| |
| |||||||
Log-Analyse und Auswertung: Zeus Virus auf meinen Laptop ?!!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
17.06.2013, 12:46
| #1 |
| |  Zeus Virus auf meinen Laptop ?!! Hallo liebe Community, Ich habe gestern eine E-Mail von GMX bekommen in der stand das mein Computer mit einen sogennanten Zeus Virus infisziert wurde. So mein Problem ist jetzt folgendes: Arbeite mit Windows Security Essentials und ich weiß nicht ob der diesen Virus gefunden und gelöscht hat. Da ich unter Google verzweifelt nach einer Anleitung gesucht habe wie man diesen Virus am besten findet bin ich auf eure Seite gestoßen. Ich hoffe ihr könnt mir helfen, bin echt am verzweifeln und ich hoffe ihr habt Geduld mit mir und könnt mir alles erklären denn kenn mich genau 0 mit diesen logs und fixes etc. aus bin auf diesem gebiet echt ahnungslos. Ich danke euch schon mal im Vorraus. Liebe Grüße Dominik |
|
17.06.2013, 12:50
| #2 |
| /// Malware-holic   | Zeus Virus auf meinen Laptop ?!! hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
17.06.2013, 13:13
| #3 |
| | Zeus Virus auf meinen Laptop ?!! OTL Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 17.06.2013 13:54:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fichtinger\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 65,35% Memory free
7,72 Gb Paging File | 6,17 Gb Available in Paging File | 79,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 23,90 Gb Free Space | 10,26% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 224,46 Gb Free Space | 96,54% Space Free | Partition Type: NTFS
Computer Name: FICHTINGER-TOSH | User Name: Fichtinger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F787E95-9746-4532-AA9F-6FCC3D414052}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0FB23615-A332-4140-8824-CA1570999C4A}" = lport=138 | protocol=17 | dir=in | app=system |
"{2530D428-8E2A-4314-A7D5-1B5BBD55A7D3}" = rport=138 | protocol=17 | dir=out | app=system |
"{3205638E-0AC9-4B47-A60B-1BC197FE40EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35179212-5FBE-4FDC-8F77-694682B4F1D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{374FC66C-019E-4DE2-B7F0-38DD2E99D7D4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37BFD380-5EEF-4102-A7E9-4C312CD7A55F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{43B2A3F6-2048-468D-82BF-2C08B324F303}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{57262D1C-46ED-4BC4-B210-5AB77A783E2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E4141CA-7958-4BCC-A995-6E89C600D68B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{710610D7-608D-48EC-84E6-EAE33FCEC1A3}" = rport=445 | protocol=6 | dir=out | app=system |
"{8381ECA0-92DC-491E-B0E3-73CF35438CB3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8CAE0BF2-2405-483F-AE86-F8C841D621D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E70CDC0-B40D-4087-989C-630218DC8C0E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A974D06F-8872-49C2-AA90-EACC8C5160BB}" = lport=139 | protocol=6 | dir=in | app=system |
"{B19E881A-0113-4358-900F-B6F8FC0C09C2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B61A98E3-9668-4BB9-AC5C-D64BE9C2EE96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D899077C-4720-4AAF-B6E0-29358078564F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8C1FB43-3266-49DD-970F-28AFDEAC0333}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DBBB99AB-0A98-47B1-AF67-C39BB169BA87}" = rport=137 | protocol=17 | dir=out | app=system |
"{DC497147-EF57-4C1C-94D8-0EA5B77C0998}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED4C0071-EEE1-4266-B68A-6A999D81167B}" = rport=139 | protocol=6 | dir=out | app=system |
"{EE021535-CEAA-448A-B6A8-EA93F12D33BA}" = lport=137 | protocol=17 | dir=in | app=system |
"{F15BD0AD-D0C0-4FDE-8A82-C785CD88CAC2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F84138BE-48C8-4471-ABC8-A9C988FE9B86}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D243CB9-5EE7-41EC-B5B1-E1048419D501}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0DB0A7EB-F920-4C29-AFFF-6AD98AE38F8B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F87345D-B94E-4EBC-B422-5B0E00C7A9DF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{14063136-0FE7-4885-AD62-9308409B9590}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{17200811-E178-43AA-9AC4-226126A1CAA2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1C8293B8-F124-48E2-9E76-E9F0F5E28870}" = protocol=6 | dir=out | app=system |
"{2A5CBE8A-3128-4B5E-B66A-14B05C80B489}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2DAC7BEB-76CF-4B23-8A08-E4EB227D8B25}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3A9A7956-687E-4B36-A6CD-3A242704D03C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B781856-8D2A-4D14-97AE-C09E667E9484}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3BF2D4B4-981B-4E9C-921F-DBD6BBD8BC75}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4199917B-A7A7-4F2F-B1CC-92FEC88DBD85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48DAE98A-C4FB-44E5-B41F-1F3AFA5806EC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{77934344-34F6-48A1-BC2E-DBE2CD81E410}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{79062331-30A2-430A-BD77-6C2F995C894B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{87F6E3C5-3949-465F-B748-5923D840D655}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{8A982606-EE89-41C3-989B-B243DCCFBF99}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{937F2594-A2BA-4051-9D0A-6E0801C15243}" = dir=in | app=c:\users\fichtinger\appdata\local\microsoft\skydrive\skydrive.exe |
"{945E31ED-3D0C-45C3-8CF6-2A49CB63B30C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96ACB237-0DE6-408D-8228-4B5609F89775}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A4FD81B8-AD48-4CE1-8F85-F1D75321A191}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A642D360-90CE-4A87-9FBE-2C8D7A6B88BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B09A2238-CD0B-4A18-BDCA-7BB2A8A42259}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BBA5C148-0C48-49F4-9E1C-AB7EFFA18A9A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{BD513523-22A7-4B0F-AED0-94782219D139}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C464244E-23EF-4210-8126-3F6C36AA76A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C56D49FE-CAD9-4AC1-8F18-F26C2E690FC7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C5E90C0B-224F-4BDB-B037-30D26A87FA6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CFA0DA64-1905-4DCA-8F01-B2F6F0E2DD51}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D66DCC47-29CF-4F0B-AFE1-08377D659012}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DC8C2B86-90AA-4606-A9CD-E0A11D20B9C7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EBB52438-A7D3-4B2F-B594-4C2C0FB8F84C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2784B3C-D331-45F2-A5C6-6E6B308B3A61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8D28B96-3458-4715-8C15-3935120F41D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFCE6E22-D8D9-45D2-A3F1-EFB8E36AC634}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1CF11F92-3E04-427F-93C7-6241BAA6193F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2AB2505C-F0FA-4844-8AF0-CF0A4B0F92F1}C:\program files (x86)\spacialaudio\sambc\samreporter\samreporter.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spacialaudio\sambc\samreporter\samreporter.exe |
