| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner 2013 unter VistaWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.05.2013, 20:42
| #1 |
 |  GVU Trojaner 2013 unter Vista Hallo, habe gerade den Rechner meiner Schwester zu Hause. Sie hat den GVU Trojaner drauf. Ich werde den Rechner auf jeden Fall platt machen, nur ist es zur Datensicherung sicherlich besser, den Läppi erst mal zu bereinigen und dann die Daten zu sichern. Folgendes habe ich bisher durchgeführt: - virtuelle Laufwerke mit DeFogger deaktiviert - Scan mit OLT - Scan mit Gmer Am Anfang erschien der Sperrbildschirm beim normalen Start UND beim Start im abgesicherten Modus mit Netzwerktreibern. Nachdem der Rechner ein paar mal abgeschmiert ist komme ich komischerweise wieder ganz normal auf den Desktop. Im abgesicherten Modus mit Netzwerktreibern erscheint der Sperrbildschirm aber immer noch. Habe also die o.g. Scans im normalen Modus durchegeführt. Nach dem OLT Scan hat mir AntiVir einen verdächtigen Fund (JS/Agent.480412) gemeldet, den ich daraufhin entfernt habe. Der Scan mit GMER bricht leider nach wenigen Minuten mit einem Bluescreen ab! Ich hoffe, ihr könnt mir beim Bereinigen der Kiste helfen. Dafür schon mal ein fettes Danke! Falls noch Infos fehlen, bitten nen kleinen Hinweis, dann reiche ich sie sofort nach. Gruß hornet Hier die Logs: OLT.txt Code:
ATTFilter OTL logfile created on: 23.05.2013 19:35:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1021,31 Mb Total Physical Memory | 250,36 Mb Available Physical Memory | 24,51% Memory free 2,25 Gb Paging File | 0,95 Gb Available in Paging File | 42,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55,66 Gb Total Space | 16,84 Gb Free Space | 30,26% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 465,65 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive E: | 54,66 Gb Total Space | 46,22 Gb Free Space | 84,55% Space Free | Partition Type: NTFS Computer Name: VERENAUNDJUERGY | User Name: iiuuzgugz0guzkkk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.23 18:48:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2013.05.07 14:03:41 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2013.05.07 14:03:00 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.05.07 01:08:11 | 006,579,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-V4.20-delta.exe PRC - [2013.05.03 15:57:16 | 000,093,832 | ---- | M] (Microsoft Corporation) -- d:\f67f7aabe1058a83d042b5b46dc2e0\mrtstub.exe PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013.03.20 13:06:54 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.20 13:03:30 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.20 13:03:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.11 00:38:48 | 001,644,680 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.11.14 13:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Programme\MyTomTom 3\MyTomTomSA.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.07.22 22:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:23 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe PRC - [2007.01.15 17:14:54 | 000,147,456 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2007.01.15 17:13:50 | 001,208,320 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2006.12.14 20:07:26 | 000,411,768 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2006.12.14 20:06:14 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2006.12.11 18:27:12 | 000,530,552 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2006.11.14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006.11.13 11:29:40 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2006.11.07 15:50:50 | 003,772,416 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.10.31 23:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2006.10.27 14:11:02 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynToshiba.exe PRC - [2006.09.12 09:03:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2004.06.14 17:18:08 | 000,471,040 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Common Files\InstallShield\UpdateService\agent.exe ========== Modules (No Company Name) ========== MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2013.01.22 21:27:10 | 000,138,576 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll MOD - [2013.01.14 22:36:20 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.14 22:32:59 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.14 22:30:59 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll MOD - [2013.01.14 22:30:44 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\668c039655437b25586280e1fbff8ef0\PresentationFramework.ni.dll MOD - [2013.01.14 22:29:06 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll MOD - [2013.01.14 22:28:04 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll MOD - [2013.01.14 22:27:41 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.14 22:26:59 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.12.12 07:34:13 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2011.11.14 13:02:08 | 000,202,712 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterProxy.dll MOD - [2011.11.14 13:02:06 | 000,063,960 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterBase.dll MOD - [2011.11.14 13:01:52 | 007,964,160 | ---- | M] () -- C:\Programme\MyTomTom 3\QtGui4.dll MOD - [2011.11.14 13:01:52 | 002,648,064 | ---- | M] () -- C:\Programme\MyTomTom 3\QtXmlPatterns4.dll MOD - [2011.11.14 13:01:52 | 002,302,464 | ---- | M] () -- C:\Programme\MyTomTom 3\QtCore4.dll MOD - [2011.11.14 13:01:52 | 000,980,480 | ---- | M] () -- C:\Programme\MyTomTom 3\QtNetwork4.dll MOD - [2011.11.14 13:01:52 | 000,357,888 | ---- | M] () -- C:\Programme\MyTomTom 3\QtXml4.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2006.12.14 15:22:52 | 000,950,272 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll MOD - [2006.12.01 19:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll MOD - [2006.11.09 19:27:06 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2006.11.08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2006.10.20 14:49:22 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\ConfigFree\NotifyCFF.dll MOD - [2006.10.10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll MOD - [2006.09.16 23:19:36 | 000,126,976 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2013.05.16 14:46:31 | 000,128,000 | ---- | M] (Hilgraeve, Inc.) [On_Demand | Stopped] -- C:\ProgramData\tjmfco.dat -- (Winmgmt) SRV - [2013.05.16 14:28:04 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.07 14:03:41 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2013.04.13 16:05:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.03.20 13:06:54 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.20 13:03:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.12.14 20:06:14 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2006.11.14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006.10.31 23:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.09.12 09:03:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.03.20 13:09:04 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2013.03.20 13:09:03 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.20 13:09:03 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.03.20 13:09:02 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2007.09.26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.07.11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2007.07.11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2007.07.11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2007.05.11 03:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007.05.09 01:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007.03.05 06:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007.03.05 05:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT) DRV - [2007.03.05 05:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidMgr.sys -- (BTHidMgr) DRV - [2007.03.05 05:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum) DRV - [2007.03.05 05:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2007.03.05 05:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm) DRV - [2006.12.07 21:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.11.21 14:57:36 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2006.11.19 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.10.30 10:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.10.28 01:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006.10.23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006.10.05 23:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2006.10.05 17:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfhid.sys -- (Tosrfhid) DRV - [2006.08.31 07:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.07.06 14:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2006.02.14 19:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2006.02.14 19:41:20 | 000,208,256 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2005.08.01 17:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=cbe26291-5f6d-4268-9f3e-6eb476e7e7e8&apn_sauid=8F1C5B40-F5F6-4637-B78C-635D3AC596C9 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_de IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007.07.23 19:23:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.04.24 20:25:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 16:06:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.13 16:03:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 16:06:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.13 16:03:39 | 000,000,000 | ---D | M] [2008.09.02 12:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Extensions [2008.08.10 13:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.05.13 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions [2010.05.02 12:42:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.06 20:13:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.07.25 20:06:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.09.12 16:31:01 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2013.04.24 20:29:38 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\ffxtlbr@delta.com [2013.04.25 22:04:13 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\toolbar@ask.com [2013.05.13 21:05:33 | 000,620,130 | ---- | M] () (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\extensions\toolbar@web.de.xpi [2012.12.11 18:41:20 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.19 21:09:30 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js [2013.03.22 22:01:14 | 000,001,050 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\11-suche.xml [2013.04.25 20:10:55 | 000,002,413 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\askcom.xml [2013.05.03 13:33:07 | 000,006,473 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\babylon.xml [2013.05.03 13:33:07 | 000,006,473 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\BrowserProtect.xml [2013.04.24 20:29:44 | 000,001,294 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\delta.xml [2013.03.22 22:01:15 | 000,002,418 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\englische-ergebnisse.xml [2013.03.22 22:01:14 | 000,010,701 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\gmx-suche.xml [2013.05.12 20:23:07 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-1.xml [2009.02.06 22:17:00 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-10.xml [2009.03.08 21:54:16 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-11.xml [2009.04.05 17:53:34 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-12.xml [2011.03.05 13:29:22 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-13.xml [2011.03.07 21:43:09 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-14.xml [2011.03.26 22:16:25 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-15.xml [2011.04.27 22:03:02 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-16.xml [2011.06.09 20:43:06 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-17.xml [2011.07.03 17:03:47 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-18.xml [2011.07.05 22:19:34 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-19.xml [2008.04.17 19:42:54 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-2.xml [2011.08.17 19:44:20 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-20.xml [2011.08.24 20:08:57 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-21.xml [2011.09.14 17:26:22 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-22.xml [2011.08.18 21:40:40 | 000,000,618 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-23.xml [2011.10.04 17:29:52 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-24.xml [2011.10.12 12:08:52 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-25.xml [2011.11.11 22:38:10 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-26.xml [2011.11.16 21:36:25 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-27.xml [2011.12.05 18:27:15 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-28.xml [2011.12.21 17:16:36 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-29.xml [2008.07.07 21:23:52 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-3.xml [2011.12.21 19:09:31 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-30.xml [2012.01.09 18:44:33 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-31.xml [2012.01.12 12:36:43 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-32.xml [2012.02.09 17:28:19 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-33.xml [2012.02.16 15:23:57 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-34.xml [2012.02.21 18:38:08 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-35.xml [2012.04.01 19:51:11 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-36.xml [2012.05.16 18:41:17 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-37.xml [2012.06.14 20:43:28 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-38.xml [2012.06.26 18:37:33 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-39.xml [2008.07.09 18:23:18 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-4.xml [2012.07.30 17:58:23 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-40.xml [2012.08.16 11:01:02 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-41.xml [2012.09.04 16:52:30 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-42.xml [2012.09.11 20:17:48 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-43.xml [2012.11.02 11:23:39 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-44.xml [2012.11.06 20:51:31 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-45.xml [2012.12.11 18:45:00 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-46.xml [2013.01.22 21:22:37 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-47.xml [2013.02.09 18:56:18 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-48.xml [2013.03.12 16:38:05 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-49.xml [2008.07.23 22:53:11 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-5.xml [2013.03.17 11:49:56 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-50.xml [2013.04.15 17:22:27 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-51.xml [2008.09.02 13:03:09 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-6.xml [2008.10.12 20:25:46 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-7.xml [2008.11.13 19:28:55 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-8.xml [2008.12.18 16:34:30 | 000,000,950 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin-9.