|
Log-Analyse und Auswertung: GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dllWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.12.2012, 18:44 | #1 |
| GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dll Hallo, ich habe mir wohl einen Trojaner eingefangen. Beim Starten des PC wird eine Sperrseite geöffnet und ich werde zur Zahlung von 100,00€ aufgefordert. Wie beschrieben habe ich erst den vollständigen Avira Virenscan durchgeführt. Dabei sind die in der Überschrift genannten Viren / Trojaner gefunden und in die Quarantäne verschoben worden. (*edit: bei der Durchsicht der Ergebnisse von Avira wurde noch folgender Virus gefunden. 'C:\Users\DW\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7a0b5bcb-111e3623' enthielt einen Virus oder unerwünschtes Programm 'JAVA/Jogek.QK' [virus]) Die Avira-Reports sind ganz am Ende dieses Beitrags Bei dem nächsten Systemneustart hatte ich das selbe Problem erneut. Ich habe defogger gestartet OTL gestartet und folgendes Ergebnis bekommen:OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.12.2012 18:18:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DW\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 61,88% Memory free 7,93 Gb Paging File | 6,20 Gb Available in Paging File | 78,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 89,15 Gb Free Space | 59,81% Space Free | Partition Type: NTFS Drive D: | 148,65 Gb Total Space | 142,09 Gb Free Space | 95,58% Space Free | Partition Type: NTFS Drive F: | 14,92 Gb Total Space | 3,91 Gb Free Space | 26,20% Space Free | Partition Type: FAT32 Computer Name: DW-NOTEBOOK | User Name: DW | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.27 16:07:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DW\Desktop\OTL.exe PRC - [2012.12.11 17:34:58 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 17:34:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.11 17:34:23 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe PRC - [2009.08.11 10:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe PRC - [2009.07.14 18:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe PRC - [2009.03.10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2009.01.13 20:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe ========== Modules (No Company Name) ========== MOD - [2009.02.27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu ========== Services (SafeList) ========== SRV:64bit: - [2009.07.29 22:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2012.12.11 20:34:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.11 17:34:58 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 17:34:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.09 17:46:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.12.28 21:54:57 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.09.23 16:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009.08.27 12:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV - [2009.08.17 09:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009.08.10 18:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009.08.06 15:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2009.08.05 13:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2009.08.04 10:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV - [2009.08.03 17:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV - [2009.07.14 18:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.03.10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 17:35:11 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 17:35:10 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.02 11:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.09.28 20:57:28 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen) DRV:64bit: - [2009.08.26 17:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2009.07.30 20:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.30 16:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.07.30 11:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.24 14:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2009.07.20 16:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.22 21:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.20 17:04:56 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.05.08 10:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2008.01.20 09:06:35 | 000,057,776 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2007.05.14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{379B8695-37B8-4CF5-A765-4A2C7D1302D3}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{E3A9CBF0-7071-4F22-80F6-A8D9714B2A8F}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/|hxxp://dict.leo.org/chde?searchLoc=1&searchLocRelinked=1&lp=chde&search=&lp=chde&lang=de&searchLoc=-1|hxxp://www.hr-online.de/website/radio/home/index.jsp|hxxp://www.wetteronline.de/" FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.3.4 FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7B78e516ef-11de-47a1-8364-a99b917ec5ee%7D:10.13.40.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.0.1.20090924050608 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DW\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DW\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.26 11:43:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.09 17:45:55 | 000,000,000 | ---D | M] [2009.12.17 10:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DW\AppData\Roaming\mozilla\Extensions [2012.12.02 19:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DW\AppData\Roaming\mozilla\Firefox\Profiles\gh4awfwx.default\extensions [2012.12.02 19:59:58 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\DW\AppData\Roaming\mozilla\Firefox\Profiles\gh4awfwx.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.11.13 16:38:24 | 000,000,000 | ---D | M] (FileConverter 1.3) -- C:\Users\DW\AppData\Roaming\mozilla\Firefox\Profiles\gh4awfwx.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee} [2012.11.17 06:47:30 | 000,510,620 | ---- | M] () (No name found) -- C:\Users\DW\AppData\Roaming\mozilla\firefox\profiles\gh4awfwx.default\extensions\toolbar@gmx.net.xpi [2012.11.17 06:47:36 | 000,000,911 | ---- | M] () -- C:\Users\DW\AppData\Roaming\mozilla\firefox\profiles\gh4awfwx.default\searchplugins\11-suche.xml [2012.11.17 06:47:35 | 000,002,273 | ---- | M] () -- C:\Users\DW\AppData\Roaming\mozilla\firefox\profiles\gh4awfwx.default\searchplugins\englische-ergebnisse.xml [2012.11.17 06:47:35 | 000,010,563 | ---- | M] () -- C:\Users\DW\AppData\Roaming\mozilla\firefox\profiles\gh4awfwx.default\searchplugins\gmx-suche.xml [2012.11.17 06:47:35 | 000,002,432 | ---- | M] () -- C:\Users\DW\AppData\Roaming\mozilla\firefox\profiles\gh4awfwx.default\searchplugins\lastminute.xml [2012.11.17 06:47:35 | 000,005,545 | ---- | M] () -- C:\Users\DW\AppData\Roaming\mozilla\firefox\profiles\gh4awfwx.default\searchplugins\webde-suche.xml [2012.12.26 11:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.09 17:45:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\DW\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DW\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DW\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U14 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DD035AF-F1ED-43A8-9884-65C101211305}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6556F80-DEDB-4C79-BEDB-9EB447F983CF}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autoplay.exe -auto O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autoplay.exe -auto O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.27 18:17:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DW\Desktop\OTL.exe [2012.12.26 12:13:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.12.25 19:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.24 15:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.12.09 17:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.27 18:16:55 | 000,000,000 | ---- | M] () -- C:\Users\DW\defogger_reenable [2012.12.27 17:35:29 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4133499110-3974967386-4172841287-1000UA.job [2012.12.27 17:35:19 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4133499110-3974967386-4172841287-1000Core.job [2012.12.27 17:28:37 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.27 17:28:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.27 16:45:28 | 000,050,477 | ---- | M] () -- C:\Users\DW\Desktop\Defogger.exe [2012.12.27 16:14:41 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.27 16:14:41 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.27 16:14:41 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.27 16:14:41 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.27 16:14:41 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.27 16:13:56 | 000,002,066 | ---- | M] () -- C:\Users\DW\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.12.27 16:13:56 | 000,001,995 | ---- | M] () -- C:\Users\DW\Desktop\Avira DE-Cleaner.lnk [2012.12.27 16:07:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DW\Desktop\OTL.exe [2012.12.27 16:02:16 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.27 15:55:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.26 21:06:46 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.26 19:35:39 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.26 19:35:39 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.26 19:27:38 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys [2012.12.26 11:43:59 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.12.25 19:43:11 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.25 07:50:30 | 000,002,814 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.22 07:13:23 | 000,430,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.13 19:46:00 | 000,002,441 | ---- | M] () -- C:\Users\DW\Desktop\Google Chrome.lnk [2012.12.11 17:35:11 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.11 17:35:10 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.11 04:29:27 | 000,021,378 | ---- | M] () -- C:\Users\DW\Desktop\niu.jpeg [2012.12.08 16:34:24 | 000,013,063 | ---- | M] () -- C:\Users\DW\Desktop\030uhl.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.27 18:16:55 | 000,000,000 | ---- | C] () -- C:\Users\DW\defogger_reenable [2012.12.27 18:15:53 | 000,050,477 | ---- | C] () -- C:\Users\DW\Desktop\Defogger.exe [2012.12.27 16:13:03 | 000,002,066 | ---- | C] () -- C:\Users\DW\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.12.27 16:13:03 | 000,001,995 | ---- | C] () -- C:\Users\DW\Desktop\Avira DE-Cleaner.lnk [2012.12.25 07:50:30 | 000,002,814 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.25 07:50:25 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.11 04:29:26 | 000,021,378 | ---- | C] () -- C:\Users\DW\Desktop\niu.jpeg [2012.12.08 16:34:23 | 000,013,063 | ---- | C] () -- C:\Users\DW\Desktop\030uhl.jpg [2012.11.24 09:06:14 | 340,178,688 | ---- | C] () -- C:\Users\DW\Downloads.rar [2012.05.29 11:34:02 | 000,000,288 | ---- | C] () -- C:\Users\DW\AppData\Roaming\.backup.dm [2011.07.22 19:50:34 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll [2009.11.05 18:24:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2009.11.03 16:00:55 | 000,000,000 | ---D | M] -- C:\Users\DW\AppData\Roaming\Canneverbe_Limited [2012.04.07 14:06:14 | 000,000,000 | ---D | M] -- C:\Users\DW\AppData\Roaming\Garmin [2012.05.30 11:02:57 | 000,000,000 | ---D | M] -- C:\Users\DW\AppData\Roaming\go [2011.07.24 18:40:29 | 000,000,000 | ---D | M] -- C:\Users\DW\AppData\Roaming\Tencent [2009.12.30 21:54:48 | 000,000,000 | ---D | M] -- C:\Users\DW\AppData\Roaming\Toshiba ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.12.2012 18:18:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DW\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 61,88% Memory free 7,93 Gb Paging File | 6,20 Gb Available in Paging File | 78,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 89,15 Gb Free Space | 59,81% Space Free | Partition Type: NTFS Drive D: | 148,65 Gb Total Space | 142,09 Gb Free Space | 95,58% Space Free | Partition Type: NTFS Drive F: | 14,92 Gb Total Space | 3,91 Gb Free Space | 26,20% Space Free | Partition Type: FAT32 Computer Name: DW-NOTEBOOK | User Name: DW | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00A1EF96-DB1F-4E51-A2CC-7C2733895995}" = rport=445 | protocol=6 | dir=out | app=system | "{22FE84F7-9CC4-48CF-9479-F198F26F5024}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{34658D0E-ACC9-4F3E-A1BC-98A27442B354}" = rport=10243 | protocol=6 | dir=out | app=system | "{346E2152-84A1-4573-9998-E4A90DD7F98B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4EFAC362-591F-4B55-9793-3772DC0610A6}" = lport=445 | protocol=6 | dir=in | app=system | "{5C65398C-6089-4540-AA3F-A80826AB4027}" = lport=139 | protocol=6 | dir=in | app=system | "{5EF39F44-21D5-45A7-B660-28C01DA349DC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6226CFFD-84E8-4B5F-B446-1EDDFDA2511C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{62D5C5E5-8518-45EC-AD73-A31AD33288F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6798F56F-BDCC-4051-AAE7-7DEF0B911690}" = lport=10243 | protocol=6 | dir=in | app=system | "{7B7656EB-0567-4DFF-9B97-3E01BC06CF0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8981633D-621A-4DBE-9CDA-F9A78B0A1527}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9DEFD246-30AF-4E2C-B4DA-D8D86D4A2653}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{B138BA13-69AF-4B34-8C1D-C4256D337641}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B69AE918-7979-4425-839F-A3AA20F5D48F}" = rport=138 | protocol=17 | dir=out | app=system | "{C16DDA58-EAA4-47B3-A34F-4CD7E2C08BF9}" = lport=138 | protocol=17 | dir=in | app=system | "{C749B0FC-4096-427F-9781-654D94512BE9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CA838E24-0E7F-4F8A-85E9-A601D766B31F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E572543F-C940-46A5-97E7-5B7415369B79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E7CAFBD4-40A8-4835-98E2-589DB4C3C36E}" = rport=139 | protocol=6 | dir=out | app=system | "{EAE3DAF1-626B-4B60-9313-24DA6F414862}" = lport=2869 | protocol=6 | dir=in | app=system | "{EE3ECABE-35A3-4C29-95DB-EC8B6E7AF754}" = lport=137 | protocol=17 | dir=in | app=system | "{F35094DB-6FB8-432A-B2B0-AF46139813F2}" = rport=137 | protocol=17 | dir=out | app=system | "{FA7C403B-6881-4FC7-89ED-FCEFE5CA311D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04D2CF8D-C38E-4DE1-B28D-293A8328A0CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{07BA72F5-9712-4CFE-B6C0-0D2C2409CFEA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{16216147-495D-4CE1-8068-B36A0341DEDC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1BC9C01B-ECE1-4D69-AB52-779771805616}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1C9DF826-157E-4843-851E-FA31ECB19722}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1F7D53E5-CF4A-4D62-9D36-CE588C8E1332}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{20165671-BA88-4E05-B006-70673B4E90C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{21CBA320-415C-4920-88D9-96253BA50D42}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{24784F78-2072-4797-825D-51027E4CFBBE}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe | "{3788A057-0904-4BDE-AC48-658AE4885C5C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3C5D53C7-F148-45D2-AF6F-7C9F80C4ED8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{458212B3-A0DA-429D-9409-7AC3C63A10C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4DF14C9A-6195-49C9-80BA-F6F919ECBD9C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{4F963B9A-AC62-4B81-88D3-B08104C7A8F4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{50E081E8-51C3-4ABC-928C-524FCC7783C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{536E5746-C935-4B4A-9833-BC4C71D4E5A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{729093C5-2ECA-493D-A396-B6878D40353A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7819DACB-8BBC-4B2A-9082-6C61DF518022}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{7AFF3445-3ABA-4DDF-AF9F-35CBC90A77F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7E258F8B-BFE6-4009-BDB7-D628984108B9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{80DD06AE-C499-4F1A-9D3F-6CF780F1E300}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{83FDB92B-6A93-44D8-A256-372BF3873B1C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{873F1FCD-215F-44F5-AE9C-165139E9CEDF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{94F994AC-4204-44EF-8526-B11B32D0D9CD}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe | "{95EB9B41-7B28-46AB-906D-05D028DC8D57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{99432E54-440D-44E7-94BA-32517139372E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B4F5F8A3-6D57-4A37-B52E-43E657E8CD12}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{B9600726-F5C4-45C1-972D-7F5A5163E867}" = protocol=6 | dir=out | app=system | "{C79C4EEB-E887-4C3B-8EAB-520D6F02A96B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{CABDE801-BF36-4098-A79C-96D544A9B69E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E341E35E-8BE7-4C70-A814-CD9DB0758389}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{ECD4165A-A7BA-4806-99AD-033AC5FC2F1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F006F62E-3FB3-4C78-AEDD-C0DC5224AFA3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{F3C20C1F-6CAC-4EFA-AE74-D44CD046BE75}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{498FF767-4BEC-49E9-8F9D-7B1FF36836E2}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{BD1E5FD2-3646-4A30-8F98-0379BFF2F90E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{3EF14999-FF26-44B0-BD90-80ECE2851262}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{E9A16AB5-7873-4F24-8B1A-11F0C93C9BD9}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager "{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64 "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai "{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook "{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist "{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese "{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ "{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish "{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing "{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish "{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}_947" = Adobe Acrobat 9.4.7 - CPSID_83708 "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech "{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light "{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional "{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New "{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "ENTERPRISE" = Microsoft Office Enterprise 2007 "eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "PowerISO" = PowerISO "VLC media player" = VLC media player 1.1.4 "WildTangent toshiba Master Uninstall" = WildTangent-Spiele "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Game Organizer" = EasyBits GO "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.12.2012 10:52:47 | Computer Name = DW-NOTEBOOK | Source = MsiInstaller | ID = 11609 Description = Error - 20.12.2012 16:57:30 | Computer Name = DW-NOTEBOOK | Source = MsiInstaller | ID = 11609 Description = Error - 23.12.2012 09:16:59 | Computer Name = DW-NOTEBOOK | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 23.12.2012 09:16:59 | Computer Name = DW-NOTEBOOK | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 23.12.2012 11:59:52 | Computer Name = DW-NOTEBOOK | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 23.12.2012 12:01:33 | Computer Name = DW-NOTEBOOK | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 25.12.2012 02:58:01 | Computer Name = DW-NOTEBOOK | Source = Application Hang | ID = 1002 Description = Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2f0 Startzeit: 01cde26c276ea5ad Endzeit: 2 Anwendungspfad: C:\Windows\SysWOW64\rundll32.exe Berichts-ID: 65aed8dc-4e60-11e2-b22b-0026223518ea Error - 25.12.2012 16:51:44 | Computer Name = DW-NOTEBOOK | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 25.12.2012 16:53:49 | Computer Name = DW-NOTEBOOK | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 27.12.2012 10:58:11 | Computer Name = DW-NOTEBOOK | Source = Application Hang | ID = 1002 Description = Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c44 Startzeit: 01cde396c960b0ba Endzeit: 16 Anwendungspfad: C:\Windows\SysWOW64\rundll32.exe Berichts-ID: d39a41fb-5035-11e2-8467-0026223518ea [ OSession Events ] Error - 15.11.2011 16:12:51 | Computer Name = DW-NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 928 seconds with 600 seconds of active time. This session ended with a crash. Error - 15.05.2012 03:14:34 | Computer Name = DW-NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 163 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 26.12.2012 06:29:59 | Computer Name = DW-NOTEBOOK | Source = atikmdag | ID = 43029 Description = Display is not active Error - 26.12.2012 14:27:43 | Computer Name = DW-NOTEBOOK | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 26.12.2012 14:27:43 | Computer Name = DW-NOTEBOOK | Source = atikmdag | ID = 43029 Description = Display is not active Error - 26.12.2012 16:06:43 | Computer Name = DW-NOTEBOOK | Source = atikmdag | ID = 43029 Description = Display is not active Error - 27.12.2012 10:55:21 | Computer Name = DW-NOTEBOOK | Source = atikmdag | ID = 43029 Description = Display is not active Error - 27.12.2012 10:56:20 | Computer Name = DW-NOTEBOOK | Source = atikmdag | ID = 43029 Description = Display is not active Error - 27.12.2012 10:56:26 | Computer Name = DW-NOTEBOOK | Source = atikmdag | ID = 43029 Description = Display is not active Error - 27.12.2012 10:58:25 | Computer Name = DW-NOTEBOOK | Source = atikmdag | ID = 43029 Description = Display is not active Error - 27.12.2012 10:58:29 | Computer Name = DW-NOTEBOOK | Source = atikmdag | ID = 43029 Description = Display is not active Error - 27.12.2012 10:58:46 | Computer Name = DW-NOTEBOOK | Source = atikmdag | ID = 43029 Description = Display is not active < End of report > Vielen Dank im voraus für die Unterstützung bei meinem Problem Mfg ######### Avira Free Antivirus Erstellungsdatum der Reportdatei: Dienstag, 25. Dezember 2012 19:47 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : DW Computername : DW-NOTEBOOK Versionsinformationen: BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00 AVSCAN.EXE : 13.6.0.402 639264 Bytes 11.12.2012 16:34:27 AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 16:34:27 LUKE.DLL : 13.6.0.400 67360 Bytes 11.12.2012 16:34:57 AVSCPLR.DLL : 13.6.0.402 93984 Bytes 04.12.2012 14:37:55 AVREG.DLL : 13.6.0.406 248096 Bytes 04.12.2012 17:40:31 avlode.dll : 13.6.1.402 428832 Bytes 04.12.2012 14:36:57 avlode.rdf : 13.0.0.26 7958 Bytes 10.12.2012 16:06:07 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 15:37:16 VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 15:37:16 VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 15:37:16 VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 15:37:17 VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 15:37:17 VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 15:37:17 VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 15:37:17 VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 15:37:03 VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 19:19:59 VBASE016.VDF : 7.11.51.221 164352 Bytes 29.11.2012 19:44:03 VBASE017.VDF : 7.11.52.29 158208 Bytes 01.12.2012 21:33:35 VBASE018.VDF : 7.11.52.91 116736 Bytes 03.12.2012 03:21:36 VBASE019.VDF : 7.11.52.151 137728 Bytes 05.12.2012 03:21:35 VBASE020.VDF : 7.11.52.225 157696 Bytes 06.12.2012 18:44:19 VBASE021.VDF : 7.11.53.35 126976 Bytes 08.12.2012 18:44:19 VBASE022.VDF : 7.11.53.55 225792 Bytes 09.12.2012 18:44:20 VBASE023.VDF : 7.11.53.93 157184 Bytes 10.12.2012 18:44:20 VBASE024.VDF : 7.11.53.169 153088 Bytes 12.12.2012 18:44:21 VBASE025.VDF : 7.11.53.237 152064 Bytes 14.12.2012 18:44:21 VBASE026.VDF : 7.11.54.23 149504 Bytes 17.12.2012 18:44:22 VBASE027.VDF : 7.11.54.67 130048 Bytes 18.12.2012 18:44:22 VBASE028.VDF : 7.11.54.153 292352 Bytes 21.12.2012 18:44:23 VBASE029.VDF : 7.11.54.154 2048 Bytes 21.12.2012 18:44:24 VBASE030.VDF : 7.11.54.155 2048 Bytes 21.12.2012 18:44:24 VBASE031.VDF : 7.11.54.210 190464 Bytes 25.12.2012 18:44:24 Engineversion : 8.2.10.224 AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55 AESCRIPT.DLL : 8.1.4.78 467323 Bytes 25.12.2012 18:44:34 AESCN.DLL : 8.1.10.0 131445 Bytes 25.12.2012 18:44:34 AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06 AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 15:56:14 AEPACK.DLL : 8.3.1.2 819574 Bytes 25.12.2012 18:44:33 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 15:04:31 AEHEUR.DLL : 8.1.4.168 5628280 Bytes 25.12.2012 18:44:32 AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 19:06:37 AEGEN.DLL : 8.1.6.12 434549 Bytes 25.12.2012 18:44:25 AEEXP.DLL : 8.3.0.4 184692 Bytes 25.12.2012 18:44:35 AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55 AECORE.DLL : 8.1.30.0 201079 Bytes 25.12.2012 18:44:25 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:04:23 AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30 AVPREF.DLL : 13.4.0.360 50464 Bytes 11.12.2012 16:34:25 AVREP.DLL : 13.4.0.360 177952 Bytes 28.11.2012 14:06:10 AVARKT.DLL : 13.6.0.402 260384 Bytes 11.12.2012 16:34:17 AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 11.12.2012 16:34:21 SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40 AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54 NETNT.DLL : 13.4.0.360 15648 Bytes 11.12.2012 16:34:58 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 16:34:10 RCTEXT.DLL : 13.4.0.360 68384 Bytes 11.12.2012 16:34:10 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Manuelle Auswahl Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, E:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Dienstag, 25. Dezember 2012 19:47 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '160' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '197' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'NMSAccessU.