"TCP Query User{59C1606D-2A91-4399-907A-D663B932FA9E}C:\users\fichtinger\appdata\roaming\ukvye\enni.exe" = protocol=6 | dir=in | app=c:\users\fichtinger\appdata\roaming\ukvye\enni.exe |
"TCP Query User{5D0FD2E8-22D2-4124-8BA6-0EEA0AC1DA6E}C:\program files (x86)\steam\steamapps\crazy_vegaz\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\crazy_vegaz\team fortress 2\hl2.exe |
"TCP Query User{624839F9-93EC-44A9-926D-5B697F9DC62B}C:\users\fichtinger\appdata\roaming\ukvye\enni.exe" = protocol=6 | dir=in | app=c:\users\fichtinger\appdata\roaming\ukvye\enni.exe |
"TCP Query User{83874EF6-708C-48A0-9B07-591379F6501C}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{BE96F815-FE46-4F9F-9F5B-8369D92823DD}C:\program files (x86)\spacialaudio\sambc\sambc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spacialaudio\sambc\sambc.exe |
"TCP Query User{D00951E2-6E53-4165-9DAF-D2CB0267C611}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
"UDP Query User{042E7AC2-1836-4311-B847-AFEA27E04EFA}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{3E482469-CE53-47C0-9F80-1210EDD04C6D}C:\users\fichtinger\appdata\roaming\ukvye\enni.exe" = protocol=17 | dir=in | app=c:\users\fichtinger\appdata\roaming\ukvye\enni.exe |
"UDP Query User{611804C0-E46D-4E6C-92FF-1B59D7ACD479}C:\program files (x86)\steam\steamapps\crazy_vegaz\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\crazy_vegaz\team fortress 2\hl2.exe |
"UDP Query User{656AB330-EBCC-428E-BD73-AEFBB43B5EB6}C:\program files (x86)\spacialaudio\sambc\sambc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spacialaudio\sambc\sambc.exe |
"UDP Query User{882D9B72-5567-4D97-AC1F-F754ED283E57}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9F67C7E5-2100-4C72-BE38-BEB16D46FCA9}C:\users\fichtinger\appdata\roaming\ukvye\enni.exe" = protocol=17 | dir=in | app=c:\users\fichtinger\appdata\roaming\ukvye\enni.exe |
"UDP Query User{A4AE15E3-F2AB-4F08-AE55-5795E3B18011}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
"UDP Query User{AE03C7D0-5888-48BA-9275-F7647DBAB134}C:\program files (x86)\spacialaudio\sambc\samreporter\samreporter.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spacialaudio\sambc\samreporter\samreporter.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{19087D46-BF7E-9A26-9270-9B36B77898AB}" = ccc-utility64
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A92CF2B1-6B11-49CE-66E4-0140C7F5784A}" = ATI Catalyst Install Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"4F214B105BE2C47A7C10086525680BB7DCF7DEEB" = Windows-Treiberpaket - ATI Technologies Inc. (amdkmdap) Display (10/05/2010 8.783.0.0000)
"E8AD071510D6DB50A4A5327191F59F7569D3BB7F" = Windows-Treiberpaket - ATI Technologies Inc. (amdkmdap) Display (10/05/2010 8.783.0.0000)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0ABDFAA5-B009-D501-DF69-149E3616A158}" = CCC Help Hungarian
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}" = Fotogalerie
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{22C58DA3-FA02-4DD3-8C5B-23570411E95B}" = Windows Live Writer Resources
"{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2CA6BDD8-6408-5335-E168-3EC1D11794D2}" = CCC Help German
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3CDEEF17-0808-6986-A217-5E683487791C}" = CCC Help Chinese Standard
"{3DC44403-BC62-95DF-09B6-7ECA2497D020}" = ccc-core-static
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{423EE102-4E12-F41C-58D0-461D3854B3E8}" = CCC Help Greek
"{4517E23D-4BDF-4274-D13A-0D47422B4880}" = Catalyst Control Center Graphics Previews Vista
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{49DC9658-D26A-4AAB-A83A-2655B8033056}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4D17E-89A1-6664-19FF-2D0D8B457683}" = CCC Help Japanese
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53CF942D-C13D-4252-A60D-82D8626E03A2}" = CCC Help Dutch
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{59C4A26F-060A-FE5D-8978-18C9CDA17ADD}" = CCC Help Norwegian
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5CED4654-5416-F816-5464-106E21FF2484}" = CCC Help Thai
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6000D586-E066-3044-63BE-854ECC5DBC57}" = Catalyst Control Center InstallProxy
"{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}" = Movie Maker
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6BDD00D7-DBE1-EB7C-4EFF-79FDD5AB9471}" = CCC Help English
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{743280B5-F04D-909D-27FC-50074576A3C7}" = CCC Help Spanish
"{754B5075-86CF-499D-BB3A-C8716821153F}" = Catalyst Control Center Localization All
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AC3D68A-39E1-421D-8E7E-7071A6C6EFD0}" = Catalyst Control Center - Branding
"{7FCAD144-6740-77DC-E056-403362752EBB}" = CCC Help Italian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8D4E90A0-8E0B-B6DF-8F8D-57365E4BC567}" = Catalyst Control Center Graphics Previews Common
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EB0C95A-4532-F1F5-F9EE-1D2A065F7AFF}" = CCC Help Chinese Traditional
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{946D0475-A801-D3CE-5EF9-3058DB11228F}" = CCC Help Turkish
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9E80531C-FB38-F137-1A95-373581ACD4A0}" = CCC Help Russian
"{A19926A5-5057-E1D4-37AB-C11673A691E9}" = CCC Help Swedish
"{A7059FE7-EC11-DE4F-7343-DA8668DD1BDE}" = CCC Help Korean
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BC3AB0D7-5F53-3767-433C-1FBB8909FF83}" = CCC Help Polish
"{BD474DC3-3728-160E-0B81-7C3D14D01A8D}" = CCC Help Finnish
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C5F45A2E-7D97-CE35-C35B-946062A4EED5}" = CCC Help Portuguese
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C6D3FE2A-D248-FA78-CFF3-9A5EA7FA23C2}" = CCC Help French
"{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack
"{CF76F70B-342A-117C-E909-F1C08D2E8743}" = CCC Help Danish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D29B0575-C3DE-4746-A893-4FDF0F7D68B2}" = Windows Live Mail
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FAA369-B0E3-48B8-9447-4873103B0012}" = TOSHIBA ConfigFree
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{FF52988E-45D6-F3AC-A7A6-2A3C1708EFC4}" = CCC Help Czech
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"PunkBusterSvc" = PunkBuster Services
"SAM3" = SAM Broadcaster (remove only)
"toolplugin" = toolplugin
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088759" = Polar Bowler
"WT089367" = Farm Mania 2
"WT089378" = Jewel Quest II
"WT089380" = Penguins!
