,63 Gb Total Space | 352,57 Gb Free Space | 50,47% Space Free | Partition Type: NTFS Computer Name: BELLO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.18 21:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.12.14 01:48:22 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.14 01:48:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.12.14 01:48:02 | 000,400,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.12.14 01:48:01 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.14 01:48:01 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.14 01:48:00 | 000,656,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2012.11.22 10:50:02 | 002,127,896 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe PRC - [2012.11.22 10:50:02 | 000,166,424 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.24 12:55:23 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.04.17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.11.11 13:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011.11.11 13:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011.09.22 21:21:12 | 000,395,344 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.09.22 21:20:44 | 005,587,832 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2011.08.18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe PRC - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.03.11 23:14:58 | 000,030,064 | ---- | M] () -- c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe PRC - [2011.03.11 18:12:34 | 000,714,104 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe PRC - [2011.03.10 19:20:00 | 000,701,856 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe PRC - [2011.02.01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.03 23:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2010.08.16 19:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2010.05.21 01:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2010.03.11 23:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.07.29 05:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2009.07.22 22:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2009.03.11 03:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2005.09.30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe ========== Modules (No Company Name) ========== MOD - [2012.07.23 14:10:28 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2011.11.11 13:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll MOD - [2011.11.11 13:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll MOD - [2011.11.11 13:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll MOD - [2011.11.11 13:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll MOD - [2011.11.11 13:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll MOD - [2011.11.11 13:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011.09.22 21:20:28 | 011,233,136 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ) SRV:64bit: - [2011.04.20 20:45:38 | 000,480,256 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2011.04.07 22:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2011.04.06 04:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2010.12.25 05:14:38 | 000,526,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv) SRV:64bit: - [2010.12.09 00:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2010.10.20 23:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.12.14 01:48:22 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.14 01:48:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.12.14 01:48:02 | 000,400,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.12.14 01:48:01 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.14 01:48:00 | 000,656,672 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2012.11.22 10:50:02 | 000,166,424 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.24 12:55:23 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.06.14 23:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.09.22 21:21:28 | 001,114,280 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.08.18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0) SRV - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.03.11 23:14:58 | 000,030,064 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe -- (UDSS) SRV - [2011.02.11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2011.02.10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2011.02.01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.05.21 01:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2010.04.12 19:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.11 23:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.29 01:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.11 03:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.09.30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 01:48:30 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.14 01:48:29 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.26 10:47:57 | 000,140,936 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot) DRV:64bit: - [2012.11.26 10:47:57 | 000,114,168 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim) DRV:64bit: - [2012.10.03 21:40:22 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.24 12:55:28 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012.06.24 12:55:20 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) DRV:64bit: - [2012.06.24 12:55:19 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.06.24 12:55:10 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.05.15 13:55:40 | 000,398,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB) DRV:64bit: - [2012.04.18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.12.26 05:07:57 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.03 02:45:04 | 000,175,192 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2011.04.26 05:51:04 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.02.09 04:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2011.02.04 04:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.01.28 00:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.03 23:16:24 | 000,994,304 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvb7700all.sys -- (DVB7700ALL) DRV:64bit: - [2010.12.18 04:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.18 23:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.06.19 01:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec) DRV:64bit: - [2010.03.22 19:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.31 05:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.15 00:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.30 01:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm) DRV:64bit: - [2009.06.29 19:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv) DRV:64bit: - [2009.06.29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009.06.20 04:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.20 06:59:00 | 000,014,848 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid) DRV:64bit: - [2008.04.25 03:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma) DRV:64bit: - [2007.04.17 20:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {2488A919-E127-42D8-9F7D-ABD1481E78A2} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2488A919-E127-42D8-9F7D-ABD1481E78A2}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_deDE489 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.24 16:21:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.20 14:04:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.30 21:49:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.20 14:03:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.24 16:21:29 | 000,000,000 | ---D | M] [2012.06.30 21:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.06.30 21:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.14 23:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll [2012.12.20 14:03:38 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.18 18:44:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\ProgramData\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\FILME_~1\TrayServer.exe (MAGIX AG) O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85E547C4-8E8D-4993-A22A-1C847AA2C64C}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.20 14:04:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks [2012.12.20 14:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks [2012.12.20 14:04:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012.12.20 14:03:51 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll [2012.12.20 14:03:34 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll [2012.12.20 14:03:34 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll [2012.12.20 14:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2012.12.20 14:03:32 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll [2012.12.18 21:02:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.12.18 18:47:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.12.18 18:35:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012.12.18 18:35:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012.12.18 18:35:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012.12.18 18:34:47 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.18 18:34:30 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012.12.18 18:32:29 | 005,012,571 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.12.16 15:19:10 | 271,698,832 | ---- | C] (Avira GmbH) -- C:\Users\***\Desktop\rescue_system-common-en.exe [2012.12.14 12:26:45 | 000,000,000 | ---D | C] -- C:\searchplugins [2012.12.14 12:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing-Desktop [2012.12.14 12:21:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012.12.14 12:21:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012.12.14 12:21:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012.12.14 12:21:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012.12.14 12:21:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012.12.14 12:21:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012.12.14 12:21:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012.12.14 12:21:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012.12.14 12:21:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012.12.14 12:21:19 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012.12.14 12:21:19 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012.12.14 12:21:19 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012.12.14 12:21:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012.12.14 12:21:18 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012.12.14 12:21:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012.12.14 12:19:04 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2012.12.14 12:19:03 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2012.12.14 12:19:02 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2012.12.14 12:19:02 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2012.12.14 12:19:01 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2012.12.14 12:19:01 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2012.12.14 12:19:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2012.12.14 12:19:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2012.12.14 12:19:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2012.12.14 12:19:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2012.12.14 12:19:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2012.12.14 12:19:01 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.14 12:19:01 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.14 12:19:01 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.14 12:19:01 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.14 12:19:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2012.12.14 12:19:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.14 12:19:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.14 12:19:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.14 12:19:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.14 12:19:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.14 12:19:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.14 12:19:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.14 12:19:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.14 12:19:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.14 12:19:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.14 12:19:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.14 12:19:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.14 12:19:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.14 12:19:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.14 12:19:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2012.12.14 12:18:25 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2012.12.14 12:18:25 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2012.12.14 12:18:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2012.12.14 12:18:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2012.12.14 12:18:24 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll [2012.12.14 12:18:24 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll [2012.12.13 13:27:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Removal [2012.12.13 12:46:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2012.12.13 12:45:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.12.13 12:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.13 12:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.13 12:45:34 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.12.13 12:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.11 23:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2012.12.10 07:31:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Zattoo [2012.12.10 07:31:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo [2012.12.10 07:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo [2012.12.10 07:31:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo [2012.12.09 17:20:41 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat [2012.12.09 17:20:40 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat [2012.12.08 11:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.08 11:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.12.08 11:47:46 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.12.04 10:00:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CEB66F71-947F-4594-9D7B-CE74069DA866} [2012.12.04 10:00:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{84FFCA4B-ECCC-46CA-87BD-D9EE75CC871C} [2012.12.03 02:08:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2012.12.02 22:25:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012.12.02 22:25:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012.12.02 22:25:58 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll [2012.12.02 22:25:57 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe [2012.12.02 22:25:57 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe [2012.12.02 22:25:57 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe [2012.12.02 22:25:57 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll [2012.12.02 22:25:57 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll [2012.12.02 22:25:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll [2012.12.02 22:25:57 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll [2012.12.02 22:25:57 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll [2012.12.02 22:25:57 