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'c2c_service.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'TemproSvc.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'TemproTray.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'TosNcCore.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'TosReelTimeMonitor.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'SmoothView.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'TPwrMain.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'TCrdMain.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'TODDSrv.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'TosCoSrv.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'TecoService.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'RAVCpl64.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'TEco.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'ToshibaReminder.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'wmdc.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'sidebar.exe' - '101' Modul(e) wurden durchsucht Durchsuche Prozess 'SSScheduler.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPHelper.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'KeNotify.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'TWebCamera.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'ToshibaServiceStation.exe' - '114' Modul(e) wurden durchsucht Durchsuche Prozess 'PWRISOVM.EXE' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '109' Modul(e) wurden durchsucht Durchsuche Prozess 'MOM.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'TMachInfo.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'TosSmartSrv.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'TPCHSrv.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'CFIWmxSvcs64.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'CFProcSRVC.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'CFSvcs.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'taskmgr.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '87' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '125' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '106' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht Durchsuche Prozess 'DllHost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1967' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <WINDOWS> C:\Users\DW\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7a0b5bcb-111e3623 [0] Archivtyp: ZIP --> ewjvaiwebvhtuai124a.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QJ [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> test.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden Beginne mit der Suche in 'D:\' <Data> Beginne mit der Suche in 'E:\' Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Desinfektion: C:\Users\DW\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7a0b5bcb-111e3623 [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51fdb5e5.qua' verschoben! Ende des Suchlaufs: Dienstag, 25. Dezember 2012 21:59 Benötigte Zeit: 1:28:08 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 32540 Verzeichnisse wurden überprüft 621516 Dateien wurden geprüft 2 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 621514 Dateien ohne Befall 6127 Archive wurden durchsucht 2 Warnungen 1 Hinweise ######################################################################################## 2 Scan von heute mit Avira-DE-Cleaner Avira Free Antivirus Erstellungsdatum der Reportdatei: Donnerstag, 27. Dezember 2012 15:59 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : DW-NOTEBOOK Versionsinformationen: BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00 AVSCAN.EXE : 13.6.0.402 639264 Bytes 11.12.2012 16:34:27 AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 16:34:27 LUKE.DLL : 13.6.0.400 67360 Bytes 11.12.2012 16:34:57 AVSCPLR.DLL : 13.6.0.402 93984 Bytes 04.12.2012 14:37:55 AVREG.DLL : 13.6.0.406 248096 Bytes 04.12.2012 17:40:31 avlode.dll : 13.6.1.402 428832 Bytes 04.12.2012 14:36:57 avlode.rdf : 13.0.0.26 7958 Bytes 10.12.2012 16:06:07 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 15:37:16 VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 15:37:16 VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 15:37:16 VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 15:37:17 VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 15:37:17 VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 15:37:17 VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 15:37:17 VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 15:37:03 VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 19:19:59 VBASE016.VDF : 7.11.51.221 164352 Bytes 29.11.2012 19:44:03 VBASE017.VDF : 7.11.52.29 158208 Bytes 01.12.2012 21:33:35 VBASE018.VDF : 7.11.52.91 116736 Bytes 03.12.2012 03:21:36 VBASE019.VDF : 7.11.52.151 137728 Bytes 05.12.2012 03:21:35 VBASE020.VDF : 7.11.52.225 157696 Bytes 06.12.2012 18:44:19 VBASE021.VDF : 7.11.53.35 126976 Bytes 08.12.2012 18:44:19 VBASE022.VDF : 7.11.53.55 225792 Bytes 09.12.2012 18:44:20 VBASE023.VDF : 7.11.53.93 157184 Bytes 10.12.2012 18:44:20 VBASE024.VDF : 7.11.53.169 153088 Bytes 12.12.2012 18:44:21 VBASE025.VDF : 7.11.53.237 152064 Bytes 14.12.2012 18:44:21 VBASE026.VDF : 7.11.54.23 149504 Bytes 17.12.2012 18:44:22 VBASE027.VDF : 7.11.54.67 130048 Bytes 18.12.2012 18:44:22 VBASE028.VDF : 7.11.54.153 292352 Bytes 21.12.2012 18:44:23 VBASE029.VDF : 7.11.54.154 2048 Bytes 21.12.2012 18:44:24 VBASE030.VDF : 7.11.54.155 2048 Bytes 21.12.2012 18:44:24 VBASE031.VDF : 7.11.54.224 231424 Bytes 26.12.2012 18:33:08 Engineversion : 8.2.10.224 AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55 AESCRIPT.DLL : 8.1.4.78 467323 Bytes 25.12.2012 18:44:34 AESCN.DLL : 8.1.10.0 131445 Bytes 25.12.2012 18:44:34 AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06 AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 15:56:14 AEPACK.DLL : 8.3.1.2 819574 Bytes 25.12.2012 18:44:33 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 15:04:31 AEHEUR.DLL : 8.1.4.168 5628280 Bytes 25.12.2012 18:44:32 AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 19:06:37 AEGEN.DLL : 8.1.6.12 434549 Bytes 25.12.2012 18:44:25 AEEXP.DLL : 8.3.0.4 184692 Bytes 25.12.2012 18:44:35 AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55 AECORE.DLL : 8.1.30.0 201079 Bytes 25.12.2012 18:44:25 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:04:23 AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30 AVPREF.DLL : 13.4.0.360 50464 Bytes 11.12.2012 16:34:25 AVREP.DLL : 13.4.0.360 177952 Bytes 28.11.2012 14:06:10 AVARKT.DLL : 13.6.0.402 260384 Bytes 11.12.2012 16:34:17 AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 11.12.2012 16:34:21 SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40 AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54 NETNT.DLL : 13.4.0.360 15648 Bytes 11.12.2012 16:34:58 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 16:34:10 RCTEXT.DLL : 13.4.0.360 68384 Bytes 11.12.2012 16:34:10 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50db41b3\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Beginn des Suchlaufs: Donnerstag, 27. Dezember 2012 15:59 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '98' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '157' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'NMSAccessU.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'TemproSvc.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'TODDSrv.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'TosCoSrv.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'TecoService.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '109' Modul(e) wurden durchsucht Durchsuche Prozess 'TMachInfo.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'TosSmartSrv.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'TPCHSrv.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'CFIWmxSvcs64.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'CFProcSRVC.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'CFSvcs.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'TrustedInstaller.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleUpdate.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '15' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '154' Modul(e) wurden durchsucht Durchsuche Prozess 'TemproTray.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'TosNcCore.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'TosReelTimeMonitor.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'SmoothView.exe' - '15' Modul(e) wurden durchsucht Durchsuche Prozess 'TPwrMain.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'TCrdMain.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'RAVCpl64.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'TosSENotify.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'TEco.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'ToshibaReminder.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'wmdc.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'sidebar.exe' - '96' Modul(e) wurden durchsucht Durchsuche Prozess 'SSScheduler.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'TPCHWMsg.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'KeNotify.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'TWebCamera.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'ToshibaServiceStation.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'PWRISOVM.EXE' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'acrobat_sl.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'acrotray.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'MOM.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'reader_sl.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '79' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'CCC.exe' - '155' Modul(e) wurden durchsucht Durchsuche Prozess 'Skype.exe' - '141' Modul(e) wurden durchsucht Durchsuche Prozess 'Updater.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '107' Modul(e) wurden durchsucht Durchsuche Prozess 'IELowutil.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\DW\wgsdgsdgdsgsd.dll' Die Datei '\\?\C:\Users\DW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk' wurde ins Quarantäneverzeichnis verschoben. C:\Users\DW\wgsdgsdgdsgsd.dll [FUND] Ist das Trojanische Pferd TR/Meredrop.A.12609 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '415edf12.qua' verschoben! Ende des Suchlaufs: Donnerstag, 27. Dezember 2012 15:59 Benötigte Zeit: 00:15 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 948 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 947 Dateien ohne Befall 2 Archive wurden durchsucht 0 Warnungen 1 Hinweise Geändert von 2ausffm (27.12.2012 um 18:53 Uhr) Grund: evtl. wichtige Informationen noch gefunden |
27.12.2012, 18:58 | #2 |
/// Malware-holic | GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dll hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL [2012.12.26 21:06:46 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.25 07:50:30 | 000,002,814 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js :Files :Commands [EMPTYFLASH] [emptytemp] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ |
27.12.2012, 21:42 | #3 |
| GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dll vielen Dank für die schnelle Hilfe.