"WT089381" = Slingo Supreme
"WT089388" = Zuma Deluxe
"WT089395" = Plants vs. Zombies - Game of the Year
"WT089404" = Fishdom
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.03.2013 15:32:12 | Computer Name = Fichtinger-TOSH | Source = MsiInstaller | ID = 11706
Description =
Error - 09.03.2013 17:48:43 | Computer Name = Fichtinger-TOSH | Source = MsiInstaller | ID = 11706
Description =
Error - 10.03.2013 10:31:32 | Computer Name = Fichtinger-TOSH | Source = MsiInstaller | ID = 11706
Description =
Error - 11.03.2013 16:55:10 | Computer Name = Fichtinger-TOSH | Source = MsiInstaller | ID = 11706
Description =
Error - 12.03.2013 04:48:51 | Computer Name = Fichtinger-TOSH | Source = MsiInstaller | ID = 11706
Description =
Error - 13.03.2013 02:59:28 | Computer Name = Fichtinger-TOSH | Source = MsiInstaller | ID = 11706
Description =
Error - 13.03.2013 16:09:22 | Computer Name = Fichtinger-TOSH | Source = MsiInstaller | ID = 11706
Description =
Error - 14.03.2013 03:07:05 | Computer Name = Fichtinger-TOSH | Source = MsiInstaller | ID = 11706
Description =
Error - 14.03.2013 04:13:29 | Computer Name = Fichtinger-TOSH | Source = MsiInstaller | ID = 11706
Description =
Error - 14.03.2013 15:09:06 | Computer Name = Fichtinger-TOSH | Source = MsiInstaller | ID = 11706
Description =
[ Media Center Events ]
Error - 14.10.2011 11:38:32 | Computer Name = Fichtinger-TOSH | Source = MCUpdate | ID = 0
Description = 17:38:32 - Fehler beim Herstellen der Internetverbindung. 17:38:32
- Serververbindung konnte nicht hergestellt werden..
Error - 14.10.2011 11:38:38 | Computer Name = Fichtinger-TOSH | Source = MCUpdate | ID = 0
Description = 17:38:38 - Fehler beim Herstellen der Internetverbindung. 17:38:38
- Serververbindung konnte nicht hergestellt werden..
Error - 14.10.2011 13:20:43 | Computer Name = Fichtinger-TOSH | Source = MCUpdate | ID = 0
Description = 19:20:43 - Fehler beim Herstellen der Internetverbindung. 19:20:43
- Serververbindung konnte nicht hergestellt werden..
Error - 14.10.2011 13:20:54 | Computer Name = Fichtinger-TOSH | Source = MCUpdate | ID = 0
Description = 19:20:48 - Fehler beim Herstellen der Internetverbindung. 19:20:48
- Serververbindung konnte nicht hergestellt werden..
Error - 18.10.2011 09:25:59 | Computer Name = Fichtinger-TOSH | Source = MCUpdate | ID = 0
Description = 15:25:59 - Fehler beim Herstellen der Internetverbindung. 15:25:59
- Serververbindung konnte nicht hergestellt werden..
Error - 18.10.2011 09:26:09 | Computer Name = Fichtinger-TOSH | Source = MCUpdate | ID = 0
Description = 15:26:04 - Fehler beim Herstellen der Internetverbindung. 15:26:04
- Serververbindung konnte nicht hergestellt werden..
Error - 18.10.2011 10:26:13 | Computer Name = Fichtinger-TOSH | Source = MCUpdate | ID = 0
Description = 16:26:13 - Fehler beim Herstellen der Internetverbindung. 16:26:13
- Serververbindung konnte nicht hergestellt werden..
Error - 18.10.2011 10:26:18 | Computer Name = Fichtinger-TOSH | Source = MCUpdate | ID = 0
Description = 16:26:18 - Fehler beim Herstellen der Internetverbindung. 16:26:18
- Serververbindung konnte nicht hergestellt werden..
Error - 18.10.2011 11:26:23 | Computer Name = Fichtinger-TOSH | Source = MCUpdate | ID = 0
Description = 17:26:23 - Fehler beim Herstellen der Internetverbindung. 17:26:23
- Serververbindung konnte nicht hergestellt werden..
Error - 18.10.2011 11:26:28 | Computer Name = Fichtinger-TOSH | Source = MCUpdate | ID = 0
Description = 17:26:28 - Fehler beim Herstellen der Internetverbindung. 17:26:28
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 30.04.2013 08:11:59 | Computer Name = Fichtinger-TOSH | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.695.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%854 Quellpfad: Microsoft Home Page | Devices and Services Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9402.0 Fehlercode:
0x8024001e Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 12.06.2013 09:40:25 | Computer Name = Fichtinger-TOSH | Source = DCOM | ID = 10016
Description =
Error - 12.06.2013 09:40:25 | Computer Name = Fichtinger-TOSH | Source = DCOM | ID = 10016
Description =
Error - 15.06.2013 10:01:02 | Computer Name = Fichtinger-TOSH | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 15.06.2013 10:01:02 | Computer Name = Fichtinger-TOSH | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 15.06.2013 12:12:36 | Computer Name = Fichtinger-TOSH | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Apple Mobile Device erreicht.
Error - 15.06.2013 12:12:36 | Computer Name = Fichtinger-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 15.06.2013 16:13:39 | Computer Name = Fichtinger-TOSH | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 17.06.2013 04:37:44 | Computer Name = Fichtinger-TOSH | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.151.2316.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: Microsoft Home Page | Devices and Services Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9506.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".
Error - 17.06.2013 06:59:48 | Computer Name = Fichtinger-TOSH | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.151.2316.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: Microsoft Home Page | Devices and Services Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9506.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.06.2013 13:54:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fichtinger\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 65,35% Memory free 7,72 Gb Paging File | 6,17 Gb Available in Paging File | 79,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 23,90 Gb Free Space | 10,26% Space Free | Partition Type: NTFS Drive D: | 232,49 Gb Total Space | 224,46 Gb Free Space | 96,54% Space Free | Partition Type: NTFS Computer Name: FICHTINGER-TOSH | User Name: Fichtinger | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.17 13:52:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fichtinger\Desktop\OTL.exe PRC - [2013.03.31 19:22:03 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2013.03.31 19:21:55 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.06.08 01:03:23 | 000,303,104 | ---- | M] (CyberLink Corp.) -- C:\Users\Fichtinger\AppData\Roaming\Ukvye\enni.exe PRC - [2010.08.27 17:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe PRC - [2010.08.15 19:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2010.06.03 16:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.05.01 16:55:36 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe PRC - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.03.03 13:47:38 | 004,581,280 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe PRC - [2009.07.28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe ========== Modules (No Company Name) ========== MOD - [2013.04.21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.04.21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.10.05 21:51:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2013.06.12 00:43:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.31 19:22:03 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2013.03.31 19:21:55 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2010.08.27 17:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2010.07.28 23:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010.05.11 10:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.02.05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV - [2010.01.28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009.10.06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.04.07 02:37:58 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.05 22:23:18 | 007,884,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.05 21:15:14 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.06.23 17:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.04.28 11:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010.03.22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2010.03.10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.01.15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.01.07 09:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{D935D1B1-4A1B-4392-9487-1AD3C7B226FF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{FD348DF4-39B9-42E6-AC23-A7E491C9436E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\SearchScopes,DefaultScope = {F60A2A99-C57E-4321-A5C9-8C139F2496F4} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=d8dc2f2a0000000000007c4fb5466964 IE - HKCU\..