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\icqplugin.xml [2013.03.22 22:01:15 | 000,002,432 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\lastminute.xml [2013.03.22 22:01:14 | 000,005,682 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mozilla\firefox\profiles\r0dg6nbj.default\searchplugins\webde-suche.xml [2013.04.13 16:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.13 16:03:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.04.13 16:03:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.13 16:06:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.14 11:01:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.24 20:29:12 | 000,006,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.09.04 16:50:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.14 11:01:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 11:01:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 11:01:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 11:01:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [ctfmon.exe] C:\ProgramData\tjmfco.dat (Hilgraeve, Inc.) O4 - HKCU..\Run: [ICQ] C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found O4 - Startup: C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {3DF6983D-D415-4AE5-8106-43987731DAA5} https://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab (AldiActiveFormX Element) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{214C0E51-6235-49F0-BCB0-62C3A0472FDA}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{47206f6b-3bc5-11e2-aced-001167b66309}\Shell - "" = AutoRun O33 - MountPoints2\{47206f6b-3bc5-11e2-aced-001167b66309}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.16 14:46:31 | 000,128,000 | ---- | C] (Hilgraeve, Inc.) -- C:\ProgramData\tjmfco.dat [2013.05.16 14:46:31 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013.05.16 14:46:23 | 000,128,000 | ---- | C] (Hilgraeve, Inc.) -- C:\Users\iiuuzgugz0guzkkk\3251098.dll [2013.04.25 22:44:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2013.04.25 22:43:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2013.04.24 20:30:06 | 000,000,000 | ---D | C] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.04.24 20:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.04.24 20:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.04.24 20:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.04.24 20:28:18 | 000,000,000 | ---D | C] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Babylon [2013.04.24 20:25:19 | 000,000,000 | ---D | C] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\OpenCandy [2013.04.24 20:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.04.24 20:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.23 19:50:09 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job [2013.05.23 19:26:56 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.23 19:15:11 | 000,000,000 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\defogger_reenable [2013.05.23 19:12:51 | 000,013,542 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\nvModes.001 [2013.05.23 19:08:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 19:08:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 19:08:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.23 19:00:18 | 095,023,320 | ---- | M] () -- C:\ProgramData\ocfmjt.pad [2013.05.16 14:46:59 | 000,000,869 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013.05.16 14:46:53 | 000,002,634 | ---- | M] () -- C:\ProgramData\ocfmjt.js [2013.05.13 22:08:10 | 000,013,542 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\nvModes.dat [2013.05.12 21:09:14 | 000,002,637 | ---- | M] () -- C:\Users\iiuuzgugz0guzkkk\Desktop\Microsoft Office Word 2003.lnk [2013.04.24 20:26:04 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.23 19:15:11 | 000,000,000 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\defogger_reenable [2013.05.16 14:46:59 | 000,000,869 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013.05.16 14:46:53 | 000,002,634 | ---- | C] () -- C:\ProgramData\ocfmjt.js [2013.05.16 14:46:33 | 095,023,320 | ---- | C] () -- C:\ProgramData\ocfmjt.pad [2013.04.24 20:26:04 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2010.11.08 22:46:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.05.04 21:41:16 | 012,519,424 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\gs864w32.exe [2008.09.08 14:23:28 | 000,021,396 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\mdbu.bin [2008.02.13 12:59:02 | 000,004,096 | -H-- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Local\keyfile3.drm [2007.12.08 12:30:21 | 000,000,104 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Local\fusioncache.dat [2007.08.06 20:29:22 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.02.01 17:53:28 | 000,012,800 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.02.01 16:40:00 | 000,013,542 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\nvModes.dat [2007.02.01 16:40:00 | 000,013,542 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\nvModes.001 [2007.02.01 16:03:35 | 000,001,356 | ---- | C] () -- C:\Users\iiuuzgugz0guzkkk\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.04.24 20:28:18 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Babylon [2013.05.23 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox [2013.04.24 20:25:56 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\DVDVideoSoft [2013.04.24 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\DVDVideoSoftIEHelpers [2013.02.21 22:19:50 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\elsterformular [2013.01.22 21:18:09 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQ [2007.02.18 16:23:14 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQ Toolbar [2013.01.27 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQ-Profile [2007.02.13 23:15:04 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQLite [2013.01.22 21:27:14 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ICQM [2007.02.03 12:46:12 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\InterVideo [2009.06.15 21:36:49 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\LG Electronics [2008.05.28 19:04:07 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\MAGIX [2010.10.08 20:43:33 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Notepad++ [2013.04.24 20:25:19 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\OpenCandy [2009.04.17 20:08:42 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\phonostar-Player [2012.12.12 23:07:09 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\TeamViewer [2007.05.14 22:17:24 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\ThumbsPlus [2007.12.28 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\TomTom [2007.02.12 22:38:47 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\toshiba [2007.02.07 20:11:55 | 000,000,000 | ---D | M] -- C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Ulead Systems ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.05.2013 19:35:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1021,31 Mb Total Physical Memory | 250,36 Mb Available Physical Memory | 24,51% Memory free
2,25 Gb Paging File | 0,95 Gb Available in Paging File | 42,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,66 Gb Total Space | 16,84 Gb Free Space | 30,26% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 465,65 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive E: | 54,66 Gb Total Space | 46,22 Gb Free Space | 84,55% Space Free | Partition Type: NTFS
Computer Name: VERENAUNDJUERGY | User Name: iiuuzgugz0guzkkk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6085B71C-054C-4A06-91B5-E2E554D6FB35}" = rport=10243 | protocol=6 | dir=out | app=system |
"{68B52979-1CF8-499E-93DA-3626DB1D7530}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{717859AB-3632-4DD4-9360-6FB765DEF3B9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{774F18B9-C3B6-4389-87DE-02BF419B19A8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{79694605-E2AF-439C-A08C-929922A5006A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8F31BA82-D0E2-43A5-B4FB-43914C10518F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9229BC7D-1E40-488F-988A-49F8C064FDEA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98E03507-1402-4004-9FBC-4EB2D16B6857}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0747B95-817D-44BB-86F3-829E10DE47B2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06438CD4-7B78-41A6-85D1-FD79C9A8A40E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0E927955-515C-479C-A9C0-3050913CF378}" = protocol=6 | dir=out | app=system |
"{126F65C3-8968-4D68-A60F-8F1D2A00FB4B}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{12C7EFB6-6946-48F7-94B2-8FB7762F640F}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{17368C44-2520-49C9-A1AF-10A199CDA530}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CF5921C-ACD3-477B-9E14-9FDE2F4D377B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43520274-49EB-4236-963F-852206B96BFA}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{435B11D3-3347-4C8B-B25F-F2272CA3DAD0}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{5494B71B-40FA-4A3C-BE6D-A2DA2AFBF2F7}" = protocol=6 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\icqm\icq.exe |
"{60ACD675-BE1D-4562-AB91-AF85A987EA58}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D5568DC-48D9-435A-B775-3E114C56E60A}" = protocol=17 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe |
"{704C3669-5CAE-409D-AB38-1716D2E8CA9A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{72982F38-3940-419E-B486-A73239D58A4E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7850E609-9C5E-4341-9249-7F9E97B5B22E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{82424EFA-6F09-4B39-8EBF-10B376076EC8}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{8954612D-BD16-4B23-BC5D-980FA1BE4FC4}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{928FF804-5B32-482C-B835-8CB1F83730CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{986A46C7-5A13-4D59-9D1B-70143E23C709}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB20474D-7C12-45E8-8292-05A918E055BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB4135ED-7263-4395-AC74-81A2A84AD581}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{AB547AAB-51B7-4E44-9998-4EA48ABE1449}" = protocol=6 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe |
"{AD91D522-5B9D-43B5-9900-C6A1841B24F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFBCCA02-57C0-48A2-9726-A936CC2AB07B}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{D6B94C9A-A460-416E-B6E2-32EFF03B1C11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0631CFB-6D88-4C8D-9790-3A2E793D907F}" = protocol=17 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\icqm\icq.exe |
"{E2E83AA3-5D4D-4A9F-9A6E-D457B11E4E7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F73DAC55-8802-4A83-9BB1-56F9BC872627}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FE0FBD38-6761-4574-9816-437569639BC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE282B89-DDA9-42C6-85EA-A02B8A13E534}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{03F4B8CC-F00E-41FB-BB75-B330E91249D3}E:\programme\half life 2\hl2.exe" = protocol=6 | dir=in | app=e:\programme\half life 2\hl2.exe |
"TCP Query User{1A705D14-EF5D-4E4F-855E-60924A8E0283}C:\users\iiuuzgugz0guzkkk\appdata\local\temp\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\local\temp\teamviewer\version5\teamviewer.exe |
"TCP Query User{1BB45E51-E0BF-4821-B3E0-CE6B0A12E450}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1DB2C82F-4B0D-40D6-9A31-DABF10F12309}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{21DF95ED-48A0-40EF-A1C8-5D0CD9380BD0}E:\programme\motogp2\motogp2.exe" = protocol=6 | dir=in | app=e:\programme\motogp2\motogp2.exe |
"TCP Query User{224A8902-1BB2-4C8C-97A5-9711D76CA20F}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{4272AEEF-FEBF-4ECF-9C3C-0E99049D1C86}E:\programme\konami\pro evolution soccer 6\pes6.exe" = protocol=6 | dir=in | app=e:\programme\konami\pro evolution soccer 6\pes6.exe |
"TCP Query User{55EADE2E-14F4-424F-A206-A0FD94E51E92}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{58E71F4D-5E54-42E9-8443-2A0539D74341}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"TCP Query User{5DA763FD-1227-40A4-9C9D-670C5BD43A05}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{62B860ED-B73F-428B-B87B-D3407DD55D24}C:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{858CF3D2-BC0E-4315-A8DD-27FBE4CEC47E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{A2203824-9098-43C2-87BB-0E7FA3DC965E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C8DC81EE-057A-43E4-BCE7-DB9665EF82A3}E:\programme\motogp2\motogp2.exe" = protocol=6 | dir=in | app=e:\programme\motogp2\motogp2.exe |
"TCP Query User{C9DAFA5C-0226-4240-806C-DEDF8F19F78E}E:\programme\half life 2\hl2.exe" = protocol=6 | dir=in | app=e:\programme\half life 2\hl2.exe |
"TCP Query User{E4E6D3E7-5CE9-4A70-A15F-C716A39B6636}E:\programme\phonostar\ps_olect.exe" = protocol=6 | dir=in | app=e:\programme\phonostar\ps_olect.exe |
"UDP Query User{08D3A357-734A-495F-B121-DF59FE377E3B}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{18FEE142-752F-4D96-AFF8-5D519A0EC63B}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"UDP Query User{4660A34A-D06F-4978-B711-8EA19A99C12E}C:\users\iiuuzgugz0guzkkk\appdata\local\temp\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\local\temp\teamviewer\version5\teamviewer.exe |
"UDP Query User{4752A7BF-07D7-454F-B5C7-5002278B2BD4}E:\programme\konami\pro evolution soccer 6\pes6.exe" = protocol=17 | dir=in | app=e:\programme\konami\pro evolution soccer 6\pes6.exe |
"UDP Query User{4C788FFF-5440-4149-8999-651B5C2971F9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5E2B20BD-F340-4BB6-ADF5-724EAB72F749}E:\programme\half life 2\hl2.exe" = protocol=17 | dir=in | app=e:\programme\half life 2\hl2.exe |
"UDP Query User{60CD8BA4-C6BB-46A8-9CCA-067CF826A57A}C:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\iiuuzgugz0guzkkk\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{720F7885-2E9F-4843-80CC-DAF9E572DBDC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{77CF07F7-34A9-494A-80BD-EEA4531257ED}E:\programme\motogp2\motogp2.exe" = protocol=17 | dir=in | app=e:\programme\motogp2\motogp2.exe |
"UDP Query User{79DEDED8-AA1C-4307-A549-8CF264BC817F}E:\programme\motogp2\motogp2.exe" = protocol=17 | dir=in | app=e:\programme\motogp2\motogp2.exe |
"UDP Query User{82250871-C5E5-429C-8576-4D01C9103A17}E:\programme\half life 2\hl2.exe" = protocol=17 | dir=in | app=e:\programme\half life 2\hl2.exe |
"UDP Query User{BF145E4E-7A62-468F-956A-337936734B23}E:\programme\phonostar\ps_olect.exe" = protocol=17 | dir=in | app=e:\programme\phonostar\ps_olect.exe |
"UDP Query User{C1748497-8CD8-43B9-9D93-CD7B754D6416}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{CBA0EE3F-613D-4B54-AFFB-22FC01B3D047}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{D7B718A9-CD90-491F-905A-E114CFE3EA0B}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{E508114A-4150-4DD0-8376-C5ECF298BC8E}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{42F7C377-2A1F-44FB-A17F-053C29E81031}" = Nero 7
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{74892A2F-57B2-48E4-81C3-1E21E12A470B}" = TOSHIBA Supervisor Password
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B77A308F-85F5-4D68-8CB5-313332CB2779}" = TOSHIBA Hardware Setup
"{BA12FD6C-169A-11D7-A6A9-00C026281E5A}" = USB Vibration Joystick
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD90E059-509B-4AEB-8ADA-E9A6C7645671}" = TOSHIBA Benutzerhandbücher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"delta" = Delta toolbar
"ElsterFormular" = ElsterFormular
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.422
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Updater" = Google Updater
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoGP2_is1" = MotoGP2
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.530
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThumbsPlus7x" = ThumbsPlus 7x (deutsch)
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"ICQ" = ICQ 8.0 (build 5988, für aktuellen Benutzer)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.05.2013 13:00:28 | Computer Name = VerenaundJuergy | Source = EventSystem | ID = 4609
Description =
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = ESENT | ID = 412
Description = Windows (2528)Windows: Die Kopfzeile der Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
konnte nicht gelesen werden. Fehler -501.