__________________Hier die Datei: All processes killed ========== OTL ========== C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully. C:\ProgramData\dsgsdgdsgdsgw.js moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41044 bytes User: Default User ->Flash cache emptied: 0 bytes User: DW ->Flash cache emptied: 8155696 bytes User: Public Total Flash Files Cleaned = 8,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: DW ->Temp folder emptied: 368114896 bytes ->Temporary Internet Files folder emptied: 2919244192 bytes ->Java cache emptied: 2447882 bytes ->FireFox cache emptied: 75352106 bytes ->Google Chrome cache emptied: 20651494 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1144534420 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67245 bytes RecycleBin emptied: 388933964 bytes Total Files Cleaned = 4.691,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12272012_192454 Files\Folders moved on Reboot... C:\Users\DW\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
28.12.2012, 17:24 | #4 |
/// Malware-holic | GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dll Hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.12.2012, 17:50 | #5 |
| GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dll tdss killer heruntergeladen und ausgeführt (auf dem desktop) 2 Funde - Skip ausgewählt. hier das Ergebnis: 17:46:16.0662 3564 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 17:46:16.0756 3564 ============================================================ 17:46:16.0756 3564 Current date / time: 2012/12/28 17:46:16.0756 17:46:16.0756 3564 SystemInfo: 17:46:16.0756 3564 17:46:16.0756 3564 OS Version: 6.1.7601 ServicePack: 1.0 17:46:16.0756 3564 Product type: Workstation 17:46:16.0756 3564 ComputerName: DW-NOTEBOOK 17:46:16.0756 3564 UserName: DW 17:46:16.0756 3564 Windows directory: C:\Windows 17:46:16.0756 3564 System windows directory: C:\Windows 17:46:16.0756 3564 Running under WOW64 17:46:16.0756 3564 Processor architecture: Intel x64 17:46:16.0756 3564 Number of processors: 2 17:46:16.0756 3564 Page size: 0x1000 17:46:16.0756 3564 Boot type: Normal boot 17:46:16.0756 3564 ============================================================ 17:46:17.0520 3564 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:46:17.0536 3564 ============================================================ 17:46:17.0536 3564 \Device\Harddisk0\DR0: 17:46:17.0536 3564 MBR partitions: 17:46:17.0536 3564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000 17:46:17.0536 3564 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000 17:46:17.0536 3564 ============================================================ 17:46:17.0567 3564 C: <-> \Device\Harddisk0\DR0\Partition1 17:46:17.0614 3564 D: <-> \Device\Harddisk0\DR0\Partition2 17:46:17.0614 3564 ============================================================ 17:46:17.0614 3564 Initialize success 17:46:17.0614 3564 ============================================================ 17:47:01.0843 4092 ============================================================ 17:47:01.0843 4092 Scan started 17:47:01.0843 4092 Mode: Manual; SigCheck; TDLFS; 17:47:01.0843 4092 ============================================================ 17:47:02.0108 4092 ================ Scan system memory ======================== 17:47:02.0108 4092 System memory - ok 17:47:02.0108 4092 ================ Scan services ============================= 17:47:02.0342 4092 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 17:47:02.0483 4092 1394ohci - ok 17:47:02.0561 4092 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 17:47:02.0592 4092 ACPI - ok 17:47:02.0623 4092 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 17:47:02.0686 4092 AcpiPmi - ok 17:47:02.0857 4092 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:47:02.0888 4092 AdobeFlashPlayerUpdateSvc - ok 17:47:02.0935 4092 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 17:47:02.0998 4092 adp94xx - ok 17:47:03.0029 4092 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 17:47:03.0060 4092 adpahci - ok 17:47:03.0091 4092 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 17:47:03.0122 4092 adpu320 - ok 17:47:03.0154 4092 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:47:03.0232 4092 AeLookupSvc - ok 17:47:03.0278 4092 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 17:47:03.0341 4092 AFD - ok 17:47:03.0388 4092 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 17:47:03.0419 4092 agp440 - ok 17:47:03.0434 4092 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 17:47:03.0512 4092 ALG - ok 17:47:03.0528 4092 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 17:47:03.0559 4092 aliide - ok 17:47:03.0606 4092 [ 98A2774D3F18C107874C8C1163EBE484 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 17:47:03.0653 4092 AMD External Events Utility - ok 17:47:03.0684 4092 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 17:47:03.0715 4092 amdide - ok 17:47:03.0746 4092 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 17:47:03.0809 4092 AmdK8 - ok 17:47:03.0824 4092 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 17:47:03.0887 4092 AmdPPM - ok 17:47:03.0918 4092 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 17:47:03.0949 4092 amdsata - ok 17:47:03.0980 4092 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 17:47:04.0027 4092 amdsbs - ok 17:47:04.0043 4092 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 17:47:04.0074 4092 amdxata - ok 17:47:04.0183 4092 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 17:47:04.0199 4092 AntiVirSchedulerService - ok 17:47:04.0214 4092 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 17:47:04.0246 4092 AntiVirService - ok 17:47:04.0277 4092 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 17:47:04.0370 4092 AppID - ok 17:47:04.0417 4092 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:47:04.0511 4092 AppIDSvc - ok 17:47:04.0542 4092 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 17:47:04.0604 4092 Appinfo - ok 17:47:04.0651 4092 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 17:47:04.0682 4092 arc - ok 17:47:04.0698 4092 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 17:47:04.0729 4092 arcsas - ok 17:47:04.0776 4092 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:47:04.0854 4092 AsyncMac - ok 17:47:04.0885 4092 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 17:47:04.0916 4092 atapi - ok 17:47:04.0979 4092 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys 17:47:05.0119 4092 athr - ok 17:47:05.0306 4092 [ 173F4C05F87085E9BDA3F7037BC9F40E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 17:47:05.0618 4092 atikmdag - ok 17:47:05.0681 4092 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:47:05.0790 4092 AudioEndpointBuilder - ok 17:47:05.0821 4092 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 17:47:05.0884 4092 AudioSrv - ok 17:47:05.0962 4092 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 17:47:06.0227 4092 avgntflt - ok 17:47:06.0258 4092 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 17:47:06.0289 4092 avipbb - ok 17:47:06.0305 4092 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 17:47:06.0336 4092 avkmgr - ok 17:47:06.0383 4092 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:47:06.0523 4092 AxInstSV - ok 17:47:06.0586 4092 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 17:47:06.0664 4092 b06bdrv - ok 17:47:06.0695 4092 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 17:47:06.0788 4092 b57nd60a - ok 17:47:06.0835 4092 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 17:47:06.0882 4092 BDESVC - ok 17:47:06.0898 4092 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 17:47:06.0991 4092 Beep - ok 17:47:07.0069 4092 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 17:47:07.0178 4092 BFE - ok 17:47:07.0210 4092 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 17:47:07.0334 4092 BITS - ok 17:47:07.0350 4092 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 17:47:07.0397 4092 blbdrive - ok 17:47:07.0428 4092 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:47:07.0459 4092 bowser - ok 17:47:07.0506 4092 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:47:07.0568 4092 BrFiltLo - ok 17:47:07.0600 4092 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:47:07.0631 4092 BrFiltUp - ok 17:47:07.0662 4092 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 17:47:07.0693 4092 Browser - ok 17:47:07.0724 4092 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:47:07.0802 4092 Brserid - ok 17:47:07.0834 4092 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:47:07.0880 4092 BrSerWdm - ok 17:47:07.0912 4092 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:47:07.0974 4092 BrUsbMdm - ok 17:47:08.0005 4092 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:47:08.0052 4092 BrUsbSer - ok 17:47:08.0068 4092 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 17:47:08.0099 4092 BTHMODEM - ok 17:47:08.0146 4092 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 17:47:08.0224 4092 bthserv - ok 17:47:08.0255 4092 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:47:08.0333 4092 cdfs - ok 17:47:08.0380 4092 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 17:47:08.0426 4092 cdrom - ok 17:47:08.0473 4092 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 17:47:08.0567 4092 CertPropSvc - ok 17:47:08.0660 4092 [ 837FF2D497880198C918E6954DBD170C ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe 17:47:08.0676 4092 cfWiMAXService - ok 17:47:08.0707 4092 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 17:47:08.0770 4092 circlass - ok 17:47:08.0801 4092 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 17:47:08.0848 4092 CLFS - ok 17:47:08.0941 4092 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:47:08.0972 4092 clr_optimization_v2.0.50727_32 - ok 17:47:09.0004 4092 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:47:09.0035 4092 clr_optimization_v2.0.50727_64 - ok 17:47:09.0128 4092 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:47:09.0144 4092 clr_optimization_v4.0.30319_32 - ok 17:47:09.0175 4092 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:47:09.0206 4092 clr_optimization_v4.0.30319_64 - ok 17:47:09.0222 4092 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:47:09.0269 4092 CmBatt - ok 17:47:09.0300 4092 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:47:09.0331 4092 cmdide - ok 17:47:09.0378 4092 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 17:47:09.0456 4092 CNG - ok 17:47:09.0503 4092 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:47:09.0518 4092 Compbatt - ok 17:47:09.0565 4092 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 17:47:09.0612 4092 CompositeBus - ok 17:47:09.0628 4092 COMSysApp - ok 17:47:09.0659 4092 [ D252C53BCDFC199BBA55EEB10CDB266E ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe 17:47:09.0674 4092 ConfigFree Gadget Service - ok 17:47:09.0706 4092 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe 17:47:09.0721 4092 ConfigFree Service - ok 17:47:09.0752 4092 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 17:47:09.0784 4092 crcdisk - ok 17:47:09.0815 4092 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:47:09.0893 4092 CryptSvc - ok 17:47:09.0940 4092 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:47:10.0033 4092 