\SearchScopes\{2276B52A-00CF-4D4B-A500-FEE9D948ABDD}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deAT466 IE - HKCU\..\SearchScopes\{A2AA75E9-BD59-4BAD-BE74-5EED4358725E}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{F60A2A99-C57E-4321-A5C9-8C139F2496F4}: "URL" = hxxp://search.softonic.com/MOY00006/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=d8dc2f2a0000000000007c4fb5466964&r=32 IE - HKCU\..\SearchScopes\{FE729F30-328D-4F7D-B55B-89AA99A9CD63}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2013.02.16 23:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fichtinger\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012.07.29 16:37:16 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Fichtinger\AppData\Roaming\mozilla\firefox\profiles\extensions\gophoto@gophoto.it.xpi [2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Fichtinger\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2013.06.14 17:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Fichtinger\AppData\Roaming\toolplugin\toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKCU..\Run: [{4167432C-B62A-336A-E88C-025FBCF26C0D}] C:\Users\Fichtinger\AppData\Roaming\Ukvye\enni.exe (CyberLink Corp.) O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKCU..\RunOnce: [Uninstall C:\Users\Fichtinger\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fichtinger\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fichtinger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fichtinger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {444785F1-DE89-4295-863A-D46C3A781394} hxxp://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cab (Reg Error: Key error.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} MSN Games - Free Online Games (UnoCtrl Class) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.203.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} MSN Games - Free Online Games (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab (Java Plug-in 1.4.2) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B2B71B7-DE7B-4BE8-A51B-979977C5A7D7}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{a59341c6-f748-11e0-a07a-b870f455bb89}\Shell - "" = AutoRun O33 - MountPoints2\{a59341c6-f748-11e0-a07a-b870f455bb89}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{D6650514-E1E0-46B1-9512-63063248A6CF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.17 13:52:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fichtinger\Desktop\OTL.exe [2013.06.15 18:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.15 18:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.15 18:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.15 18:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.06.15 18:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.06.15 18:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.06.15 18:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.06.15 18:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.06.15 18:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.06.15 16:08:06 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2013.06.14 18:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton [2013.06.14 18:02:52 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\Documents\Ableton [2013.06.14 18:02:52 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Roaming\Ableton [2013.06.14 18:02:24 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll [2013.06.14 17:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.14 17:59:19 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Roaming\PerformerSoft [2013.06.14 17:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2013.06.14 17:59:18 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2013.06.13 19:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.06.13 18:15:42 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\Gameforge4d [2013.06.13 18:15:25 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\Programs [2013.06.12 16:33:31 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Roaming\Windows Live Writer [2013.06.12 16:33:31 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\Windows Live Writer [2013.06.12 16:24:45 | 000,000,000 | ---D | C] -- C:\Windows\de [2013.06.12 16:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2013.06.12 16:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2013.06.12 16:19:25 | 000,000,000 | R--D | C] -- C:\Users\Fichtinger\SkyDrive [2013.06.12 16:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013.06.12 15:28:44 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Roaming\Skype [2013.06.12 11:37:25 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{1F16AAF2-2001-47E8-B0E7-E8B7B65C486D} [2013.06.11 16:47:32 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{58E1D5EA-E5DC-4DB7-BCD4-4AC54A421FC7} [2013.06.10 11:22:33 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{5D3305DE-3DD2-4DC2-AD82-4CA9AB89D981} [2013.06.09 14:29:33 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{F56DBA24-34FE-4E32-8913-8BF8F351C6E2} [2013.06.07 16:17:51 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{C664C202-E9AD-44EC-B04D-CC6C83B0E850} [2013.06.06 12:05:05 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{4C33D049-C2CC-4778-A3C2-F62229420D24} [2013.06.05 20:36:21 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{180016DB-1B97-4820-8F10-FDBE640EB144} [2013.06.04 18:39:18 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{E4B0EA5B-4329-4BCD-99DA-9AFF542BF4E6} [2013.06.02 12:28:25 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{78715782-ABE6-4C99-95EC-63C436B5E4F3} [2013.06.01 14:39:18 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{BF80734F-A4B4-42C2-975A-2D9232EE95CD} [2013.05.31 20:37:19 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{E4818152-8029-4DD2-AB4C-99CD459B2986} [2013.05.29 19:50:39 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{A596492C-6475-407D-8643-75CB211A845A} [2013.05.28 18:23:36 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{A88FBB10-92F2-4CF2-B447-6D55531C1669} [2013.05.26 16:22:09 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{C849C8AD-3742-4027-9B91-9E0D66BC53DA} [2013.05.24 19:18:06 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{843D820C-F7DA-4373-B4F2-2E07306C8D90} [2013.05.23 20:27:28 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{92AE26C6-C362-4FB5-B8CB-9E9CDCBB043D} [2013.05.22 21:17:29 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{43EA88AA-EC08-4338-BF5E-C27F8B9FDA3C} [2013.05.21 22:34:36 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{47E4106F-B9EB-4562-9EDB-DBCC7778FCFF} [2013.05.19 18:22:53 | 000,000,000 | ---D | C] -- C:\Users\Fichtinger\AppData\Local\{DEE93AB1-0C06-40F4-85FA-8E91B81C4513} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.17 13:52:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fichtinger\Desktop\OTL.exe [2013.06.17 13:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.17 13:34:50 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.17 13:34:50 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.17 13:26:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.17 13:26:24 | 3110,080,512 | -HS- | M] () -- C:\hiberfil.sys [2013.06.15 18:26:39 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.14 13:22:18 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.14 13:22:18 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.14 13:22:18 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.14 13:22:18 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.14 13:22:18 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.13 19:20:41 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.15 18:26:39 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.15 18:25:33 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.06.13 19:20:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.06.13 19:20:41 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.06.12 16:24:10 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2013.06.12 16:23:55 | 000,001,381 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2013.03.31 19:21:56 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.31 19:21:55 