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = ESENT | ID = 412
Description = Windows (2528)Windows: Die Kopfzeile der Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
konnte nicht gelesen werden. Fehler -501.
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 9000
Description =
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 7040
Description =
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 9002
Description =
Error - 23.05.2013 13:09:01 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 3029
Description =
Error - 23.05.2013 13:09:04 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 3029
Description =
Error - 23.05.2013 13:09:04 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 3028
Description =
Error - 23.05.2013 13:09:04 | Computer Name = VerenaundJuergy | Source = Windows Search Service | ID = 3058
Description =
[ Media Center Events ]
Error - 02.09.2007 16:14:14 | Computer Name = VerenaundJuergy | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 08.06.2009 13:59:37 | Computer Name = VerenaundJuergy | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 23.05.2013 13:00:00 | Computer Name = VERENAUNDJUERGY | Source = DCOM | ID = 10005
Description =
Error - 23.05.2013 13:00:00 | Computer Name = VERENAUNDJUERGY | Source = LSM | ID = 1048
Description =
Error - 23.05.2013 13:00:14 | Computer Name = VERENAUNDJUERGY | Source = DCOM | ID = 10005
Description =
Error - 23.05.2013 13:00:28 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description =
Error - 23.05.2013 13:00:33 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description =
Error - 23.05.2013 13:00:35 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description =
Error - 23.05.2013 13:00:35 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description =
Error - 23.05.2013 13:12:01 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10005
Description =
Error - 23.05.2013 13:15:02 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10010
Description =
Error - 23.05.2013 13:23:16 | Computer Name = VerenaundJuergy | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
23.05.2013, 21:06
| #2 |
| /// Malware-holic   | GVU Trojaner 2013 unter Vista Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [ctfmon.exe] C:\ProgramData\tjmfco.dat (Hilgraeve, Inc.)
:files
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
24.05.2013, 06:48
| #3 |
| | GVU Trojaner 2013 unter Vista Hi,
__________________vielen Dank für die schnelle Antwort! Der Fix ist durchgelaufen und der Upload hat auch problemlos funktioniert. Hier das Log-File: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
File move failed. C:\ProgramData\tjmfco.dat scheduled to be moved on reboot.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
->Temp folder emptied: 49595 bytes
->Temporary Internet Files folder emptied: 106942 bytes
User: iiuuzgugz0guzkkk
->Temp folder emptied: 520363313 bytes
->Temporary Internet Files folder emptied: 199125496 bytes
->Java cache emptied: 59035993 bytes
->FireFox cache emptied: 331691628 bytes
->Flash cache emptied: 30637 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80947444 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.136,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05242013_063935
Files\Folders moved on Reboot...
File move failed. C:\ProgramData\tjmfco.dat scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
24.05.2013, 10:16
| #4 |
| /// Malware-holic | GVU Trojaner 2013 unter Vista THX Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
b
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.05.2013, 00:06
| #5 |
| | GVU Trojaner 2013 unter Vista Hi, das LogFile von TDSSKiller: Code:
ATTFilter 00:58:46.0205 5648 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:58:46.0326 5648 ============================================================
00:58:46.0326 5648 Current date / time: 2013/05/25 00:58:46.0326
00:58:46.0326 5648 SystemInfo:
00:58:46.0326 5648
00:58:46.0327 5648 OS Version: 6.0.6002 ServicePack: 2.0
00:58:46.0327 5648 Product type: Workstation
00:58:46.0327 5648 ComputerName: VERENAUNDJUERGY
00:58:46.0327 5648 UserName: iiuuzgugz0guzkkk
00:58:46.0327 5648 Windows directory: C:\Windows
00:58:46.0327 5648 System windows directory: C:\Windows
00:58:46.0327 5648 Processor architecture: Intel x86
00:58:46.0328 5648 Number of processors: 2
00:58:46.0328 5648 Page size: 0x1000
00:58:46.0328 5648 Boot type: Normal boot
00:58:46.0328 5648 ============================================================
00:58:52.0432 5648 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:58:52.0436 5648 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:58:52.0445 5648 ============================================================
00:58:52.0445 5648 \Device\Harddisk0\DR0:
00:58:52.0456 5648 MBR partitions:
00:58:52.0456 5648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x6F54000
00:58:52.0456 5648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7242800, BlocksNum 0x6D51800
00:58:52.0456 5648 \Device\Harddisk1\DR2:
00:58:52.0457 5648 MBR partitions:
00:58:52.0457 5648 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
00:58:52.0457 5648 ============================================================
00:58:52.0487 5648 C: <-> \Device\Harddisk0\DR0\Partition1
00:58:52.0634 5648 E: <-> \Device\Harddisk0\DR0\Partition2
00:58:52.0654 5648 D: <-> \Device\Harddisk1\DR2\Partition1
00:58:52.0655 5648 ============================================================
00:58:52.0655 5648 Initialize success
00:58:52.0655 5648 ============================================================
00:59:46.0277 2376 ============================================================
00:59:46.0277 2376 Scan started
00:59:46.0277 2376 Mode: Manual; SigCheck; TDLFS;
00:59:46.0277 2376 ============================================================
00:59:53.0211 2376 ================ Scan system memory ========================
00:59:53.0211 2376 System memory - ok
00:59:53.0212 2376 ================ Scan services =============================
00:59:53.0726 2376 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
00:59:54.0394 2376 AAV UpdateService - ok
00:59:55.0044 2376 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
00:59:55.0193 2376 ACPI - ok
00:59:55.0296 2376 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:59:55.0419 2376 AdobeFlashPlayerUpdateSvc - ok
00:59:55.0609 2376 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:59:55.0850 2376 adp94xx - ok
00:59:55.0917 2376 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:59:56.0026 2376 adpahci - ok
00:59:56.0093 2376 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
00:59:56.0397 2376 adpu160m - ok
00:59:56.0461 2376 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:59:56.0562 2376 adpu320 - ok
00:59:56.0733 2376 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:59:57.0005 2376 AeLookupSvc - ok
00:59:57.0132 2376 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
00:59:57.0365 2376 AFD - ok
00:59:57.0412 2376 [ 1CB677BF1DABD3BAF4F944E2C90D6C73 ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
00:59:57.0512 2376 AgereModemAudio - ok
00:59:57.0828 2376 [ 4E6294A06BE883C9BD685A8DFD9FCD4E ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
00:59:58.0144 2376 AgereSoftModem - ok
00:59:58.0250 2376 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:59:58.0348 2376 agp440 - ok
00:59:58.0467 2376 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
00:59:58.0541 2376 aic78xx - ok
00:59:58.0623 2376 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
00:59:59.0175 2376 ALG - ok
00:59:59.0231 2376 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
00:59:59.0336 2376 aliide - ok
00:59:59.0410 2376 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
00:59:59.0468 2376 amdagp - ok
00:59:59.0498 2376 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
00:59:59.0582 2376 amdide - ok
00:59:59.0691 2376 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
01:00:00.0026 2376 AmdK7 - ok
01:00:00.0072 2376 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:00:00.0311 2376 AmdK8 - ok
01:00:00.0542 2376 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
01:00:00.0651 2376 AntiVirSchedulerService - ok
01:00:00.0722 2376 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
01:00:00.0775 2376 AntiVirService - ok
01:00:00.0928 2376 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
01:00:01.0075 2376 AntiVirWebService - ok
01:00:01.0164 2376 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
01:00:01.0298 2376 Appinfo - ok
01:00:01.0557 2376 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:00:01.0615 2376 Apple Mobile Device - ok
01:00:01.0752 2376 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
01:00:01.0830 2376 arc - ok
01:00:01.0888 2376 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:00:02.0061 2376 arcsas - ok
01:00:02.0168 2376 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:00:02.0333 2376 AsyncMac - ok
01:00:02.0464 2376 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
01:00:02.0509 2376 atapi - ok
01:00:02.0659 2376 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:00:02.0833 2376 AudioEndpointBuilder - ok
01:00:02.0963 2376 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
01:00:03.0054 2376 Audiosrv - ok
01:00:03.0195 2376 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
01:00:03.0308 2376 avgntflt - ok
01:00:03.0383 2376 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
01:00:03.0484 2376 avipbb - ok
01:00:03.0574 2376 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
01:00:03.0685 2376 avkmgr - ok
01:00:03.0776 2376 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
01:00:03.0945 2376 Beep - ok
01:00:04.0112 2376 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
01:00:04.0592 2376 BFE - ok
01:00:05.0015 2376 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
01:00:05.0330 2376 BITS - ok
01:00:05.0342 2376 blbdrive - ok
01:00:05.0468 2376 [ 852A1BD08E7DFEB9E30B5440881C0501 ] BlueletAudio C:\Windows\system32\DRIVERS\blueletaudio.sys
01:00:05.0563 2376 BlueletAudio - ok
01:00:05.0659 2376 [ 8FC27B12A02B43947787F0EF1885DF9B ] BlueletSCOAudio C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
01:00:05.0821 2376 BlueletSCOAudio - ok
01:00:05.0972 2376 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:00:06.0063 2376 Bonjour Service - ok
01:00:06.0154 2376 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:00:06.0329 2376 bowser - ok
01:00:06.0378 2376 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
01:00:06.0516 2376 BrFiltLo - ok
01:00:06.0545 2376 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
01:00:06.0656 2376 BrFiltUp - ok
01:00:06.0768 2376 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
01:00:06.0925 2376 Browser - ok
01:00:07.0686 2376 [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
01:00:08.0302 2376 BrowserProtect - ok
01:00:08.0375 2376 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
01:00:08.0575 2376 Brserid - ok
01:00:08.0609 2376 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
01:00:08.0803 2376 BrSerWdm - ok
01:00:08.0961 2376 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
01:00:09.0382 2376 BrUsbMdm - ok
01:00:09.0552 2376 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
01:00:09.0969 2376 BrUsbSer - ok