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe [2012.12.02 22:25:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys [2012.12.02 22:25:57 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll [2012.12.02 22:25:57 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll [2012.12.02 22:25:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll [2012.12.02 22:25:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll [2012.12.02 22:25:57 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll [2012.12.02 22:25:57 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbGD.sys [2012.12.02 22:25:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys [2012.12.02 22:25:57 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll [2012.12.02 22:25:57 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll [2012.12.02 22:25:56 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll [2012.12.02 22:25:56 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll [2012.12.02 22:25:56 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll [2012.12.02 22:25:07 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2012.12.02 22:25:07 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll ========== Files - Modified Within 30 Days ========== [2012.12.20 21:07:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.20 20:07:00 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.20 14:03:51 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll [2012.12.20 14:03:34 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll [2012.12.20 14:03:34 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll [2012.12.20 14:03:32 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll [2012.12.19 11:01:00 | 001,507,106 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.12.19 11:01:00 | 000,657,676 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.12.19 11:01:00 | 000,618,912 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.12.19 11:01:00 | 000,131,016 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.12.19 11:01:00 | 000,107,232 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.12.18 21:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.12.18 19:09:08 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.18 19:09:08 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.18 19:00:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.12.18 19:00:39 | 2129,149,951 | -HS- | M] () -- C:\hiberfil.sys [2012.12.18 18:44:54 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012.12.18 18:32:44 | 005,012,571 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.12.18 18:19:53 | 000,547,175 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.12.16 22:34:53 | 000,465,936 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.12.16 15:30:49 | 271,698,832 | ---- | M] (Avira GmbH) -- C:\Users\***\Desktop\rescue_system-common-en.exe [2012.12.16 15:14:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.12.16 15:14:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.14 12:26:45 | 000,000,000 | ---- | M] () -- C:\search.sqlite [2012.12.14 01:48:30 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2012.12.14 01:48:29 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2012.12.13 13:29:23 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.12.12 14:42:05 | 001,526,948 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.12.10 07:31:03 | 000,001,858 | ---- | M] () -- C:\Users\***\Desktop\Zattoo.lnk [2012.12.03 02:17:47 | 000,007,670 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.12.02 19:22:08 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\lvuvc.hs [2012.11.26 10:48:42 | 000,000,038 | ---- | M] () -- C:\windows\SysNative\InstallationInfs [2012.11.26 10:47:57 | 000,140,936 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avfwot.sys [2012.11.26 10:47:57 | 000,114,168 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avfwim.sys ========== Files Created - No Company Name ========== [2012.12.18 18:35:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012.12.18 18:35:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012.12.18 18:35:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012.12.18 18:35:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012.12.18 18:35:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012.12.18 18:19:53 | 000,547,175 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.12.14 12:26:45 | 000,000,000 | ---- | C] () -- C:\search.sqlite [2012.12.13 13:29:23 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.12.12 14:42:05 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.12.10 07:31:03 | 000,001,858 | ---- | C] () -- C:\Users\***\Desktop\Zattoo.lnk [2012.09.23 12:17:09 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE [2012.09.13 07:31:07 | 000,245,561 | ---- | C] () -- C:\windows\hpoins19.dat.temp [2012.08.07 23:55:59 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.07.26 21:39:14 | 000,011,425 | ---- | C] () -- C:\Users\***\gsview64.ini [2012.06.26 09:59:42 | 000,007,670 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.06.24 16:27:07 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat.temp [2012.06.24 16:15:37 | 000,245,227 | ---- | C] () -- C:\windows\hpoins19.dat [2012.06.24 16:15:37 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat [2012.06.24 15:11:56 | 000,120,200 | ---- | C] () -- C:\windows\SysWow64\DLLDEV32i.dll [2012.06.24 15:10:09 | 000,007,119 | ---- | C] () -- C:\windows\mgxoschk.ini [2012.06.24 01:38:26 | 000,000,020 | ---- | C] () -- C:\windows\LauschAngriff.ini [2012.06.24 00:30:35 | 000,000,798 | ---- | C] () -- C:\windows\wiso.ini [2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe [2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll [2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll [2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe [2011.12.26 05:48:09 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI [2011.02.04 04:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2010.10.29 16:54:35 | 000,008,813 | ---- | C] () -- C:\Users\***\gsview32.ini [2010.10.29 16:52:05 | 000,035,328 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.29 16:36:30 | 000,000,138 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < C:\searchplugins\*.* /S > < End of report > |
|
21.12.2012, 19:59
| #8 |
| /// TB-Ausbilder | Exploit.Drop.GS, EXP/CVE-2012-0507 Servus, hört sich schon mal gut an.  Wir kontrollieren nochmal alles: Schritt 1
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
|
22.12.2012, 21:43
| #9 |
| | Exploit.Drop.GS, EXP/CVE-2012-0507 Danke, Matthias! Ich habe jetzt lediglich das Problem, dass ich in den Weinachtsurlaub gestartet bin...  Ich hatte in der fraglichen Zeit eine externe Festplatte an den Rechner angeschlossen - die habe ich jetzt aber nicht mitgenommen. Ich werde mal die anderen Dinge erledigen und den Online-Scan durchführen, wenn ich wieder zuhause bin... OK? Hoffe, Du hast auch ein paar ruhige Tage! Viele Grüße |
|
23.12.2012, 10:50
| #10 |
| /// TB-Ausbilder | Exploit.Drop.GS, EXP/CVE-2012-0507 Servus, dann warte ich ein paar Tage. |
|
29.12.2012, 11:49
| #11 |
| /// TB-Ausbilder | Exploit.Drop.GS, EXP/CVE-2012-0507 Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
| Themen zu Exploit.Drop.GS, EXP/CVE-2012-0507 |
| antivir, avira, bho, canon, checkliste, computer, desktop, diner dash, error, exp/cve-2012-0507, exploit.drop.gs, firefox, flash player, helper, home, homepage, iexplore.exe, install.exe, internet, logfile, lws.exe, mozilla, office 2007, officejet, plug-in, popup, realtek, registry, remote control, scan, security, senden, software, spyware, svchost.exe, trojaner, updates, usb 3.0, wgsdgsdgdsgsd.exe, wildtangent games |
WARNUNG an die MITLESER: 
Textbox.
Linear-Darstellung