DcomLaunch - ok 17:47:10.0049 4092 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 17:47:10.0142 4092 defragsvc - ok 17:47:10.0189 4092 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:47:10.0267 4092 DfsC - ok 17:47:10.0314 4092 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 17:47:10.0392 4092 Dhcp - ok 17:47:10.0423 4092 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 17:47:10.0486 4092 discache - ok 17:47:10.0517 4092 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 17:47:10.0548 4092 Disk - ok 17:47:10.0595 4092 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:47:10.0657 4092 Dnscache - ok 17:47:10.0704 4092 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 17:47:10.0798 4092 dot3svc - ok 17:47:10.0844 4092 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 17:47:10.0907 4092 DPS - ok 17:47:10.0938 4092 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:47:10.0969 4092 drmkaud - ok 17:47:11.0032 4092 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:47:11.0094 4092 DXGKrnl - ok 17:47:11.0125 4092 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 17:47:11.0203 4092 EapHost - ok 17:47:11.0312 4092 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 17:47:11.0515 4092 ebdrv - ok 17:47:11.0546 4092 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 17:47:11.0593 4092 EFS - ok 17:47:11.0687 4092 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:47:11.0765 4092 ehRecvr - ok 17:47:11.0796 4092 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 17:47:11.0858 4092 ehSched - ok 17:47:11.0921 4092 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 17:47:11.0983 4092 elxstor - ok 17:47:11.0999 4092 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 17:47:12.0046 4092 ErrDev - ok 17:47:12.0092 4092 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 17:47:12.0170 4092 EventSystem - ok 17:47:12.0202 4092 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 17:47:12.0295 4092 exfat - ok 17:47:12.0326 4092 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:47:12.0420 4092 fastfat - ok 17:47:12.0467 4092 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 17:47:12.0560 4092 Fax - ok 17:47:12.0592 4092 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 17:47:12.0638 4092 fdc - ok 17:47:12.0670 4092 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 17:47:12.0748 4092 fdPHost - ok 17:47:12.0748 4092 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 17:47:12.0826 4092 FDResPub - ok 17:47:12.0841 4092 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:47:12.0872 4092 FileInfo - ok 17:47:12.0888 4092 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:47:12.0982 4092 Filetrace - ok 17:47:13.0060 4092 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 17:47:13.0138 4092 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 17:47:13.0138 4092 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 17:47:13.0153 4092 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 17:47:13.0200 4092 flpydisk - ok 17:47:13.0231 4092 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:47:13.0278 4092 FltMgr - ok 17:47:13.0340 4092 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 17:47:13.0434 4092 FontCache - ok 17:47:13.0496 4092 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:47:13.0528 4092 FontCache3.0.0.0 - ok 17:47:13.0559 4092 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:47:13.0590 4092 FsDepends - ok 17:47:13.0637 4092 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:47:13.0652 4092 Fs_Rec - ok 17:47:13.0699 4092 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:47:13.0730 4092 fvevol - ok 17:47:13.0762 4092 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 17:47:13.0793 4092 gagp30kx - ok 17:47:13.0933 4092 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe 17:47:13.0980 4092 GameConsoleService - ok 17:47:14.0011 4092 [ FD7E9ABA274DF75E08320420B8E9A1D5 ] getPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll 17:47:14.0058 4092 getPlusHelper - ok 17:47:14.0105 4092 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 17:47:14.0214 4092 gpsvc - ok 17:47:14.0261 4092 [ 2ED7FF3E1ADA4092632393781518B3A7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys 17:47:14.0276 4092 grmnusb - ok 17:47:14.0370 4092 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:47:14.0386 4092 gupdate - ok 17:47:14.0417 4092 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:47:14.0432 4092 gupdatem - ok 17:47:14.0464 4092 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:47:14.0510 4092 hcw85cir - ok 17:47:14.0573 4092 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:47:14.0666 4092 HdAudAddService - ok 17:47:14.0698 4092 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 17:47:14.0744 4092 HDAudBus - ok 17:47:14.0760 4092 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 17:47:14.0791 4092 HidBatt - ok 17:47:14.0807 4092 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 17:47:14.0838 4092 HidBth - ok 17:47:14.0854 4092 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 17:47:14.0900 4092 HidIr - ok 17:47:14.0932 4092 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 17:47:15.0025 4092 hidserv - ok 17:47:15.0072 4092 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:47:15.0088 4092 HidUsb - ok 17:47:15.0134 4092 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:47:15.0212 4092 hkmsvc - ok 17:47:15.0259 4092 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:47:15.0337 4092 HomeGroupListener - ok 17:47:15.0368 4092 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:47:15.0400 4092 HomeGroupProvider - ok 17:47:15.0431 4092 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 17:47:15.0462 4092 HpSAMD - ok 17:47:15.0524 4092 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:47:15.0618 4092 HTTP - ok 17:47:15.0649 4092 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:47:15.0680 4092 hwpolicy - ok 17:47:15.0712 4092 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 17:47:15.0743 4092 i8042prt - ok 17:47:15.0790 4092 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 17:47:15.0821 4092 iaStor - ok 17:47:15.0868 4092 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 17:47:15.0914 4092 iaStorV - ok 17:47:15.0977 4092 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:47:16.0086 4092 idsvc - ok 17:47:16.0289 4092 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 17:47:16.0616 4092 igfx - ok 17:47:16.0663 4092 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 17:47:16.0694 4092 iirsp - ok 17:47:16.0741 4092 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 17:47:16.0835 4092 IKEEXT - ok 17:47:16.0944 4092 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 17:47:17.0022 4092 IntcAzAudAddService - ok 17:47:17.0038 4092 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 17:47:17.0069 4092 intelide - ok 17:47:17.0116 4092 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:47:17.0147 4092 intelppm - ok 17:47:17.0178 4092 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:47:17.0272 4092 IPBusEnum - ok 17:47:17.0303 4092 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:47:17.0381 4092 IpFilterDriver - ok 17:47:17.0428 4092 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:47:17.0506 4092 iphlpsvc - ok 17:47:17.0537 4092 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 17:47:17.0568 4092 IPMIDRV - ok 17:47:17.0599 4092 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:47:17.0693 4092 IPNAT - ok 17:47:17.0708 4092 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:47:17.0755 4092 IRENUM - ok 17:47:17.0771 4092 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:47:17.0802 4092 isapnp - ok 17:47:17.0833 4092 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 17:47:17.0880 4092 iScsiPrt - ok 17:47:17.0911 4092 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 17:47:17.0942 4092 kbdclass - ok 17:47:17.0989 4092 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 17:47:18.0020 4092 kbdhid - ok 17:47:18.0036 4092 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 17:47:18.0052 4092 KeyIso - ok 17:47:18.0098 4092 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:47:18.0130 4092 KSecDD - ok 17:47:18.0176 4092 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:47:18.0208 4092 KSecPkg - ok 17:47:18.0223 4092 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 17:47:18.0317 4092 ksthunk - ok 17:47:18.0348 4092 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 17:47:18.0457 4092 KtmRm - ok 17:47:18.0488 4092 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 17:47:18.0566 4092 LanmanServer - ok 17:47:18.0613 4092 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:47:18.0691 4092 LanmanWorkstation - ok 17:47:18.0738 4092 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:47:18.0832 4092 lltdio - ok 17:47:18.0863 4092 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:47:18.0956 4092 lltdsvc - ok 17:47:18.0988 4092 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:47:19.0050 4092 lmhosts - ok 17:47:19.0081 4092 [ 41E122F6D1448C94CC05196BC41D6BFB ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys 17:47:19.0097 4092 LPCFilter - ok 17:47:19.0159 4092 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 17:47:19.0190 4092 LSI_FC - ok 17:47:19.0206 4092 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 17:47:19.0237 4092 LSI_SAS - ok 17:47:19.0253 4092 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:47:19.0284 4092 LSI_SAS2 - ok 17:47:19.0284 4092 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:47:19.0331 4092 LSI_SCSI - ok 17:47:19.0362 4092 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 17:47:19.0440 4092 luafv - ok 17:47:19.0534 4092 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe 17:47:19.0565 4092 McComponentHostService - ok 17:47:19.0596 4092 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:47:19.0643 4092 Mcx2Svc - ok 17:47:19.0658 4092 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 17:47:19.0690 4092 megasas - ok 17:47:19.0690 4092 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 17:47:19.0736 4092 MegaSR - ok 17:47:19.0830 4092 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 17:47:19.0861 4092 Microsoft Office Groove Audit Service - ok 17:47:19.0892 4092 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 17:47:19.0970 4092 MMCSS - ok 17:47:19.0986 4092 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 17:47:20.0064 4092 Modem - ok 17:47:20.0095 4092 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:47:20.0126 4092 monitor - ok 17:47:20.0173 4092 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:47:20.0204 4092 mouclass - ok 17:47:20.0251 4092 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:47:20.0282 4092 mouhid - ok 17:47:20.0314 4092 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:47:20.0345 4092 mountmgr - ok 17:47:20.0423 4092 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 17:47:20.0454 4092 MozillaMaintenance - ok 17:47:20.0470 4092 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 17:47:20.0516 4092 mpio - ok 17:47:20.0532 4092 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:47:20.0610 4092 mpsdrv - ok 17:47:20.0657 4092 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 17:47:20.0766 4092 MpsSvc - ok 17:47:20.0797 4092 