01:00:10.0080 2376 [ C5CCE2B26F73F8CF7F3C82159E79AA08 ] BT C:\Windows\system32\DRIVERS\btnetdrv.sys
01:00:10.0310 2376 BT - ok
01:00:10.0415 2376 [ DA473D279420234170DA795F1CAD4479 ] Btcsrusb C:\Windows\system32\Drivers\btcusb.sys
01:00:10.0493 2376 Btcsrusb - ok
01:00:10.0570 2376 [ CE643D0918123D76A5CAAB008FCA9663 ] BTHidEnum C:\Windows\system32\Drivers\vbtenum.sys
01:00:10.0664 2376 BTHidEnum - ok
01:00:10.0705 2376 [ DFCA4FE4C8AEC786B4D0F432EB730F48 ] BTHidMgr C:\Windows\system32\Drivers\BTHidMgr.sys
01:00:10.0797 2376 BTHidMgr - ok
01:00:10.0885 2376 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:00:11.0151 2376 BTHMODEM - ok
01:00:11.0286 2376 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:00:11.0467 2376 cdfs - ok
01:00:11.0605 2376 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:00:11.0771 2376 cdrom - ok
01:00:11.0863 2376 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
01:00:11.0978 2376 CertPropSvc - ok
01:00:12.0293 2376 [ C82162949BBA6CC5D006C7BD008F3CF1 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
01:00:12.0368 2376 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
01:00:12.0368 2376 CFSvcs - detected UnsignedFile.Multi.Generic (1)
01:00:12.0421 2376 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
01:00:12.0623 2376 circlass - ok
01:00:12.0757 2376 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
01:00:12.0849 2376 CLFS - ok
01:00:13.0003 2376 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:00:13.0092 2376 clr_optimization_v2.0.50727_32 - ok
01:00:13.0181 2376 CLTNetCnService - ok
01:00:13.0321 2376 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:00:13.0520 2376 CmBatt - ok
01:00:13.0613 2376 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:00:13.0750 2376 cmdide - ok
01:00:13.0815 2376 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:00:13.0908 2376 Compbatt - ok
01:00:13.0922 2376 COMSysApp - ok
01:00:14.0027 2376 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:00:14.0080 2376 crcdisk - ok
01:00:14.0126 2376 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
01:00:14.0371 2376 Crusoe - ok
01:00:14.0537 2376 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:00:14.0987 2376 CryptSvc - ok
01:00:15.0362 2376 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:00:15.0807 2376 DcomLaunch - ok
01:00:15.0901 2376 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:00:16.0056 2376 DfsC - ok
01:00:16.0318 2376 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
01:00:16.0878 2376 DFSR - ok
01:00:17.0034 2376 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
01:00:17.0170 2376 Dhcp - ok
01:00:17.0290 2376 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
01:00:17.0374 2376 disk - ok
01:00:17.0476 2376 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:00:17.0620 2376 Dnscache - ok
01:00:17.0701 2376 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:00:17.0853 2376 dot3svc - ok
01:00:17.0920 2376 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
01:00:18.0048 2376 DPS - ok
01:00:18.0166 2376 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:00:18.0380 2376 drmkaud - ok
01:00:18.0621 2376 [ FB85F7F69E9B109820409243F578CC4D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:00:19.0095 2376 DXGKrnl - ok
01:00:19.0161 2376 [ D00EEAE1CACD77A1A8396BBC19140BBA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
01:00:19.0365 2376 E100B - ok
01:00:19.0624 2376 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
01:00:20.0204 2376 E1G60 - ok
01:00:20.0328 2376 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
01:00:20.0484 2376 EapHost - ok
01:00:20.0618 2376 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
01:00:20.0718 2376 Ecache - ok
01:00:21.0172 2376 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:00:21.0531 2376 ehRecvr - ok
01:00:21.0576 2376 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
01:00:22.0216 2376 ehSched - ok
01:00:22.0353 2376 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
01:00:22.0530 2376 ehstart - ok
01:00:22.0738 2376 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:00:22.0893 2376 elxstor - ok
01:00:23.0098 2376 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
01:00:23.0553 2376 EMDMgmt - ok
01:00:23.0712 2376 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
01:00:24.0334 2376 EventSystem - ok
01:00:24.0447 2376 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
01:00:24.0693 2376 exfat - ok
01:00:24.0801 2376 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:00:24.0981 2376 fastfat - ok
01:00:25.0142 2376 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:00:25.0424 2376 fdc - ok
01:00:25.0620 2376 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
01:00:25.0762 2376 fdPHost - ok
01:00:25.0893 2376 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
01:00:26.0203 2376 FDResPub - ok
01:00:26.0280 2376 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:00:26.0391 2376 FileInfo - ok
01:00:26.0453 2376 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:00:27.0081 2376 Filetrace - ok
01:00:27.0123 2376 FirebirdServerMAGIXInstance - ok
01:00:27.0232 2376 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:00:27.0537 2376 flpydisk - ok
01:00:27.0667 2376 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:00:27.0792 2376 FltMgr - ok
01:00:27.0878 2376 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:00:27.0922 2376 FontCache3.0.0.0 - ok
01:00:27.0967 2376 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:00:28.0191 2376 Fs_Rec - ok
01:00:28.0238 2376 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
01:00:28.0339 2376 FwLnk - ok
01:00:28.0450 2376 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:00:28.0634 2376 gagp30kx - ok
01:00:28.0684 2376 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:00:28.0762 2376 GEARAspiWDM - ok
01:00:28.0969 2376 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
01:00:29.0141 2376 gpsvc - ok
01:00:29.0467 2376 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
01:00:29.0537 2376 gusvc - ok
01:00:29.0700 2376 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:00:29.0991 2376 HdAudAddService - ok
01:00:30.0223 2376 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:00:30.0448 2376 HDAudBus - ok
01:00:30.0495 2376 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:00:30.0702 2376 HidBth - ok
01:00:30.0774 2376 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
01:00:30.0986 2376 HidIr - ok
01:00:31.0049 2376 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
01:00:31.0203 2376 hidserv - ok
01:00:31.0317 2376 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:00:31.0502 2376 HidUsb - ok
01:00:31.0617 2376 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:00:31.0786 2376 hkmsvc - ok
01:00:31.0906 2376 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
01:00:32.0210 2376 HpCISSs - ok
01:00:32.0290 2376 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:00:32.0494 2376 HTTP - ok
01:00:32.0723 2376 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
01:00:32.0933 2376 i2omp - ok
01:00:33.0067 2376 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:00:33.0288 2376 i8042prt - ok
01:00:33.0405 2376 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
01:00:33.0570 2376 iaStorV - ok
01:00:33.0666 2376 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
01:00:33.0822 2376 IDriverT ( UnsignedFile.Multi.Generic ) - warning
01:00:33.0822 2376 IDriverT - detected UnsignedFile.Multi.Generic (1)
01:00:34.0021 2376 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:00:34.0244 2376 idsvc - ok
01:00:34.0274 2376 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:00:34.0346 2376 iirsp - ok
01:00:34.0519 2376 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
01:00:34.0776 2376 IKEEXT - ok
01:00:35.0046 2376 [ 2690BE9907B36B7C3EA2859C74926FA1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
01:00:35.0288 2376 IntcAzAudAddService - ok
01:00:35.0411 2376 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
01:00:35.0496 2376 intelide - ok
01:00:35.0549 2376 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:00:35.0696 2376 intelppm - ok
01:00:35.0758 2376 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:00:35.0927 2376 IPBusEnum - ok
01:00:36.0020 2376 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:00:36.0432 2376 IpFilterDriver - ok
01:00:36.0472 2376 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:00:36.0620 2376 iphlpsvc - ok
01:00:36.0630 2376 IpInIp - ok
01:00:36.0710 2376 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
01:00:36.0917 2376 IPMIDRV - ok
01:00:36.0971 2376 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
01:00:37.0116 2376 IPNAT - ok
01:00:37.0197 2376 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:00:37.0312 2376 iPod Service - ok
01:00:37.0416 2376 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:00:37.0579 2376 IRENUM - ok
01:00:37.0670 2376 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:00:37.0792 2376 isapnp - ok
01:00:37.0907 2376 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
01:00:38.0011 2376 iScsiPrt - ok
01:00:38.0146 2376 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
01:00:38.0349 2376 iteatapi - ok
01:00:38.0420 2376 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
01:00:38.0502 2376 iteraid - ok
01:00:38.0569 2376 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:00:38.0650 2376 kbdclass - ok
01:00:38.0770 2376 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
01:00:39.0022 2376 kbdhid - ok
01:00:39.0084 2376 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
01:00:39.0255 2376 KeyIso - ok
01:00:39.0375 2376 [ 1E0D65F7FFEB4E99B2EEC1CCB5754CC8 ] KR10I C:\Windows\system32\drivers\kr10i.sys
01:00:39.0476 2376 KR10I - ok
01:00:39.0597 2376 [ 0F9E83709CBB60B1549F3A65D0AB6E4F ] KR10N C:\Windows\system32\drivers\kr10n.sys
01:00:39.0845 2376 KR10N - ok
01:00:40.0045 2376 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:00:40.0360 2376 KSecDD - ok
01:00:40.0444 2376 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
01:00:40.0654 2376 KtmRm - ok
01:00:40.0751 2376 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
01:00:40.0905 2376 LanmanServer - ok
01:00:41.0050 2376 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:00:41.0279 2376 LanmanWorkstation - ok
01:00:41.0370 2376 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:00:41.0536 2376 lltdio - ok
01:00:41.0726 2376 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:00:41.0938 2376 lltdsvc - ok
01:00:41.0990 2376 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:00:42.0233 2376 lmhosts - ok
01:00:42.0301 2376 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:00:42.0372 2376 LSI_FC - ok
01:00:42.0495 2376 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:00:42.0574 2376 LSI_SAS - ok
01:00:42.0628 2376 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:00:42.0689 2376 LSI_SCSI - ok
01:00:42.0751 2376 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
01:00:42.0883 2376 luafv - ok
01:00:42.0963 2376 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:00:43.0069 2376 Mcx2Svc - ok
01:00:43.0204 2376 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
01:00:43.0291 2376 megasas - ok
01:00:43.0420 2376 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
01:00:43.0631 2376 MMCSS - ok
01:00:43.0852 2376 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