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.10.10 08:08:35 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.14 18:02:52 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\Ableton [2013.02.16 23:52:23 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\Babylon [2011.08.08 16:52:21 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\DVDVideoSoft [2011.06.05 12:51:38 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.03 00:10:59 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\Electronic Arts [2012.10.09 08:09:55 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\hellomoto [2011.11.23 19:04:56 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\Image-Line [2011.09.30 18:11:48 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\MAGIX [2012.03.08 20:54:22 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\OpenOffice.org [2013.03.31 18:12:10 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\Origin [2013.06.14 18:06:36 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\PerformerSoft [2013.06.17 13:32:43 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\Qulouw [2011.11.01 19:11:23 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\toolplugin [2011.06.03 18:37:42 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\Toshiba [2011.11.22 21:17:36 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\TuneUp Software [2011.11.30 00:19:26 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\Ukvye [2013.06.12 16:33:31 | 000,000,000 | ---D | M] -- C:\Users\Fichtinger\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.06.04 13:44:18 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2013.06.17 13:28:59 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.06.03 16:24:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.06.17 13:00:52 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.15 18:26:02 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.06.15 18:26:02 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.06.03 16:24:41 | 000,000,000 | -HSD | M] -- C:\Programme [2013.06.17 13:55:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.06.03 16:30:07 | 000,000,000 | ---D | M] -- C:\Toshiba [2011.06.03 16:24:50 | 000,000,000 | R--D | M] -- C:\Users [2013.06.15 19:34:30 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.16 16:02:21 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2010.01.15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys [2010.01.15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2010.05.12 10:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2010.05.12 10:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.05.12 10:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2010.05.12 10:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.06.17 14:02:10 | 004,194,304 | -HS- | M] () -- C:\Users\Fichtinger\ntuser.dat [2013.06.17 14:02:10 | 000,262,144 | -HS- | M] () -- C:\Users\Fichtinger\ntuser.dat.LOG1 [2011.06.03 16:25:09 | 000,000,000 | -HS- | M] () -- C:\Users\Fichtinger\ntuser.dat.LOG2 [2011.06.03 22:03:04 | 000,065,536 | -HS- | M] () -- C:\Users\Fichtinger\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.06.03 22:03:04 | 000,524,288 | -HS- | M] () -- C:\Users\Fichtinger\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.06.03 22:03:04 | 000,524,288 | -HS- | M] () -- C:\Users\Fichtinger\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.01.18 21:34:15 | 000,065,536 | -HS- | M] () -- C:\Users\Fichtinger\ntuser.dat{13b64ac3-4084-11e1-9a30-7c4fb5466964}.TM.blf [2012.01.18 21:34:15 | 000,524,288 | -HS- | M] () -- C:\Users\Fichtinger\ntuser.dat{13b64ac3-4084-11e1-9a30-7c4fb5466964}.TMContainer00000000000000000001.regtrans-ms [2012.01.18 21:34:15 | 000,524,288 | -HS- | M] () -- C:\Users\Fichtinger\ntuser.dat{13b64ac3-4084-11e1-9a30-7c4fb5466964}.TMContainer00000000000000000002.regtrans-ms [2012.10.09 19:29:23 | 000,065,536 | -HS- | M] () -- C:\Users\Fichtinger\ntuser.dat{f3ad04bd-1231-11e2-946f-c13ab24e95ec}.TM.blf [2012.10.09 19:29:23 | 000,524,288 | -HS- | M] () -- C:\Users\Fichtinger\ntuser.dat{f3ad04bd-1231-11e2-946f-c13ab24e95ec}.TMContainer00000000000000000001.regtrans-ms [2012.10.09 19:29:23 | 000,524,288 | -HS- | M] () -- C:\Users\Fichtinger\ntuser.dat{f3ad04bd-1231-11e2-946f-c13ab24e95ec}.TMContainer00000000000000000002.regtrans-ms [2011.06.03 16:25:09 | 000,000,020 | -HS- | M] () -- C:\Users\Fichtinger\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Soo ich hoffe ich hab alles richtig gemacht |
|
17.06.2013, 13:22
| #4 |
| /// Malware-holic | Zeus Virus auf meinen Laptop ?!! Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [{4167432C-B62A-336A-E88C-025FBCF26C0D}] C:\Users\Fichtinger\AppData\Roaming\Ukvye\enni.exe (CyberLink Corp.)
:files
C:\Users\Fichtinger\AppData\Roaming\Ukvye
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.06.2013, 13:30
| #5 |
| | Zeus Virus auf meinen Laptop ?!! All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{4167432C-B62A-336A-E88C-025FBCF26C0D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4167432C-B62A-336A-E88C-025FBCF26C0D}\ not found. C:\Users\Fichtinger\AppData\Roaming\Ukvye\enni.exe moved successfully. ========== FILES ========== C:\Users\Fichtinger\AppData\Roaming\Ukvye folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Fichtinger ->Temp folder emptied: 4535243 bytes ->Temporary Internet Files folder emptied: 193595906 bytes ->Java cache emptied: 293373 bytes ->Flash cache emptied: 58198 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2641823 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128358 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 192,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06172013_142448 Files\Folders moved on Reboot... File\Folder C:\Users\Fichtinger\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\R4J6Z07Y\50;tile=1;dcopt=ist;kgender=m;kr=H;k21=1;kauth=1;kga=1002;kar=4;klg=de;kage=27;kgg=1;kt=U;kw=lbs+lilienfeld;kcr=de;dc_dedup =1;kmyd=ad_creative_1;ord=7444183393303383[1].js not found! File\Folder C:\Users\Fichtinger\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GO9LTASD\;sz=399x299,300x250;tile=1;dcopt=ist;kgender=m;k21=1;kauth=1;kga=1002;kar=4;klg=de;kage=27;kgg=1;kt=U;kcr=de;dc_dedup=1;kmy d=ad_creative_1;kap=0;ord=4593271699831524[1].js not found! File\Folder C:\Users\Fichtinger\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GO9LTASD\=ist;kgender=m;kr=H;k21=1;kauth=1;kga=1002;kar=4;klg=de;kage=27;kgg=1;kt=U;kw=lbs+waldegg;kcr=de;dc_dedup=1;kmyd=ad_creativ e_1;kts=1311954163578;ord=8455862904184145[1].js not found! File\Folder C:\Users\Fichtinger\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\B4FBGIZ9\3;s=366;s=1080;s=353;s=1076;s=485;s=474;s=551;s=483;s=339;s=11;s=347;s=325;s=20;s=702;s=388;s=936;s=505;s=389;s=332;s=m1;s= m4;s=u17;s=u4;s=u5;s=u9;z=161;z=117;tile=1[1].js not found! File\Folder C:\Users\Fichtinger\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\B4FBGIZ9\s=308;s=551;s=483;s=1068;s=45;s=11;s=20;s=702;s=1080;s=388;s=353;s=505;s=389;s=1076;s=k121;s=k17;s=k188;s=k45;s=k11;s=u5;s= u17;s=u4;s=m4;s=u9;s=m1;z=161;z=117;tile=1[1].js not found! C:\Users\Fichtinger\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Fichtinger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully. C:\Users\Fichtinger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. C:\Users\Fichtinger\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... So Coumputer hat sich neu gestartet und das is auf meinen Desktop gewesen... werde nun den schritt mit dem Uploadchannel befolgen So das mit dem Uploadchannel hat auch wunderbar geklappt |
|
17.06.2013, 13:34
| #6 |
| /// Malware-holic | Zeus Virus auf meinen Laptop ?!! ist angekommen, thx. später alle passwörter ändern Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Zeus Virus auf meinen Laptop ?!! |
|
17.06.2013, 13:41
| #7 |