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:47:20.0844 4092 MRxDAV - ok 17:47:20.0891 4092 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:47:20.0938 4092 mrxsmb - ok 17:47:20.0984 4092 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:47:21.0031 4092 mrxsmb10 - ok 17:47:21.0047 4092 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:47:21.0094 4092 mrxsmb20 - ok 17:47:21.0125 4092 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 17:47:21.0156 4092 msahci - ok 17:47:21.0187 4092 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:47:21.0218 4092 msdsm - ok 17:47:21.0265 4092 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 17:47:21.0343 4092 MSDTC - ok 17:47:21.0390 4092 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:47:21.0468 4092 Msfs - ok 17:47:21.0484 4092 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 17:47:21.0546 4092 mshidkmdf - ok 17:47:21.0577 4092 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:47:21.0593 4092 msisadrv - ok 17:47:21.0624 4092 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:47:21.0718 4092 MSiSCSI - ok 17:47:21.0733 4092 msiserver - ok 17:47:21.0749 4092 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:47:21.0858 4092 MSKSSRV - ok 17:47:21.0874 4092 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:47:21.0952 4092 MSPCLOCK - ok 17:47:21.0952 4092 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:47:22.0030 4092 MSPQM - ok 17:47:22.0076 4092 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:47:22.0123 4092 MsRPC - ok 17:47:22.0170 4092 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 17:47:22.0186 4092 mssmbios - ok 17:47:22.0201 4092 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:47:22.0279 4092 MSTEE - ok 17:47:22.0295 4092 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 17:47:22.0342 4092 MTConfig - ok 17:47:22.0357 4092 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 17:47:22.0388 4092 Mup - ok 17:47:22.0420 4092 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 17:47:22.0498 4092 napagent - ok 17:47:22.0529 4092 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:47:22.0576 4092 NativeWifiP - ok 17:47:22.0638 4092 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 17:47:22.0685 4092 NDIS - ok 17:47:22.0700 4092 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 17:47:22.0778 4092 NdisCap - ok 17:47:22.0810 4092 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:47:22.0872 4092 NdisTapi - ok 17:47:22.0919 4092 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:47:22.0997 4092 Ndisuio - ok 17:47:23.0028 4092 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:47:23.0106 4092 NdisWan - ok 17:47:23.0137 4092 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:47:23.0231 4092 NDProxy - ok 17:47:23.0262 4092 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:47:23.0340 4092 NetBIOS - ok 17:47:23.0387 4092 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 17:47:23.0465 4092 NetBT - ok 17:47:23.0480 4092 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 17:47:23.0512 4092 Netlogon - ok 17:47:23.0543 4092 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 17:47:23.0636 4092 Netman - ok 17:47:23.0668 4092 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 17:47:23.0746 4092 netprofm - ok 17:47:23.0761 4092 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:47:23.0792 4092 NetTcpPortSharing - ok 17:47:23.0839 4092 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 17:47:23.0870 4092 nfrd960 - ok 17:47:23.0902 4092 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 17:47:23.0933 4092 NlaSvc - ok 17:47:24.0026 4092 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe 17:47:24.0058 4092 NMSAccessU - ok 17:47:24.0089 4092 [ 903681BAB213D5F84717C0FC42AFB28A ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys 17:47:24.0182 4092 nmwcd - ok 17:47:24.0214 4092 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:47:24.0292 4092 Npfs - ok 17:47:24.0323 4092 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 17:47:24.0401 4092 nsi - ok 17:47:24.0416 4092 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:47:24.0479 4092 nsiproxy - ok 17:47:24.0572 4092 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:47:24.0697 4092 Ntfs - ok 17:47:24.0713 4092 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 17:47:24.0791 4092 Null - ok 17:47:24.0806 4092 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:47:24.0838 4092 nvraid - ok 17:47:24.0869 4092 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:47:24.0916 4092 nvstor - ok 17:47:24.0947 4092 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:47:24.0978 4092 nv_agp - ok 17:47:25.0040 4092 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 17:47:25.0103 4092 odserv - ok 17:47:25.0134 4092 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 17:47:25.0165 4092 ohci1394 - ok 17:47:25.0212 4092 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:47:25.0243 4092 ose - ok 17:47:25.0290 4092 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 17:47:25.0337 4092 p2pimsvc - ok 17:47:25.0352 4092 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 17:47:25.0399 4092 p2psvc - ok 17:47:25.0430 4092 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 17:47:25.0462 4092 Parport - ok 17:47:25.0477 4092 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:47:25.0508 4092 partmgr - ok 17:47:25.0540 4092 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 17:47:25.0586 4092 PcaSvc - ok 17:47:25.0633 4092 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 17:47:25.0664 4092 pci - ok 17:47:25.0680 4092 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 17:47:25.0711 4092 pciide - ok 17:47:25.0727 4092 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 17:47:25.0774 4092 pcmcia - ok 17:47:25.0789 4092 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 17:47:25.0820 4092 pcw - ok 17:47:25.0852 4092 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:47:25.0976 4092 PEAUTH - ok 17:47:26.0070 4092 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 17:47:26.0117 4092 PerfHost - ok 17:47:26.0195 4092 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys 17:47:26.0210 4092 PGEffect - ok 17:47:26.0273 4092 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 17:47:26.0476 4092 pla - ok 17:47:26.0554 4092 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:47:26.0600 4092 PlugPlay - ok 17:47:26.0632 4092 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 17:47:26.0678 4092 PNRPAutoReg - ok 17:47:26.0710 4092 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 17:47:26.0741 4092 PNRPsvc - ok 17:47:26.0772 4092 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:47:26.0881 4092 PolicyAgent - ok 17:47:26.0912 4092 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 17:47:26.0990 4092 Power - ok 17:47:27.0037 4092 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:47:27.0115 4092 PptpMiniport - ok 17:47:27.0131 4092 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 17:47:27.0178 4092 Processor - ok 17:47:27.0209 4092 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 17:47:27.0271 4092 ProfSvc - ok 17:47:27.0287 4092 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 17:47:27.0302 4092 ProtectedStorage - ok 17:47:27.0334 4092 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 17:47:27.0412 4092 Psched - ok 17:47:27.0474 4092 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 17:47:27.0583 4092 ql2300 - ok 17:47:27.0614 4092 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 17:47:27.0661 4092 ql40xx - ok 17:47:27.0708 4092 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 17:47:27.0755 4092 QWAVE - ok 17:47:27.0770 4092 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:47:27.0817 4092 QWAVEdrv - ok 17:47:27.0911 4092 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 17:47:27.0926 4092 RapiMgr - ok 17:47:27.0942 4092 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:47:28.0020 4092 RasAcd - ok 17:47:28.0067 4092 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 17:47:28.0145 4092 RasAgileVpn - ok 17:47:28.0176 4092 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 17:47:28.0238 4092 RasAuto - ok 17:47:28.0270 4092 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:47:28.0348 4092 Rasl2tp - ok 17:47:28.0379 4092 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 17:47:28.0504 4092 RasMan - ok 17:47:28.0535 4092 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:47:28.0613 4092 RasPppoe - ok 17:47:28.0644 4092 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:47:28.0722 4092 RasSstp - ok 17:47:28.0769 4092 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:47:28.0862 4092 rdbss - ok 17:47:28.0878 4092 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 17:47:28.0925 4092 rdpbus - ok 17:47:28.0940 4092 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:47:29.0018 4092 RDPCDD - ok 17:47:29.0018 4092 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:47:29.0096 4092 RDPENCDD - ok 17:47:29.0128 4092 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 17:47:29.0190 4092 RDPREFMP - ok 17:47:29.0221 4092 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:47:29.0299 4092 RDPWD - ok 17:47:29.0346 4092 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 17:47:29.0393 4092 rdyboost - ok 17:47:29.0424 4092 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:47:29.0518 4092 RemoteAccess - ok 17:47:29.0549 4092 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:47:29.0642 4092 RemoteRegistry - ok 17:47:29.0689 4092 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys 17:47:29.0736 4092 RimUsb - ok 17:47:29.0752 4092 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 17:47:29.0845 4092 RpcEptMapper - ok 17:47:29.0876 4092 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 17:47:29.0923 4092 RpcLocator - ok 17:47:29.0970 4092 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 17:47:30.0032 4092 RpcSs - ok 17:47:30.0079 4092 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:47:30.0173 4092 rspndr - ok 17:47:30.0220 4092 [ 8C22F21C924413D4E109995F748E18BB ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 17:47:30.0266 4092 RSUSBSTOR - ok 17:47:30.0313 4092 [ 483C537E69FA97C77F7FE0E2E1C1F102 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys 17:47:30.0344 4092 RTHDMIAzAudService - ok 17:47:30.0391 4092 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 17:47:30.0454 4092 RTL8167 - ok 17:47:30.0532 4092 [ A9EDE191B5478D18F0A1BFF3B822F7A5 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys 17:47:30.0641 4092 rtl8192se - ok 17:47:30.0656 4092 RtsUIR - ok 17:47:30.0672 4092 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 17:47:30.0703 4092 SamSs - ok 17:47:30.0734 4092 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:47:30.0766 4092 sbp2port - ok 17:47:30.0797 4092 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:47:30.0875 4092 SCardSvr - ok 17:47:30.0953 4092 [ 244FAD4E3C676B48D3F3B60626134A86 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys 17:47:30.0984 4092 SCDEmu - ok 17:47:31.0015 4092 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 17:47:31.0093 4092 scfilter - ok 17:47:31.0171 4092 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 17:47:31.0296 4092 Schedule - ok 17:47:31.0327 