01:00:44.0004 2376 Modem - ok
01:00:44.0157 2376 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:00:44.0427 2376 monitor - ok
01:00:44.0504 2376 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:00:44.0585 2376 mouclass - ok
01:00:44.0680 2376 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:00:44.0819 2376 mouhid - ok
01:00:44.0891 2376 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
01:00:45.0021 2376 MountMgr - ok
01:00:45.0203 2376 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:00:45.0303 2376 MozillaMaintenance - ok
01:00:45.0385 2376 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
01:00:45.0473 2376 mpio - ok
01:00:45.0552 2376 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:00:45.0745 2376 mpsdrv - ok
01:00:45.0999 2376 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
01:00:46.0245 2376 MpsSvc - ok
01:00:46.0330 2376 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
01:00:46.0432 2376 Mraid35x - ok
01:00:46.0547 2376 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:00:46.0680 2376 MRxDAV - ok
01:00:46.0759 2376 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:00:46.0920 2376 mrxsmb - ok
01:00:47.0079 2376 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:00:47.0464 2376 mrxsmb10 - ok
01:00:47.0570 2376 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:00:47.0743 2376 mrxsmb20 - ok
01:00:47.0803 2376 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
01:00:47.0933 2376 msahci - ok
01:00:47.0990 2376 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:00:48.0183 2376 msdsm - ok
01:00:48.0265 2376 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
01:00:48.0527 2376 MSDTC - ok
01:00:48.0672 2376 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:00:48.0851 2376 Msfs - ok
01:00:49.0152 2376 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:00:49.0273 2376 msisadrv - ok
01:00:49.0324 2376 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:00:49.0616 2376 MSiSCSI - ok
01:00:49.0626 2376 msiserver - ok
01:00:49.0704 2376 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:00:49.0849 2376 MSKSSRV - ok
01:00:49.0907 2376 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:00:50.0063 2376 MSPCLOCK - ok
01:00:50.0243 2376 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:00:50.0356 2376 MSPQM - ok
01:00:50.0431 2376 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:00:50.0633 2376 MsRPC - ok
01:00:50.0679 2376 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:00:50.0770 2376 mssmbios - ok
01:00:50.0807 2376 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:00:50.0934 2376 MSTEE - ok
01:00:50.0996 2376 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
01:00:51.0075 2376 Mup - ok
01:00:51.0146 2376 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
01:00:51.0296 2376 napagent - ok
01:00:51.0348 2376 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:00:51.0437 2376 NativeWifiP - ok
01:00:51.0713 2376 [ 89844C3D3A7AAE8999E229C88E452633 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
01:00:52.0082 2376 NBService ( UnsignedFile.Multi.Generic ) - warning
01:00:52.0082 2376 NBService - detected UnsignedFile.Multi.Generic (1)
01:00:52.0152 2376 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:00:52.0397 2376 NDIS - ok
01:00:52.0442 2376 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:00:52.0578 2376 NdisTapi - ok
01:00:52.0631 2376 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:00:52.0805 2376 Ndisuio - ok
01:00:52.0887 2376 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:00:52.0981 2376 NdisWan - ok
01:00:53.0019 2376 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:00:53.0197 2376 NDProxy - ok
01:00:53.0261 2376 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:00:53.0444 2376 NetBIOS - ok
01:00:53.0526 2376 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
01:00:53.0668 2376 netbt - ok
01:00:53.0703 2376 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
01:00:53.0753 2376 Netlogon - ok
01:00:53.0801 2376 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
01:00:53.0924 2376 Netman - ok
01:00:54.0006 2376 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
01:00:54.0152 2376 netprofm - ok
01:00:54.0222 2376 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:00:54.0347 2376 NetTcpPortSharing - ok
01:00:54.0645 2376 [ ACC6170D80C69E50145B370023B64ED3 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
01:00:55.0227 2376 NETw3v32 - ok
01:00:55.0893 2376 [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
01:00:56.0171 2376 NETw4v32 - ok
01:00:56.0388 2376 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:00:56.0525 2376 nfrd960 - ok
01:00:56.0700 2376 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:00:56.0826 2376 NlaSvc - ok
01:00:56.0999 2376 [ 8DD0CDB0C700992D10169D8769EF5F43 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
01:00:57.0052 2376 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
01:00:57.0053 2376 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
01:00:57.0089 2376 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:00:57.0218 2376 Npfs - ok
01:00:57.0271 2376 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
01:00:57.0402 2376 nsi - ok
01:00:57.0490 2376 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:00:57.0696 2376 nsiproxy - ok
01:00:57.0999 2376 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:00:58.0667 2376 Ntfs - ok
01:00:58.0738 2376 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
01:00:58.0944 2376 ntrigdigi - ok
01:00:59.0051 2376 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
01:00:59.0194 2376 Null - ok
01:01:00.0166 2376 [ B02587FA997723297384C95F424E78FA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:01:02.0385 2376 nvlddmkm - ok
01:01:02.0434 2376 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:01:02.0533 2376 nvraid - ok
01:01:02.0566 2376 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:01:02.0630 2376 nvstor - ok
01:01:02.0708 2376 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:01:02.0809 2376 nv_agp - ok
01:01:02.0833 2376 NwlnkFlt - ok
01:01:02.0849 2376 NwlnkFwd - ok
01:01:02.0916 2376 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
01:01:03.0044 2376 ohci1394 - ok
01:01:03.0205 2376 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:01:03.0284 2376 ose - ok
01:01:03.0538 2376 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
01:01:03.0890 2376 p2pimsvc - ok
01:01:04.0078 2376 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
01:01:04.0258 2376 p2psvc - ok
01:01:04.0363 2376 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
01:01:04.0571 2376 Parport - ok
01:01:04.0631 2376 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:01:04.0727 2376 partmgr - ok
01:01:04.0792 2376 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
01:01:05.0026 2376 Parvdm - ok
01:01:05.0142 2376 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
01:01:05.0288 2376 PcaSvc - ok
01:01:05.0379 2376 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
01:01:05.0458 2376 pci - ok
01:01:05.0533 2376 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
01:01:05.0789 2376 pciide - ok
01:01:05.0976 2376 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
01:01:06.0196 2376 pcmcia - ok
01:01:06.0450 2376 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:01:06.0788 2376 PEAUTH - ok
01:01:07.0017 2376 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
01:01:07.0462 2376 pla - ok
01:01:07.0667 2376 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:01:07.0840 2376 PlugPlay - ok
01:01:07.0956 2376 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
01:01:08.0032 2376 PNRPAutoReg - ok
01:01:08.0093 2376 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
01:01:08.0195 2376 PNRPsvc - ok
01:01:08.0316 2376 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:01:08.0454 2376 PolicyAgent - ok
01:01:08.0563 2376 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:01:08.0737 2376 PptpMiniport - ok
01:01:08.0773 2376 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
01:01:08.0957 2376 Processor - ok
01:01:09.0035 2376 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
01:01:09.0158 2376 ProfSvc - ok
01:01:09.0203 2376 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
01:01:09.0276 2376 ProtectedStorage - ok
01:01:09.0333 2376 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
01:01:09.0416 2376 PSched - ok
01:01:09.0523 2376 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:01:09.0879 2376 ql2300 - ok
01:01:09.0950 2376 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:01:10.0080 2376 ql40xx - ok
01:01:10.0176 2376 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
01:01:10.0347 2376 QWAVE - ok
01:01:10.0393 2376 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:01:10.0479 2376 QWAVEdrv - ok
01:01:10.0520 2376 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:01:10.0654 2376 RasAcd - ok
01:01:10.0758 2376 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
01:01:10.0927 2376 RasAuto - ok
01:01:10.0998 2376 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:01:11.0184 2376 Rasl2tp - ok
01:01:11.0362 2376 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
01:01:11.0522 2376 RasMan - ok
01:01:11.0610 2376 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:01:11.0750 2376 RasPppoe - ok
01:01:11.0795 2376 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:01:11.0971 2376 RasSstp - ok
01:01:12.0028 2376 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:01:12.0202 2376 rdbss - ok
01:01:12.0274 2376 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:01:12.0429 2376 RDPCDD - ok
01:01:12.0509 2376 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
01:01:12.0770 2376 rdpdr - ok
01:01:12.0796 2376 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:01:12.0998 2376 RDPENCDD - ok
01:01:13.0082 2376 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:01:13.0382 2376 RDPWD - ok
01:01:13.0503 2376 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:01:13.0652 2376 RemoteAccess - ok
01:01:13.0803 2376 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:01:13.0978 2376 RemoteRegistry - ok
01:01:14.0050 2376 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
01:01:14.0323 2376 ROOTMODEM - ok
01:01:14.0367 2376 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
01:01:14.0598 2376 RpcLocator - ok
01:01:14.0769 2376 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
01:01:15.0080 2376 RpcSs - ok
01:01:15.0152 2376 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:01:15.0438 2376 rspndr - ok
01:01:15.0469 2376 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
01:01:15.0517 2376 SamSs - ok
01:01:15.0589 2376 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:01:15.0789 2376 sbp2port - ok
01:01:15.0919 2376 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:01:16.0098 2376 SCardSvr - ok
01:01:16.0583 2376 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
01:01:17.0371 2376 Schedule - ok
01:01:17.0404 2376 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
01:01:17.0478 2376 SCPolicySvc - ok
01:01:17.0528 2376 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
01:01:17.0764 2376 sdbus - ok
01:01:17.0855 2376 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:01:18.0260 2376 SDRSVC - ok