| | Zeus Virus auf meinen Laptop ?!! 14:38:17.0591 5388 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 14:38:18.0215 5388 ============================================================ 14:38:18.0215 5388 Current date / time: 2013/06/17 14:38:18.0215 14:38:18.0215 5388 SystemInfo: 14:38:18.0215 5388 14:38:18.0215 5388 OS Version: 6.1.7601 ServicePack: 1.0 14:38:18.0215 5388 Product type: Workstation 14:38:18.0215 5388 ComputerName: FICHTINGER-TOSH 14:38:18.0215 5388 UserName: Fichtinger 14:38:18.0215 5388 Windows directory: C:\Windows 14:38:18.0215 5388 System windows directory: C:\Windows 14:38:18.0215 5388 Running under WOW64 14:38:18.0215 5388 Processor architecture: Intel x64 14:38:18.0215 5388 Number of processors: 4 14:38:18.0215 5388 Page size: 0x1000 14:38:18.0215 5388 Boot type: Normal boot 14:38:18.0215 5388 ============================================================ 14:38:18.0902 5388 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:38:18.0902 5388 ============================================================ 14:38:18.0902 5388 \Device\Harddisk0\DR0: 14:38:18.0902 5388 MBR partitions: 14:38:18.0902 5388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1D1C3000 14:38:18.0902 5388 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D28B800, BlocksNum 0x1D0FA800 14:38:18.0902 5388 ============================================================ 14:38:18.0933 5388 C: <-> \Device\Harddisk0\DR0\Partition1 14:38:18.0964 5388 D: <-> \Device\Harddisk0\DR0\Partition2 14:38:18.0964 5388 ============================================================ 14:38:18.0964 5388 Initialize success 14:38:18.0964 5388 ============================================================ 14:38:59.0399 2956 ============================================================ 14:38:59.0399 2956 Scan started 14:38:59.0399 2956 Mode: Manual; SigCheck; TDLFS; 14:38:59.0399 2956 ============================================================ 14:38:59.0540 2956 ================ Scan system memory ======================== 14:38:59.0540 2956 System memory - ok 14:38:59.0540 2956 ================ Scan services ============================= 14:38:59.0774 2956 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 14:38:59.0914 2956 1394ohci - ok 14:38:59.0961 2956 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 14:39:00.0008 2956 ACPI - ok 14:39:00.0055 2956 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 14:39:00.0164 2956 AcpiPmi - ok 14:39:00.0242 2956 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 14:39:00.0273 2956 AdobeARMservice - ok 14:39:00.0429 2956 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:39:00.0460 2956 AdobeFlashPlayerUpdateSvc - ok 14:39:00.0523 2956 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 14:39:00.0554 2956 adp94xx - ok 14:39:00.0585 2956 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 14:39:00.0601 2956 adpahci - ok 14:39:00.0632 2956 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 14:39:00.0647 2956 adpu320 - ok 14:39:00.0663 2956 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:39:00.0835 2956 AeLookupSvc - ok 14:39:00.0881 2956 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 14:39:00.0959 2956 AFD - ok 14:39:01.0006 2956 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:39:01.0037 2956 agp440 - ok 14:39:01.0069 2956 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 14:39:01.0147 2956 ALG - ok 14:39:01.0193 2956 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 14:39:01.0209 2956 aliide - ok 14:39:01.0256 2956 [ F581CE4A97766833FBBC8581734E2BBF ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 14:39:01.0349 2956 AMD External Events Utility - ok 14:39:01.0381 2956 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 14:39:01.0396 2956 amdide - ok 14:39:01.0427 2956 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 14:39:01.0505 2956 AmdK8 - ok 14:39:01.0724 2956 [ 91890B3670C129E2B3466D2AFAE05EAC ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 14:39:01.0989 2956 amdkmdag - ok 14:39:02.0036 2956 [ CC5B75D4A24E7493408510D061DF51AA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 14:39:02.0098 2956 amdkmdap - ok 14:39:02.0129 2956 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 14:39:02.0176 2956 AmdPPM - ok 14:39:02.0254 2956 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 14:39:02.0285 2956 amdsata - ok 14:39:02.0317 2956 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 14:39:02.0332 2956 amdsbs - ok 14:39:02.0363 2956 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 14:39:02.0363 2956 amdxata - ok 14:39:02.0410 2956 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 14:39:02.0613 2956 AppID - ok 14:39:02.0629 2956 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 14:39:02.0722 2956 AppIDSvc - ok 14:39:02.0769 2956 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 14:39:02.0847 2956 Appinfo - ok 14:39:02.0941 2956 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:39:02.0972 2956 Apple Mobile Device - ok 14:39:03.0003 2956 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 14:39:03.0019 2956 arc - ok 14:39:03.0034 2956 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 14:39:03.0050 2956 arcsas - ok 14:39:03.0081 2956 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:39:03.0159 2956 AsyncMac - ok 14:39:03.0221 2956 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 14:39:03.0237 2956 atapi - ok 14:39:03.0315 2956 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:39:03.0393 2956 AudioEndpointBuilder - ok 14:39:03.0424 2956 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 14:39:03.0471 2956 AudioSrv - ok 14:39:03.0518 2956 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 14:39:03.0643 2956 AxInstSV - ok 14:39:03.0689 2956 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 14:39:03.0767 2956 b06bdrv - ok 14:39:03.0814 2956 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 14:39:03.0877 2956 b57nd60a - ok 14:39:03.0908 2956 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 14:39:03.0970 2956 BDESVC - ok 14:39:04.0001 2956 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 14:39:04.0064 2956 Beep - ok 14:39:04.0157 2956 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 14:39:04.0220 2956 BFE - ok 14:39:04.0235 2956 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 14:39:04.0313 2956 BITS - ok 14:39:04.0360 2956 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 14:39:04.0391 2956 blbdrive - ok 14:39:04.0501 2956 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 14:39:04.0547 2956 Bonjour Service - ok 14:39:04.0594 2956 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:39:04.0641 2956 bowser - ok 14:39:04.0672 2956 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:39:04.0750 2956 BrFiltLo - ok 14:39:04.0766 2956 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:39:04.0797 2956 BrFiltUp - ok 14:39:04.0844 2956 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 14:39:04.0922 2956 Browser - ok 14:39:04.0953 2956 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 14:39:05.0047 2956 Brserid - ok 14:39:05.0078 2956 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 14:39:05.0109 2956 BrSerWdm - ok 14:39:05.0140 2956 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 14:39:05.0203 2956 BrUsbMdm - ok 14:39:05.0234 2956 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 14:39:05.0265 2956 BrUsbSer - ok 14:39:05.0296 2956 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 14:39:05.0343 2956 BTHMODEM - ok 14:39:05.0390 2956 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 14:39:05.0468 2956 bthserv - ok 14:39:05.0483 2956 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:39:05.0546 2956 cdfs - ok 14:39:05.0608 2956 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 14:39:05.0655 2956 cdrom - ok 14:39:05.0733 2956 [ 7E83E47BD1FF93E11CD69F1AD65A9581 ] CeKbFilter C:\Windows\system32\DRIVERS\CeKbFilter.sys 14:39:05.0749 2956 CeKbFilter - ok 14:39:05.0811 2956 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 14:39:05.0889 2956 CertPropSvc - ok 14:39:05.0998 2956 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe 14:39:06.0029 2956 cfWiMAXService - ok 14:39:06.0061 2956 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 14:39:06.0123 2956 circlass - ok 14:39:06.0154 2956 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 14:39:06.0185 2956 CLFS - ok 14:39:06.0248 2956 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:39:06.0279 2956 clr_optimization_v2.0.50727_32 - ok 14:39:06.0326 2956 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:39:06.0341 2956 clr_optimization_v2.0.50727_64 - ok 14:39:06.0466 2956 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:39:06.0497 2956 clr_optimization_v4.0.30319_32 - ok 14:39:06.0591 2956 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:39:06.0607 2956 clr_optimization_v4.0.30319_64 - ok 14:39:06.0638 2956 