4092 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 17:47:31.0390 4092 SCPolicySvc - ok 17:47:31.0421 4092 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:47:31.0483 4092 SDRSVC - ok 17:47:31.0499 4092 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:47:31.0577 4092 secdrv - ok 17:47:31.0624 4092 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 17:47:31.0702 4092 seclogon - ok 17:47:31.0733 4092 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 17:47:31.0811 4092 SENS - ok 17:47:31.0811 4092 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 17:47:31.0858 4092 SensrSvc - ok 17:47:31.0889 4092 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 17:47:31.0920 4092 Serenum - ok 17:47:31.0951 4092 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 17:47:31.0982 4092 Serial - ok 17:47:31.0998 4092 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 17:47:32.0029 4092 sermouse - ok 17:47:32.0076 4092 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 17:47:32.0154 4092 SessionEnv - ok 17:47:32.0185 4092 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:47:32.0216 4092 sffdisk - ok 17:47:32.0248 4092 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:47:32.0294 4092 sffp_mmc - ok 17:47:32.0310 4092 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:47:32.0341 4092 sffp_sd - ok 17:47:32.0372 4092 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 17:47:32.0388 4092 sfloppy - ok 17:47:32.0435 4092 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:47:32.0544 4092 SharedAccess - ok 17:47:32.0575 4092 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:47:32.0653 4092 ShellHWDetection - ok 17:47:32.0684 4092 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:47:32.0716 4092 SiSRaid2 - ok 17:47:32.0731 4092 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 17:47:32.0762 4092 SiSRaid4 - ok 17:47:32.0981 4092 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 17:47:33.0074 4092 Skype C2C Service - ok 17:47:33.0215 4092 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 17:47:33.0308 4092 SkypeUpdate - ok 17:47:33.0324 4092 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:47:33.0418 4092 Smb - ok 17:47:33.0433 4092 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:47:33.0480 4092 SNMPTRAP - ok 17:47:33.0511 4092 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 17:47:33.0542 4092 spldr - ok 17:47:33.0589 4092 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 17:47:33.0667 4092 Spooler - ok 17:47:33.0776 4092 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 17:47:33.0964 4092 sppsvc - ok 17:47:34.0010 4092 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 17:47:34.0088 4092 sppuinotify - ok 17:47:34.0135 4092 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 17:47:34.0198 4092 srv - ok 17:47:34.0213 4092 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:47:34.0276 4092 srv2 - ok 17:47:34.0369 4092 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:47:34.0447 4092 srvnet - ok 17:47:34.0494 4092 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:47:34.0572 4092 SSDPSRV - ok 17:47:34.0588 4092 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:47:34.0666 4092 SstpSvc - ok 17:47:34.0712 4092 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys 17:47:34.0728 4092 StarOpen ( UnsignedFile.Multi.Generic ) - warning 17:47:34.0728 4092 StarOpen - detected UnsignedFile.Multi.Generic (1) 17:47:34.0759 4092 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 17:47:34.0790 4092 stexstor - ok 17:47:34.0837 4092 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 17:47:34.0900 4092 stisvc - ok 17:47:34.0931 4092 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 17:47:34.0962 4092 swenum - ok 17:47:34.0978 4092 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 17:47:35.0102 4092 swprv - ok 17:47:35.0149 4092 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 17:47:35.0180 4092 SynTP - ok 17:47:35.0243 4092 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 17:47:35.0352 4092 SysMain - ok 17:47:35.0383 4092 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:47:35.0446 4092 TabletInputService - ok 17:47:35.0477 4092 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 17:47:35.0602 4092 TapiSrv - ok 17:47:35.0633 4092 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 17:47:35.0711 4092 TBS - ok 17:47:35.0804 4092 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:47:35.0945 4092 Tcpip - ok 17:47:36.0007 4092 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 17:47:36.0070 4092 TCPIP6 - ok 17:47:36.0116 4092 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:47:36.0179 4092 tcpipreg - ok 17:47:36.0257 4092 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys 17:47:36.0272 4092 tdcmdpst - ok 17:47:36.0304 4092 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:47:36.0335 4092 TDPIPE - ok 17:47:36.0366 4092 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:47:36.0413 4092 TDTCP - ok 17:47:36.0460 4092 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:47:36.0538 4092 tdx - ok 17:47:36.0600 4092 [ 63B4F544664DC5154FDA4213E2AF09D0 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe 17:47:36.0631 4092 TemproMonitoringService - ok 17:47:36.0647 4092 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 17:47:36.0678 4092 TermDD - ok 17:47:36.0725 4092 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 17:47:36.0803 4092 TermService - ok 17:47:36.0834 4092 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 17:47:36.0865 4092 Themes - ok 17:47:36.0881 4092 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 17:47:36.0959 4092 THREADORDER - ok 17:47:37.0037 4092 [ 32577B987AE5401038451BB392CB8D89 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 17:47:37.0052 4092 TMachInfo - ok 17:47:37.0099 4092 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe 17:47:37.0115 4092 TODDSrv - ok 17:47:37.0193 4092 [ 4DB8C79BCEA76063B83B13410366A1F7 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 17:47:37.0224 4092 TosCoSrv - ok 17:47:37.0271 4092 [ 707800855AFBD7648375EFB1519B8D6D ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe 17:47:37.0286 4092 TOSHIBA eco Utility Service - ok 17:47:37.0333 4092 [ DD58E1250F604CBBADDA04575E5E2376 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 17:47:37.0349 4092 TOSHIBA HDD SSD Alert Service - ok 17:47:37.0411 4092 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys 17:47:37.0442 4092 tos_sps64 - ok 17:47:37.0505 4092 [ DE64C52BD0671165CF2EEBF2A728A3E2 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe 17:47:37.0552 4092 TPCHSrv - ok 17:47:37.0598 4092 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 17:47:37.0676 4092 TrkWks - ok 17:47:37.0708 4092 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:47:37.0786 4092 TrustedInstaller - ok 17:47:37.0817 4092 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:47:37.0895 4092 tssecsrv - ok 17:47:37.0942 4092 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 17:47:38.0004 4092 TsUsbFlt - ok 17:47:38.0035 4092 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:47:38.0113 4092 tunnel - ok 17:47:38.0144 4092 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS 17:47:38.0176 4092 TVALZ - ok 17:47:38.0207 4092 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys 17:47:38.0238 4092 TVALZFL - ok 17:47:38.0254 4092 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 17:47:38.0300 4092 uagp35 - ok 17:47:38.0332 4092 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:47:38.0441 4092 udfs - ok 17:47:38.0472 4092 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:47:38.0519 4092 UI0Detect - ok 17:47:38.0550 4092 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:47:38.0581 4092 uliagpkx - ok 17:47:38.0628 4092 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:47:38.0675 4092 umbus - ok 17:47:38.0690 4092 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 17:47:38.0722 4092 UmPass - ok 17:47:38.0753 4092 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 17:47:38.0815 4092 upnphost - ok 17:47:38.0878 4092 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 17:47:38.0909 4092 usbaudio - ok 17:47:38.0940 4092 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:47:38.0987 4092 usbccgp - ok 17:47:39.0002 4092 USBCCID - ok 17:47:39.0049 4092 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 17:47:39.0096 4092 usbcir - ok 17:47:39.0096 4092 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 17:47:39.0127 4092 usbehci - ok 17:47:39.0174 4092 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:47:39.0205 4092 usbhub - ok 17:47:39.0221 4092 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 17:47:39.0268 4092 usbohci - ok 17:47:39.0314 4092 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 17:47:39.0361 4092 usbprint - ok 17:47:39.0392 4092 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 17:47:39.0424 4092 usbscan - ok 17:47:39.0439 4092 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:47:39.0486 4092 USBSTOR - ok 17:47:39.0502 4092 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 17:47:39.0533 4092 usbuhci - ok 17:47:39.0595 4092 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 17:47:39.0642 4092 usbvideo - ok 17:47:39.0673 4092 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 17:47:39.0751 4092 UxSms - ok 17:47:39.0767 4092 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 17:47:39.0798 4092 VaultSvc - ok 17:47:39.0814 4092 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 17:47:39.0845 4092 vdrvroot - ok 17:47:39.0892 4092 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 17:47:40.0016 4092 vds - ok 17:47:40.0032 4092 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:47:40.0079 4092 vga - ok 17:47:40.0110 4092 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 17:47:40.0188 4092 VgaSave - ok 17:47:40.0219 4092 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 17:47:40.0266 4092 vhdmp - ok 17:47:40.0297 4092 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 17:47:40.0328 4092 viaide - ok 17:47:40.0344 4092 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:47:40.0375 4092 volmgr - ok 17:47:40.0406 4092 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:47:40.0438 4092 volmgrx - ok 17:47:40.0469 4092 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:47:40.0516 4092 volsnap - ok 17:47:40.0562 4092 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 17:47:40.0594 4092 vsmraid - ok 17:47:40.0672 4092 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 17:47:40.0796 4092 VSS - ok 17:47:40.0812 4092 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 17:47:40.0859 4092 vwifibus - ok 17:47:40.0890 4092 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 17:47:40.0937 4092 vwififlt - ok 17:47:40.0968 4092 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 17:47:40.0999 4092 vwifimp - ok 17:47:41.0046 4092 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 17:47:41.0171 4092 W32Time - ok 17:47:41.0186 4092 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 17:47:41.0233 4092 WacomPen - ok 17:47:41.0296 4092 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 17:47:41.0374 4092 WANARP - ok 17:47:41.0389 4092 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:47:41.0452 4092 Wanarpv6 - ok 17:47:41.0545 