01:01:18.0329 2376 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:01:18.0567 2376 secdrv - ok
01:01:18.0638 2376 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
01:01:18.0824 2376 seclogon - ok
01:01:18.0860 2376 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
01:01:19.0030 2376 SENS - ok
01:01:19.0109 2376 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:01:19.0356 2376 Serenum - ok
01:01:19.0409 2376 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
01:01:19.0768 2376 Serial - ok
01:01:19.0842 2376 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:01:20.0019 2376 sermouse - ok
01:01:20.0125 2376 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
01:01:20.0271 2376 SessionEnv - ok
01:01:20.0375 2376 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
01:01:20.0514 2376 sffdisk - ok
01:01:20.0574 2376 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:01:20.0831 2376 sffp_mmc - ok
01:01:20.0927 2376 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
01:01:21.0051 2376 sffp_sd - ok
01:01:21.0111 2376 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:01:21.0300 2376 sfloppy - ok
01:01:21.0382 2376 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:01:21.0659 2376 SharedAccess - ok
01:01:21.0829 2376 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:01:21.0994 2376 ShellHWDetection - ok
01:01:22.0181 2376 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
01:01:22.0604 2376 sisagp - ok
01:01:22.0658 2376 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
01:01:22.0996 2376 SiSRaid2 - ok
01:01:23.0089 2376 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:01:23.0251 2376 SiSRaid4 - ok
01:01:23.0515 2376 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
01:01:23.0665 2376 SkypeUpdate - ok
01:01:24.0594 2376 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
01:01:26.0844 2376 slsvc - ok
01:01:26.0948 2376 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
01:01:27.0065 2376 SLUINotify - ok
01:01:27.0143 2376 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:01:27.0392 2376 Smb - ok
01:01:27.0429 2376 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:01:27.0499 2376 SNMPTRAP - ok
01:01:27.0571 2376 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
01:01:27.0725 2376 spldr - ok
01:01:27.0791 2376 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
01:01:27.0933 2376 Spooler - ok
01:01:28.0224 2376 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
01:01:28.0832 2376 srv - ok
01:01:28.0895 2376 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:01:29.0208 2376 srv2 - ok
01:01:29.0261 2376 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:01:29.0506 2376 srvnet - ok
01:01:29.0562 2376 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:01:29.0740 2376 SSDPSRV - ok
01:01:29.0808 2376 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
01:01:29.0974 2376 ssmdrv - ok
01:01:30.0066 2376 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:01:30.0199 2376 SstpSvc - ok
01:01:30.0469 2376 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
01:01:31.0361 2376 stisvc - ok
01:01:31.0454 2376 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:01:31.0527 2376 swenum - ok
01:01:31.0644 2376 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
01:01:31.0844 2376 swprv - ok
01:01:31.0971 2376 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
01:01:32.0088 2376 Symc8xx - ok
01:01:32.0143 2376 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
01:01:32.0220 2376 Sym_hi - ok
01:01:32.0294 2376 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
01:01:32.0516 2376 Sym_u3 - ok
01:01:32.0742 2376 [ 2D2C815364A878C7E358D5F549711197 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
01:01:32.0848 2376 SynTP - ok
01:01:32.0987 2376 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
01:01:33.0512 2376 SysMain - ok
01:01:33.0637 2376 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:01:34.0446 2376 TabletInputService - ok
01:01:34.0544 2376 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:01:34.0707 2376 TapiSrv - ok
01:01:34.0775 2376 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
01:01:34.0899 2376 TBS - ok
01:01:35.0161 2376 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:01:35.0610 2376 Tcpip - ok
01:01:36.0077 2376 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
01:01:36.0198 2376 Tcpip6 - ok
01:01:36.0291 2376 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:01:36.0650 2376 tcpipreg - ok
01:01:36.0741 2376 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
01:01:36.0877 2376 tdcmdpst - ok
01:01:36.0934 2376 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:01:37.0131 2376 TDPIPE - ok
01:01:37.0188 2376 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:01:37.0369 2376 TDTCP - ok
01:01:37.0544 2376 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:01:37.0721 2376 tdx - ok
01:01:37.0757 2376 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:01:37.0890 2376 TermDD - ok
01:01:38.0032 2376 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
01:01:38.0378 2376 TermService - ok
01:01:38.0498 2376 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
01:01:38.0582 2376 Themes - ok
01:01:38.0616 2376 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
01:01:38.0715 2376 THREADORDER - ok
01:01:39.0001 2376 [ F779BA4CD37963AB4600C9871B7752A3 ] tifm21 C:\Windows\system32\drivers\tifm21.sys
01:01:39.0202 2376 tifm21 - ok
01:01:39.0278 2376 [ D540858E65BFA6FDED41AD2495ECE344 ] TODDSrv C:\Windows\system32\TODDSrv.exe
01:01:39.0620 2376 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
01:01:39.0620 2376 TODDSrv - detected UnsignedFile.Multi.Generic (1)
01:01:39.0933 2376 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
01:01:40.0104 2376 TomTomHOMEService - ok
01:01:40.0296 2376 [ FE267A802103687E45DE449BE05CE87C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
01:01:40.0681 2376 TosCoSrv - ok
01:01:40.0846 2376 [ 76148C3159718B701252F87B067904A6 ] TOSHIBA Bluetooth Service c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
01:01:40.0951 2376 TOSHIBA Bluetooth Service ( UnsignedFile.Multi.Generic ) - warning
01:01:40.0951 2376 TOSHIBA Bluetooth Service - detected UnsignedFile.Multi.Generic (1)
01:01:41.0052 2376 [ B758FDA2E4389DC41688E4B8CEE832A0 ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
01:01:41.0255 2376 tosrfbd - ok
01:01:41.0411 2376 [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom C:\Windows\system32\drivers\Tosrfcom.sys
01:01:42.0460 2376 Tosrfcom - ok
01:01:43.0075 2376 [ 5C4103544612E5011EF46301B93D1AA6 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
01:01:43.0583 2376 tosrfec - ok
01:01:43.0840 2376 [ 28099A4E52148319AFA685D93A2244D0 ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
01:01:45.0140 2376 Tosrfhid - ok
01:01:45.0567 2376 [ 20CC46C5D3326122E1A0A8C9DAD00E0D ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
01:01:46.0159 2376 Tosrfusb - ok
01:01:46.0248 2376 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
01:01:46.0630 2376 TrkWks - ok
01:01:46.0695 2376 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:01:46.0800 2376 TrustedInstaller - ok
01:01:46.0852 2376 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:01:47.0036 2376 tssecsrv - ok
01:01:47.0126 2376 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
01:01:47.0373 2376 tunmp - ok
01:01:47.0544 2376 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:01:47.0651 2376 tunnel - ok
01:01:47.0762 2376 [ 521C5F39829875ADF5466DD94C6282C7 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
01:01:47.0915 2376 TVALZ - ok
01:01:48.0045 2376 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:01:48.0179 2376 uagp35 - ok
01:01:48.0346 2376 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:01:48.0559 2376 udfs - ok
01:01:48.0808 2376 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:01:49.0024 2376 UI0Detect - ok
01:01:49.0441 2376 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
01:01:49.0577 2376 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
01:01:49.0577 2376 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
01:01:49.0660 2376 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:01:49.0784 2376 uliagpkx - ok
01:01:49.0885 2376 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
01:01:50.0012 2376 uliahci - ok
01:01:50.0083 2376 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
01:01:50.0214 2376 UlSata - ok
01:01:50.0268 2376 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
01:01:50.0426 2376 ulsata2 - ok
01:01:50.0494 2376 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:01:50.0649 2376 umbus - ok
01:01:50.0907 2376 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
01:01:51.0052 2376 upnphost - ok
01:01:51.0130 2376 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
01:01:51.0281 2376 USBAAPL - ok
01:01:51.0353 2376 [ 5AADC9297C39AA249CD994ACDBA19034 ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
01:01:51.0478 2376 usbbus - ok
01:01:51.0535 2376 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
01:01:51.0864 2376 usbccgp - ok
01:01:51.0939 2376 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:01:52.0167 2376 usbcir - ok
01:01:52.0236 2376 [ 4650FFE04E5922399B0E932319E6B215 ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
01:01:52.0355 2376 UsbDiag - ok
01:01:52.0407 2376 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:01:52.0561 2376 usbehci - ok
01:01:52.0653 2376 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:01:52.0801 2376 usbhub - ok
01:01:52.0868 2376 [ 2666FE171E0C2E7085CCD5FE0BAC09E3 ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
01:01:52.0977 2376 USBModem - ok
01:01:53.0068 2376 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:01:53.0292 2376 usbohci - ok
01:01:53.0356 2376 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:01:53.0594 2376 usbprint - ok
01:01:53.0700 2376 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:01:53.0892 2376 USBSTOR - ok
01:01:53.0959 2376 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:01:54.0288 2376 usbuhci - ok
01:01:54.0372 2376 [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
01:01:54.0476 2376 usb_rndisx - ok
01:01:54.0562 2376 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
01:01:54.0699 2376 UxSms - ok
01:01:54.0780 2376 [ 51750B0539986186C6931FC40D171521 ] VComm C:\Windows\system32\DRIVERS\VComm.sys
01:01:54.0912 2376 VComm - ok
01:01:54.0969 2376 [ 6D9C891C0A761AFED1F3609C2E56F2B9 ] VcommMgr C:\Windows\system32\Drivers\VcommMgr.sys
01:01:55.0057 2376 VcommMgr - ok
01:01:55.0148 2376 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
01:01:55.0304 2376 vds - ok
01:01:55.0366 2376 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:01:55.0585 2376 vga - ok
01:01:55.0679 2376 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
01:01:55.0808 2376 VgaSave - ok
01:01:55.0892 2376 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
01:01:55.0985 2376 viaagp - ok
01:01:56.0054 2376 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
01:01:56.0272 2376 ViaC7 - ok
01:01:56.0472 2376 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
01:01:56.0664 2376 viaide - ok
01:01:56.0793 2376 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:01:56.0938 2376 volmgr - ok
01:01:57.0013 2376 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:01:57.0123 2376 volmgrx - ok