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 14:39:06.0685 2956 CmBatt - ok 14:39:06.0716 2956 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:39:06.0747 2956 cmdide - ok 14:39:06.0794 2956 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 14:39:06.0841 2956 CNG - ok 14:39:06.0887 2956 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 14:39:06.0903 2956 Compbatt - ok 14:39:06.0950 2956 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 14:39:07.0012 2956 CompositeBus - ok 14:39:07.0028 2956 COMSysApp - ok 14:39:07.0075 2956 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe 14:39:07.0090 2956 ConfigFree Service - ok 14:39:07.0121 2956 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 14:39:07.0153 2956 crcdisk - ok 14:39:07.0215 2956 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:39:07.0277 2956 CryptSvc - ok 14:39:07.0355 2956 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:39:07.0449 2956 DcomLaunch - ok 14:39:07.0480 2956 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 14:39:07.0543 2956 defragsvc - ok 14:39:07.0574 2956 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:39:07.0667 2956 DfsC - ok 14:39:07.0730 2956 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 14:39:07.0808 2956 Dhcp - ok 14:39:07.0855 2956 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 14:39:07.0933 2956 discache - ok 14:39:07.0979 2956 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 14:39:08.0011 2956 Disk - ok 14:39:08.0057 2956 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:39:08.0135 2956 Dnscache - ok 14:39:08.0167 2956 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 14:39:08.0260 2956 dot3svc - ok 14:39:08.0291 2956 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 14:39:08.0369 2956 DPS - ok 14:39:08.0416 2956 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:39:08.0463 2956 drmkaud - ok 14:39:08.0510 2956 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:39:08.0557 2956 DXGKrnl - ok 14:39:08.0588 2956 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 14:39:08.0666 2956 EapHost - ok 14:39:08.0759 2956 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 14:39:08.0853 2956 ebdrv - ok 14:39:08.0900 2956 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 14:39:08.0962 2956 EFS - ok 14:39:09.0040 2956 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:39:09.0118 2956 ehRecvr - ok 14:39:09.0149 2956 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 14:39:09.0227 2956 ehSched - ok 14:39:09.0290 2956 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 14:39:09.0337 2956 elxstor - ok 14:39:09.0352 2956 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:39:09.0383 2956 ErrDev - ok 14:39:09.0430 2956 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 14:39:09.0524 2956 EventSystem - ok 14:39:09.0555 2956 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 14:39:09.0633 2956 exfat - ok 14:39:09.0680 2956 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:39:09.0742 2956 fastfat - ok 14:39:09.0820 2956 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 14:39:09.0898 2956 Fax - ok 14:39:09.0914 2956 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:39:09.0961 2956 fdc - ok 14:39:09.0992 2956 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 14:39:10.0070 2956 fdPHost - ok 14:39:10.0085 2956 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 14:39:10.0163 2956 FDResPub - ok 14:39:10.0195 2956 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:39:10.0226 2956 FileInfo - ok 14:39:10.0241 2956 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:39:10.0319 2956 Filetrace - ok 14:39:10.0351 2956 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:39:10.0397 2956 flpydisk - ok 14:39:10.0475 2956 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:39:10.0507 2956 FltMgr - ok 14:39:10.0569 2956 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 14:39:10.0616 2956 FontCache - ok 14:39:10.0678 2956 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:39:10.0709 2956 FontCache3.0.0.0 - ok 14:39:10.0725 2956 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 14:39:10.0741 2956 FsDepends - ok 14:39:10.0787 2956 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:39:10.0819 2956 Fs_Rec - ok 14:39:10.0865 2956 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 14:39:10.0912 2956 fvevol - ok 14:39:10.0959 2956 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 14:39:10.0975 2956 gagp30kx - ok 14:39:11.0084 2956 [ 1FDA0DF739234C4023851A282DD28704 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe 14:39:11.0099 2956 GameConsoleService - ok 14:39:11.0177 2956 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 14:39:11.0193 2956 GEARAspiWDM - ok 14:39:11.0255 2956 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 14:39:11.0365 2956 gpsvc - ok 14:39:11.0396 2956 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 14:39:11.0458 2956 hcw85cir - ok 14:39:11.0505 2956 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:39:11.0552 2956 HdAudAddService - ok 14:39:11.0583 2956 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 14:39:11.0630 2956 HDAudBus - ok 14:39:11.0692 2956 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 14:39:11.0708 2956 HECIx64 - ok 14:39:11.0723 2956 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 14:39:11.0770 2956 HidBatt - ok 14:39:11.0786 2956 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 14:39:11.0833 2956 HidBth - ok 14:39:11.0864 2956 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 14:39:11.0911 2956 HidIr - ok 14:39:11.0942 2956 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 14:39:12.0035 2956 hidserv - ok 14:39:12.0082 2956 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 14:39:12.0113 2956 HidUsb - ok 14:39:12.0176 2956 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:39:12.0269 2956 hkmsvc - ok 14:39:12.0332 2956 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 14:39:12.0410 2956 HomeGroupListener - ok 14:39:12.0457 2956 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 14:39:12.0503 2956 HomeGroupProvider - ok 14:39:12.0581 2956 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 14:39:12.0613 2956 HpSAMD - ok 14:39:12.0675 2956 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:39:12.0769 2956 HTTP - ok 14:39:12.0815 2956 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 14:39:12.0847 2956 hwpolicy - ok 14:39:12.0878 2956 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 14:39:12.0909 2956 i8042prt - ok 14:39:12.0956 2956 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 14:39:12.0987 2956 iaStor - ok 14:39:13.0034 2956 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 14:39:13.0065 2956 iaStorV - ok 14:39:13.0190 2956 [ 4DE2EE2A5186D74BABC4E7F60D2AE989 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe 14:39:13.0315 2956 IconMan_R ( UnsignedFile.Multi.Generic ) - warning 14:39:13.0315 2956 IconMan_R - detected UnsignedFile.Multi.Generic (1) 14:39:13.0393 2956 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:39:13.0424 2956 idsvc - ok 14:39:13.0471 2956 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 14:39:13.0471 2956 iirsp - ok 14:39:13.0533 2956 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 14:39:13.0611 2956 IKEEXT - ok 14:39:13.0720 2956 [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 14:39:13.0783 2956 IntcAzAudAddService - ok 14:39:13.0798 2956 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 14:39:13.0798 2956 intelide - ok 14:39:13.0845 2956 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:39:13.0876 2956 intelppm - ok 14:39:13.0923 2956 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:39:14.0001 2956 IPBusEnum - ok 14:39:14.0063 2956 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:39:14.0141 2956 IpFilterDriver - ok 14:39:14.0173 2956 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:39:14.0235 2956 iphlpsvc - ok 14:39:14.0266 2956 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 14:39:14.0313 2956 IPMIDRV - ok 14:39:14.0344 2956 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 14:39:14.0438 2956 IPNAT - ok 14:39:14.0516 2956 [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 14:39:14.0563 2956 iPod Service - ok 14:39:14.0594 2956 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:39:14.0687 2956 IRENUM - ok 14:39:14.0719 2956 