4092 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 17:47:41.0670 4092 WatAdminSvc - ok 17:47:41.0748 4092 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 17:47:41.0873 4092 wbengine - ok 17:47:41.0904 4092 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 17:47:41.0951 4092 WbioSrvc - ok 17:47:42.0013 4092 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 17:47:42.0044 4092 WcesComm - ok 17:47:42.0076 4092 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:47:42.0154 4092 wcncsvc - ok 17:47:42.0169 4092 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:47:42.0216 4092 WcsPlugInService - ok 17:47:42.0263 4092 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 17:47:42.0294 4092 Wd - ok 17:47:42.0341 4092 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:47:42.0419 4092 Wdf01000 - ok 17:47:42.0434 4092 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:47:42.0528 4092 WdiServiceHost - ok 17:47:42.0544 4092 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:47:42.0575 4092 WdiSystemHost - ok 17:47:42.0606 4092 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 17:47:42.0684 4092 WebClient - ok 17:47:42.0715 4092 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:47:42.0824 4092 Wecsvc - ok 17:47:42.0840 4092 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:47:42.0918 4092 wercplsupport - ok 17:47:42.0934 4092 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 17:47:43.0027 4092 WerSvc - ok 17:47:43.0058 4092 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 17:47:43.0136 4092 WfpLwf - ok 17:47:43.0152 4092 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 17:47:43.0183 4092 WIMMount - ok 17:47:43.0183 4092 WinDefend - ok 17:47:43.0199 4092 WinHttpAutoProxySvc - ok 17:47:43.0261 4092 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:47:43.0339 4092 Winmgmt - ok 17:47:43.0417 4092 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 17:47:43.0604 4092 WinRM - ok 17:47:43.0682 4092 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 17:47:43.0729 4092 WinUsb - ok 17:47:43.0776 4092 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 17:47:43.0854 4092 Wlansvc - ok 17:47:43.0885 4092 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 17:47:43.0916 4092 WmiAcpi - ok 17:47:43.0948 4092 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:47:43.0994 4092 wmiApSrv - ok 17:47:44.0026 4092 WMPNetworkSvc - ok 17:47:44.0041 4092 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:47:44.0088 4092 WPCSvc - ok 17:47:44.0119 4092 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:47:44.0150 4092 WPDBusEnum - ok 17:47:44.0182 4092 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:47:44.0260 4092 ws2ifsl - ok 17:47:44.0275 4092 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 17:47:44.0322 4092 wscsvc - ok 17:47:44.0338 4092 WSearch - ok 17:47:44.0431 4092 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 17:47:44.0572 4092 wuauserv - ok 17:47:44.0603 4092 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:47:44.0665 4092 WudfPf - ok 17:47:44.0712 4092 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:47:44.0759 4092 WUDFRd - ok 17:47:44.0806 4092 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:47:44.0821 4092 wudfsvc - ok 17:47:44.0868 4092 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 17:47:44.0930 4092 WwanSvc - ok 17:47:44.0962 4092 ================ Scan global =============================== 17:47:44.0977 4092 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 17:47:45.0024 4092 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 17:47:45.0040 4092 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 17:47:45.0071 4092 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 17:47:45.0118 4092 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 17:47:45.0118 4092 [Global] - ok 17:47:45.0118 4092 ================ Scan MBR ================================== 17:47:45.0133 4092 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:47:45.0554 4092 \Device\Harddisk0\DR0 - ok 17:47:45.0554 4092 ================ Scan VBR ================================== 17:47:45.0586 4092 [ ED40A603CE9573B1EBA03BDAFD5C87AA ] \Device\Harddisk0\DR0\Partition1 17:47:45.0586 4092 \Device\Harddisk0\DR0\Partition1 - ok 17:47:45.0617 4092 [ 7DE6A292B019852489272EAEDC7A9F00 ] \Device\Harddisk0\DR0\Partition2 17:47:45.0617 4092 \Device\Harddisk0\DR0\Partition2 - ok 17:47:45.0617 4092 ============================================================ 17:47:45.0617 4092 Scan finished 17:47:45.0617 4092 ============================================================ 17:47:45.0695 2840 Detected object count: 2 17:47:45.0695 2840 Actual detected object count: 2 17:48:31.0352 2840 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 17:48:31.0352 2840 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:48:31.0352 2840 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 17:48:31.0352 2840 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip |
28.12.2012, 17:57 | #6 | |
/// Malware-holic | GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dll Hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dll |
29.12.2012, 01:01 | #7 |
| GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dll erledigt. hier das ergebnis Combofix Logfile: Code:
ATTFilter ComboFix 12-12-28.02 - DW 28.12.2012 23:10:42.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4061.2611 [GMT 1:00] ausgeführt von:: c:\users\DW\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Vorheriger Suchlauf ------- . c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((( Dateien erstellt von 2012-11-28 bis 2012-12-28 )))))))))))))))))))))))))))))) . . 2012-12-28 22:19 . 2012-12-28 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-27 18:24 . 2012-12-27 18:24 -------- d-----w- C:\_OTL 2012-12-26 11:13 . 2012-12-26 11:13 -------- d-----w- c:\windows\Sun 2012-12-24 14:45 . 2012-12-24 14:44 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-12-24 14:45 . 2012-12-24 14:44 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-12-21 22:17 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 22:17 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 22:17 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-21 22:17 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-12 21:39 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 21:39 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-12 22:20 . 2009-11-03 14:32 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-11 19:34 . 2012-04-06 18:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-11 19:34 . 2012-04-06 18:21 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-11 16:35 . 2012-09-29 16:34 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-12-11 16:35 . 2012-09-29 16:34 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-10-16 08:38 . 2012-11-28 15:01 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 15:01 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 15:01 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 03:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-15 03:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 03:17 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 03:17 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 16:40 . 2012-12-12 21:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-15 03:17 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-15 03:17 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-15 03:17 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-15 03:17 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-15 03:17 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-15 03:17 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-15 03:17 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-15 03:17 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-15 03:17 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-15 03:17 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-15 03:17 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2008-01-20 217088] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 222208] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-26 942080] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-16 1255736] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688] S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 59280469 *Deregistered* - 59280469 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Inhalt des "geplante Tasks" Ordners . 2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 19:34] . 2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-07 21:16] . 2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-07 21:16] . 2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133499110-3974967386-4172841287-1000Core.job - c:\users\DW\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-24 14:31] . 2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133499110-3974967386-4172841287-1000UA.job - c:\users\DW\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-24 14:31] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH mLocal Page = c:\windows\SysWOW64\blank.htm IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\DW\AppData\Roaming\Mozilla\Firefox\Profiles\gh4awfwx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/|hxxp://dict.leo.org/chde?searchLoc=1&searchLocRelinked=1&lp=chde&search=&lp=chde&lang=de&searchLoc=-1|hxxp://www.hr-online.de/website/radio/home/index.jsp|hxxp://www.wetteronline.de/ FF - ExtSQL: 2012-10-29 16:53; {78e516ef-11de-47a1-8364-a99b917ec5ee}; c:\users\DW\AppData\Roaming\Mozilla\Firefox\Profiles\gh4awfwx.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee} . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-12-29 00:06:50 ComboFix-quarantined-files.txt 2012-12-28 23:06 . Vor Suchlauf: 13 Verzeichnis(se), 98.984.738.816 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 98.914.209.792 Bytes frei . - - End Of File - - 38653E0A42D6C2EC0A2938FFB4057D15 |
03.01.2013, 16:59 | #8 |
/// Malware-holic | GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dll Hi gesundes neues. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.01.2013, 18:29 | #9 |
| GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dll Hallo, leider erst jetzt eine Antwort. Hier das log: Malwarebytes Anti-Malware (Test) 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.01.19.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 DW :: DW-NOTEBOOK [Administrator] Schutz: Aktiviert 19.01.2013 16:54:18 mbam-log-2013-01-19 (16-54-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 372610 Laufzeit: 1 Stunde(n), 20 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Gibt es noch etwas weiteres zu tun, damit alles sauber ist? |
19.01.2013, 20:14 | #10 |
/// Malware-holic | GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dll hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dll |
antivir, autorun, avira, ccc.exe, cdburnerxp, dllhost.exe, entfernen, firefox, flash player, gmx.net, home, hängen, index, install.exe, java/jogek.qj, java/jogek.qk, logfile, mom.exe, mozilla, msiinstaller, office 2007, plug-in, poweriso, problem, realtek, registry, richtlinie, runctf.lnk, security, senden, software, sperrseite, starten, svchost.exe, system, taskhost.exe, tencent, tr/meredrop.a.12609, trojaner, version., windows, zahlung |