01:01:57.0177 2376 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:01:57.0306 2376 volsnap - ok
01:01:57.0371 2376 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:01:57.0448 2376 vsmraid - ok
01:01:58.0008 2376 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
01:01:58.0536 2376 VSS - ok
01:01:58.0645 2376 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
01:01:58.0737 2376 W32Time - ok
01:01:58.0832 2376 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:01:59.0129 2376 WacomPen - ok
01:01:59.0197 2376 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
01:01:59.0312 2376 Wanarp - ok
01:01:59.0368 2376 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:01:59.0435 2376 Wanarpv6 - ok
01:01:59.0596 2376 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:01:59.0842 2376 wcncsvc - ok
01:01:59.0921 2376 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:02:00.0056 2376 WcsPlugInService - ok
01:02:00.0101 2376 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
01:02:00.0210 2376 Wd - ok
01:02:00.0301 2376 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:02:00.0477 2376 Wdf01000 - ok
01:02:00.0534 2376 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:02:00.0733 2376 WdiServiceHost - ok
01:02:00.0742 2376 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:02:00.0837 2376 WdiSystemHost - ok
01:02:00.0916 2376 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
01:02:01.0033 2376 WebClient - ok
01:02:01.0224 2376 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:02:01.0346 2376 Wecsvc - ok
01:02:01.0468 2376 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:02:01.0658 2376 wercplsupport - ok
01:02:01.0732 2376 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
01:02:01.0861 2376 WerSvc - ok
01:02:02.0109 2376 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
01:02:02.0440 2376 WinDefend - ok
01:02:02.0479 2376 WinHttpAutoProxySvc - ok
01:02:02.0634 2376 [ D1DCE2E6A956EAD7F278D0C14573C4CA ] Winmgmt C:\PROGRA~2\tjmfco.dat
01:02:02.0699 2376 Winmgmt ( UnsignedFile.Multi.Generic ) - warning
01:02:02.0699 2376 Winmgmt - detected UnsignedFile.Multi.Generic (1)
01:02:02.0759 2376 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
01:02:03.0011 2376 WinRM - ok
01:02:03.0136 2376 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
01:02:03.0335 2376 Wlansvc - ok
01:02:03.0385 2376 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:02:03.0642 2376 WmiAcpi - ok
01:02:03.0895 2376 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:02:04.0019 2376 wmiApSrv - ok
01:02:04.0418 2376 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
01:02:04.0918 2376 WMPNetworkSvc - ok
01:02:05.0087 2376 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:02:05.0354 2376 WPCSvc - ok
01:02:05.0452 2376 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:02:05.0665 2376 WPDBusEnum - ok
01:02:05.0752 2376 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
01:02:05.0897 2376 WpdUsb - ok
01:02:05.0989 2376 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:02:06.0181 2376 ws2ifsl - ok
01:02:06.0234 2376 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
01:02:06.0317 2376 wscsvc - ok
01:02:06.0328 2376 WSearch - ok
01:02:06.0505 2376 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
01:02:06.0754 2376 wuauserv - ok
01:02:06.0821 2376 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:02:06.0958 2376 WUDFRd - ok
01:02:07.0039 2376 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:02:07.0216 2376 wudfsvc - ok
01:02:07.0267 2376 ================ Scan global ===============================
01:02:07.0303 2376 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
01:02:07.0423 2376 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
01:02:07.0627 2376 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
01:02:07.0817 2376 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
01:02:07.0897 2376 [Global] - ok
01:02:07.0898 2376 ================ Scan MBR ==================================
01:02:07.0912 2376 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
01:02:09.0729 2376 \Device\Harddisk0\DR0 - ok
01:02:09.0740 2376 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
01:02:09.0948 2376 \Device\Harddisk1\DR2 - ok
01:02:09.0965 2376 ================ Scan VBR ==================================
01:02:10.0013 2376 [ 83E90C797EDE9BEB3FDA68197D2097A1 ] \Device\Harddisk0\DR0\Partition1
01:02:10.0017 2376 \Device\Harddisk0\DR0\Partition1 - ok
01:02:10.0047 2376 [ 7C2264F1DE741B358DB838871C397B41 ] \Device\Harddisk0\DR0\Partition2
01:02:10.0051 2376 \Device\Harddisk0\DR0\Partition2 - ok
01:02:10.0059 2376 [ 037125AEC0D4EA305F95B80AE61A4325 ] \Device\Harddisk1\DR2\Partition1
01:02:10.0064 2376 \Device\Harddisk1\DR2\Partition1 - ok
01:02:10.0065 2376 ============================================================
01:02:10.0065 2376 Scan finished
01:02:10.0065 2376 ============================================================
01:02:10.0094 1264 Detected object count: 8
01:02:10.0094 1264 Actual detected object count: 8
01:02:53.0552 1264 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0552 1264 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:53.0557 1264 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0557 1264 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:53.0562 1264 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0563 1264 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:53.0569 1264 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0569 1264 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:53.0575 1264 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0575 1264 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:53.0582 1264 TOSHIBA Bluetooth Service ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0583 1264 TOSHIBA Bluetooth Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:53.0589 1264 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0589 1264 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:53.0594 1264 Winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:53.0594 1264 Winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
25.05.2013, 15:35
| #6 |
| /// Malware-holic | GVU Trojaner 2013 unter Vista Hi, Scan mit Combofix
__________________ --> GVU Trojaner 2013 unter Vista |
|
27.05.2013, 21:52
| #7 |
| | GVU Trojaner 2013 unter Vista Hi, der Scan mit ComboFix hat nicht funktioniert. Habe AntiVir deaktiviert, den Defender und alles, was ich sonst noch so gefunden habe ausgemacht. Die Festplatte wurde auch durchsucht und er hat einige Sachen gefunden, die er gelöscht hat. Aber dann hat er sich aufgehängt. Auf C: ist kein Logfile zu sehen. |
|
28.05.2013, 10:09
| #8 |
| /// Malware-holic | GVU Trojaner 2013 unter Vista neustarten, f8 drücken abgesicherter Modus wählen, in deinem Konto anmelden und noch mal versuchen. dann wieder in den normalen Modus und Log posten bitteb
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.05.2013, 19:26
| #9 |
| | GVU Trojaner 2013 unter Vista Hi, jetzt hat's geklappt, danke! Combofix.txt Code:
ATTFilter ComboFix 13-05-27.02 - iiuuzgugz0guzkkk 29.05.2013 19:56:46.3.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1021.641 [GMT 2:00]
ausgeführt von:: c:\users\iiuuzgugz0guzkkk\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-28 bis 2013-05-29 ))))))))))))))))))))))))))))))
.
.
2013-05-29 18:05 . 2013-05-29 18:06 -------- d-----w- c:\users\iiuuzgugz0guzkkk\AppData\Local\temp
2013-05-29 18:05 . 2013-05-29 18:05 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-05-29 18:05 . 2013-05-29 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-23 19:10 . 2013-05-23 19:10 2639 ----a-w- c:\programdata\ocfmjt.js
2013-05-23 18:08 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C781DC56-8F83-4B05-83FB-944F4D95E63D}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 12:28 . 2012-04-19 13:19 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-16 12:28 . 2011-06-10 18:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2009-10-02 18:05 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-03-20 13:08 . 2013-03-20 13:09 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-20 13:08 . 2012-07-25 17:48 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-20 13:08 . 2010-05-26 19:18 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-20 11:09 . 2013-03-20 11:18 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-20 11:09 . 2013-03-20 11:18 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-20 11:09 . 2013-03-20 11:18 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-11 13:25 . 2013-04-10 17:35 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 17:35 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 17:35 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 17:35 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 17:35 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 17:35 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-03-05 01:40 . 2013-04-10 17:27 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-03-03 19:07 . 2013-04-10 17:35 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-13 14:06 . 2013-04-13 14:02 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-03-10 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-04-22 19:02 280736 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"ICQ"="c:\users\iiuuzgugz0guzkkk\AppData\Roaming\ICQM\icq.exe" [2013-01-22 26599784]
"MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 3772416]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-03-10 1644680]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
msconfig.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261249~1.132\{C16C1~1\BROWSE~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 12:28]
.
2013-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-23 14:54]
.
2013-05-27 c:\windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job
- c:\windows\system32\msfeedssync.exe [2008-06-20 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: {3DF6983D-D415-4AE5-8106-43987731DAA5} - hxxps://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab
FF - ProfilePath - c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-04-24 20:29; ffxtlbr@delta.com; c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: !HIDDEN! 2007-07-23 19:23; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2008-12-07 21:34; {800b5000-a755-47e1-992b-48a1c1357f07}; c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - ExtSQL: !HIDDEN! 2009-07-15 22:48; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-12-16 22:22; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 94df5336000000000000001167b66309
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15819
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1620:29
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-Firebird SQL Server D - c:\program files\ALDI Foto Service Nord\Common\Database\unwise.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-29 20:06
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(684)
c:\users\iiuuzgugz0guzkkk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
Zeit der Fertigstellung: 2013-05-29 20:10:10
ComboFix-quarantined-files.txt 2013-05-29 18:09
.
Vor Suchlauf: 9 Verzeichnis(se), 18.107.789.312 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 17.977.892.864 Bytes frei
.
- - End Of File - - 486AFE2444BF7F10257D50865B7971B2
|
|
29.05.2013, 19:41
| #10 |
| /// Malware-holic | GVU Trojaner 2013 unter Vista Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.05.2013, 05:13
| #11 |
| | GVU Trojaner 2013 unter Vista Hi, beim ersten Suchlauf im normalen Modus ist der Suchlauf durchgelaufen, aber kurz vorm entfernen der 2 Funde ist er abgeschmiert. Also nochmal im abgesicherten Modus, da hat alles funktioniert. Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.30.06 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6002.18005 iiuuzgugz0guzkkk :: VERENAUNDJUERGY [Administrator] 30.05.2013 23:55:18 mbam-log-2013-05-30 (23-55-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 433049 Laufzeit: 1 Stunde(n), 9 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Qoobox\Quarantine\C\ProgramData\tjmfco.dat.vir (Trojan.Agent.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Users\iiuuzgugz0guzkkk\3251098.dll.vir (Trojan.Agent.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
31.05.2013, 10:55
| #12 |
| /// Malware-holic | GVU Trojaner 2013 unter Vista Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 20:09
| #13 |
| | GVU Trojaner 2013 unter Vista Hi, sorry, war eineinhalb Wochen krank und das Notebook war am Arbeitsort. Hier die uninstall Liste vom CCleaner: Code:
ATTFilter AAVUpdateManager Akademische Arbeitsgemeinschaft 22.11.2010 14,4MB 12.00.0000 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 16.05.2013 11.7.700.202 notwendig Adobe Reader 9.5.5 - Deutsch Adobe Systems Incorporated 13.06.2013 118MB 9.5.5 notwendig Adobe Shockwave Player 11.5 Adobe Systems, Inc. 29.01.2011 7,21MB 11.5.9.615 nicht notwendig Apple Application Support Apple Inc. 28.02.2013 62,7MB 2.3.3 notwendig Apple Mobile Device Support Apple Inc. 28.02.2013 24,6MB 6.1.0.13 notwendig Apple Software Update Apple Inc. 21.07.2011 2,38MB 2.1.3.127 notwendig Avira Free Antivirus Avira 07.05.2013 109MB 13.0.0.3640 notwendig Avira SearchFree Toolbar plus Web Protection Ask.com 19.03.2013 3,64MB 1.15.20.0 nicht notwendig Avira SearchFree Toolbar plus Web Protection Updater Ask.com 19.03.2013 1,60MB 1.2.4.37949 nicht notwendig Bluesoleil2.6.0.8 Release 070517 IVT Corporation 30.06.2008 11,3MB 2.6.0.8 Release 070517 nicht notwendig Bluetooth Stack for Windows by Toshiba 15.12.2006 54,5MB v5.00.10(T) notwendig Bonjour Apple Inc. 13.10.2011 1,06MB 3.0.0.10 notwendig BrowserProtect Bit89 Inc 24.04.2013 7,86MB nicht notwendig CCleaner Piriform 24.05.2013 2,35MB 4.02 notwendig CD/DVD Drive Acoustic Silencer TOSHIBA 31.01.2007 460KB 2.00.02 notwendig Delta toolbar Delta 24.04.2013 1.8.16.16 nicht notwendig Dropbox Dropbox, Inc. 04.04.2013 23,9MB 1.6.18 notwendig DVD MovieFactory for TOSHIBA Ulead Systems, Inc. 31.01.2007 253MB 5.3 notwendig ElsterFormular Landesfinanzdirektion Thüringen 17.03.2013 368MB 14.1.11318 notwendig Free YouTube to MP3 Converter version 3.12.2.422 DVDVideoSoft Ltd. 24.04.2013 3,40MB 3.12.2.422 notwendig FreePDF XP (Remove only) 04.05.2009 3,00MB nicht notwendig Google Earth Google 05.01.2010 69,5MB 5.1.7894.7252 nicht notwendig Google Updater Google Inc. 18.09.2011 2,48MB 2.4.2432.1652 nicht notwendig iCloud Apple Inc. 22.12.2012 48,3MB 2.1.1.3 notwendig ICQ 8.0 (build 5988, für aktuellen Benutzer) Mail.Ru 21.01.2013 83,9MB 8.0.5988.0 nicht notwendig ICQ7.6 ICQ 17.10.2011 54,4MB 7.6 nicht notwendig iTunes Apple Inc. 28.02.2013 186MB 11.0.2.26 notwendig Java 7 Update 17 Oracle 19.03.2013 129MB 7.0.170 notwendig Java(TM) 6 Update 7 Sun Microsystems, Inc. 17.08.2008 136MB 1.6.0.70 nicht notwendig Java(TM) SE Runtime Environment 6 Sun Microsystems, Inc. 15.12.2006 114MB 1.6.0.0 nicht notwendig JavaFX 2.1.1 Oracle Corporation 25.07.2012 20,8MB 2.1.1 nicht notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 29.05.2013 13,3MB 1.75.0.1300 notwendig Microsoft .NET Framework 1.1 13.01.2013 nicht notwendig? Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 29.06.2009 27,8MB notwendig Microsoft Office Professional Edition 2003 Microsoft Corporation 11.02.2007 336MB 11.0.5614.0 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 08.10.2010 342KB 8.0.59193 nicht notwendig? Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.03.2009 590KB 9.0.30729 nicht notwendig? Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 19.10.2010 590KB 9.0.30729.4148 nicht notwendig? Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 09.08.2011 594KB 9.0.30729.6161 nicht notwendig? Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.10.2011 11,1MB 10.0.40219 notwendig MotoGP2 THQ 17.02.2007 577MB nicht notwendig Mozilla Firefox 20.0.1 (x86 de) Mozilla 15.04.2013 51,0MB 20.0.1 notwendig Mozilla Maintenance Service Mozilla 15.04.2013 204KB 20.0.1 nicht notwendig MSXML 4.0 SP2 (KB927978) Microsoft Corporation 12.02.2007 1,23MB 4.20.9841.0 nicht notwendig? MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.11.2008 1,27MB 4.20.9870.0 nicht notwendig? MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,33MB 4.20.9876.0 nicht notwendig? MyTomTom 3.1.0.530 TomTom 04.03.2012 17,4MB 3.1.0.530 nicht notwendig Nero 7 Premium Nero AG 11.02.2007 1,50GB 7.02.4716 notwendig NVIDIA Drivers 31.01.2007 notwendig Pro Evolution Soccer 6 KONAMI 17.02.2007 1,42GB 1.00.0000 nicht notwendig QuickTime Apple Inc. 22.12.2012 73,1MB 7.73.80.64 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 15.12.2006 9,95MB 6.0.1.5326 notwendig RedMon - Redirection Port Monitor 04.05.2009 unbekannt Rossmann Fotowelt Software 4.12.1 ORWO Net 02.09.2012 322MB 4.12.1 nicht notwendig Safari Apple Inc. 22.12.2012 104MB 5.34.57.2 nicht notwendig Skype Click to Call Skype Technologies S.A. 06.11.2011 12,6MB 5.6.8442 nicht notwendig Skype™ 5.10 Skype Technologies S.A. 18.07.2012 19,4MB 5.10.116 nicht notwendig Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 29.01.2009 32,5MB 8.0.0 nicht notwendig Steuer-Spar-Erklärung 2010 Akademische Arbeitsgemeinschaft Verlag 22.11.2010 280MB 15.13 notwendig Synaptics Pointing Device Driver Synaptics 15.12.2006 12,9MB 9.1.0.0 notwendig Texas Hold'em Poker 3D - Deluxe Edition 1.0 Play + Smile Marketing GmbH 17.12.2007 137MB nicht notwendig Texas Instruments PCIxx21/x515/xx12 drivers. Ihr Firmenname 15.12.2006 832KB 1.23.0000 nicht notwendig ThumbsPlus 7x (deutsch) Atlantic Software Exchange, Inc. 18.02.2007 29,5MB nicht notwendig TomTom HOME 2.8.3.2499 TomTom 04.03.2012 43,4MB 2.8.3.2499 nicht notwendig TomTom HOME Visual Studio Merge Modules TomTom International B.V. 23.03.2009 1,88MB 1.0.2 nicht notwendig TOSHIBA Assist 31.01.2007 744KB 2.00.01 notwendig TOSHIBA Benutzerhandbücher TOSHIBA 15.12.2006 5,05MB 7.10 notwendig TOSHIBA ConfigFree TOSHIBA 15.12.2006 39,3MB 7.00.22 notwendig TOSHIBA Disc Creator TOSHIBA Corporation 15.12.2006 9,57MB 2.0.0.0 notwendig TOSHIBA Extended Tiles for Windows Mobility Center Toshiba 15.12.2006 1,27MB 1.00.00 notwendig TOSHIBA Hardware Setup 31.01.2007 1,64MB 2.00.04STV notwendig Toshiba Online Product Information TOSHIBA 15.12.2006 4,49MB 1.00.0002 notwendig TOSHIBA SD Memory Utilities TOSHIBA 15.12.2006 1,40MB 1.6 notwendig TOSHIBA Software Modem Agere Systems 15.12.2006 notwendig TOSHIBA Supervisor Password 31.01.2007 1,64MB 2.00.04STV notwendig TOSHIBA Value Added Package TOSHIBA Corporation 15.12.2006 1.0.7 notwendig USB Vibration Joystick 13.02.2007 148KB 2002.10.8 nicht notwendig Visual Studio C++ 10.0 Runtime TomTom International B.V. 04.03.2012 8,00KB 10.0.0 nicht notwendig Windows Media Encoder 9-Reihe 15.12.2006 13,6MB nicht notwendig Windows Media Player Firefox Plugin Microsoft Corp 22.04.2008 296KB 1.0.0.8 nicht notwendig WinDVD for TOSHIBA InterVideo Inc. 15.12.2006 74,1MB 8.0-B6.108 notwendig WinRAR Archivierer 11.02.2007 3,39MB nicht notwendig |
|
13.06.2013, 20:25
| #14 |
| /// Malware-holic | GVU Trojaner 2013 unter Vista deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Avira SearchFree : beide bitte weg. Delta : weg damit ist adware Java : alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Spelling Öffne CCleaner, analysieren, starten, pcneustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 22:56
| #15 |
| | GVU Trojaner 2013 unter Vista Hi, hab alles so gemacht, wie beschrieben. Hier die Log-Datei: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 13/06/2013 um 23:33:35 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : iiuuzgugz0guzkkk - VERENAUNDJUERGY
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\iiuuzgugz0guzkkk\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-10.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-4.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-5.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-6.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-7.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-8.xml
Datei Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\searchplugins\icqplugin-9.xml
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gelöscht : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42EC-B55A-3CAEB12DBF58}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6002.18005
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Prev Search Bar] = hxxp://google.icq.com/search/search_frame.php --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\prefs.js
C:\Users\iiuuzgugz0guzkkk\AppData\Roaming\Mozilla\Firefox\Profiles\r0dg6nbj.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_v[...]
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "94df5336000000000000001167b66309");
Gelöscht : user_pref("extensions.delta.instlDay", "15819");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1620:29:42");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
Gelöscht : user_pref("extensions.snipit.askTbInstalled", true);
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.firstTbRun", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1366483723);
Gelöscht : user_pref("icqtoolbar.history", "mit%20freundlichen%20gr%C3%BC%C3%9Fen%20cover||porzellanhochzeit||g[...]
Gelöscht : user_pref("icqtoolbar.hpChange", true);
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1343239609");
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "20.0.1");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "117147954511714795451207254095410");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1366913460);
Gelöscht : user_pref("icqtoolbar.userHpApproved", true);
Gelöscht : user_pref("icqtoolbar.version", "1.5.3");
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Gelöscht : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
*************************
AdwCleaner[S1].txt - [10018 octets] - [13/06/2013 23:33:35]
########## EOF - C:\AdwCleaner[S1].txt - [10079 octets] ##########
Gruß hornet |
|
| Themen zu GVU Trojaner 2013 unter Vista |
| antivir, avira, avira searchfree toolbar, bho, bluescreen, bonjour, converter, dvdvideosoft ltd., error, excel, failed, firefox, flash player, home, iexplore.exe, install.exe, kis, logfile, mp3, object, plug-in, realtek, registry, scan, security, svchost.exe, symantec, trojaner, vista, visual studio |
Textbox. 
WARNUNG an die MITLESER: 
Linear-Darstellung