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:39:14.0750 2956 isapnp - ok 14:39:14.0781 2956 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 14:39:14.0828 2956 iScsiPrt - ok 14:39:14.0843 2956 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 14:39:14.0843 2956 kbdclass - ok 14:39:14.0875 2956 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 14:39:14.0921 2956 kbdhid - ok 14:39:14.0937 2956 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 14:39:14.0968 2956 KeyIso - ok 14:39:14.0999 2956 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:39:15.0031 2956 KSecDD - ok 14:39:15.0062 2956 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 14:39:15.0093 2956 KSecPkg - ok 14:39:15.0124 2956 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:39:15.0202 2956 ksthunk - ok 14:39:15.0249 2956 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 14:39:15.0343 2956 KtmRm - ok 14:39:15.0421 2956 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 14:39:15.0514 2956 LanmanServer - ok 14:39:15.0545 2956 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:39:15.0639 2956 LanmanWorkstation - ok 14:39:15.0686 2956 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:39:15.0748 2956 lltdio - ok 14:39:15.0795 2956 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:39:15.0873 2956 lltdsvc - ok 14:39:15.0904 2956 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:39:15.0935 2956 lmhosts - ok 14:39:16.0013 2956 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 14:39:16.0045 2956 LMS - ok 14:39:16.0091 2956 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys 14:39:16.0107 2956 LPCFilter - ok 14:39:16.0138 2956 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 14:39:16.0169 2956 LSI_FC - ok 14:39:16.0185 2956 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 14:39:16.0201 2956 LSI_SAS - ok 14:39:16.0201 2956 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:39:16.0216 2956 LSI_SAS2 - ok 14:39:16.0216 2956 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:39:16.0232 2956 LSI_SCSI - ok 14:39:16.0263 2956 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 14:39:16.0341 2956 luafv - ok 14:39:16.0372 2956 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:39:16.0419 2956 Mcx2Svc - ok 14:39:16.0450 2956 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 14:39:16.0481 2956 megasas - ok 14:39:16.0513 2956 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 14:39:16.0544 2956 MegaSR - ok 14:39:16.0559 2956 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 14:39:16.0669 2956 MMCSS - ok 14:39:16.0684 2956 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 14:39:16.0762 2956 Modem - ok 14:39:16.0793 2956 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:39:16.0840 2956 monitor - ok 14:39:16.0903 2956 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 14:39:16.0934 2956 mouclass - ok 14:39:16.0949 2956 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:39:16.0996 2956 mouhid - ok 14:39:17.0027 2956 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 14:39:17.0059 2956 mountmgr - ok 14:39:17.0121 2956 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 14:39:17.0168 2956 MpFilter - ok 14:39:17.0183 2956 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 14:39:17.0199 2956 mpio - ok 14:39:17.0230 2956 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:39:17.0308 2956 mpsdrv - ok 14:39:17.0371 2956 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 14:39:17.0449 2956 MpsSvc - ok 14:39:17.0480 2956 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:39:17.0511 2956 MRxDAV - ok 14:39:17.0558 2956 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:39:17.0636 2956 mrxsmb - ok 14:39:17.0683 2956 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:39:17.0729 2956 mrxsmb10 - ok 14:39:17.0761 2956 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:39:17.0807 2956 mrxsmb20 - ok 14:39:17.0839 2956 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 14:39:17.0870 2956 msahci - ok 14:39:17.0901 2956 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:39:17.0917 2956 msdsm - ok 14:39:17.0948 2956 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 14:39:17.0979 2956 MSDTC - ok 14:39:18.0026 2956 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:39:18.0088 2956 Msfs - ok 14:39:18.0088 2956 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 14:39:18.0135 2956 mshidkmdf - ok 14:39:18.0166 2956 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:39:18.0182 2956 msisadrv - ok 14:39:18.0213 2956 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:39:18.0307 2956 MSiSCSI - ok 14:39:18.0307 2956 msiserver - ok 14:39:18.0353 2956 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:39:18.0431 2956 MSKSSRV - ok 14:39:18.0525 2956 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe 14:39:18.0556 2956 MsMpSvc - ok 14:39:18.0587 2956 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:39:18.0665 2956 MSPCLOCK - ok 14:39:18.0697 2956 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:39:18.0775 2956 MSPQM - ok 14:39:18.0821 2956 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:39:18.0853 2956 MsRPC - ok 14:39:18.0899 2956 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 14:39:18.0915 2956 mssmbios - ok 14:39:18.0946 2956 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:39:19.0009 2956 MSTEE - ok 14:39:19.0024 2956 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 14:39:19.0040 2956 MTConfig - ok 14:39:19.0055 2956 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 14:39:19.0055 2956 Mup - ok 14:39:19.0102 2956 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 14:39:19.0196 2956 napagent - ok 14:39:19.0258 2956 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:39:19.0321 2956 NativeWifiP - ok 14:39:19.0399 2956 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate c:\Program Files (x86)\Nero\Update\NASvc.exe 14:39:19.0445 2956 NAUpdate - ok 14:39:19.0508 2956 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:39:19.0555 2956 NDIS - ok 14:39:19.0586 2956 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 14:39:19.0679 2956 NdisCap - ok 14:39:19.0695 2956 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:39:19.0773 2956 NdisTapi - ok 14:39:19.0851 2956 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:39:19.0929 2956 Ndisuio - ok 14:39:19.0960 2956 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:39:20.0054 2956 NdisWan - ok 14:39:20.0116 2956 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:39:20.0194 2956 NDProxy - ok 14:39:20.0225 2956 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:39:20.0303 2956 NetBIOS - ok 14:39:20.0350 2956 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 14:39:20.0428 2956 NetBT - ok 14:39:20.0459 2956 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 14:39:20.0475 2956 Netlogon - ok 14:39:20.0522 2956 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 14:39:20.0584 2956 Netman - ok 14:39:20.0615 2956 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 14:39:20.0678 2956 netprofm - ok 14:39:20.0709 2956 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:39:20.0725 2956 NetTcpPortSharing - ok 14:39:20.0756 2956 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 14:39:20.0756 2956 nfrd960 - ok 14:39:20.0834 2956 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 14:39:20.0865 2956 NisDrv - ok 14:39:20.0912 2956 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe 14:39:20.0959 2956 NisSrv - ok 14:39:20.0990 2956 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:39:21.0021 2956 NlaSvc - ok 14:39:21.0052 2956 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:39:21.0099 2956 Npfs - ok 14:39:21.0130 2956 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 14:39:21.0208 2956 nsi - ok 14:39:21.0239 2956 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:39:21.0317 2956 nsiproxy - ok 14:39:21.0380 2956 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:39:21.0473 2956 Ntfs - ok 14:39:21.0505 2956 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 14:39:21.0583 2956 Null - ok 14:39:21.0645 2956 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:39:21.0676 2956 nvraid - ok 14:39:21.0692 2956 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:39:21.0723 2956 nvstor - ok 14:39:21.0770 2956 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:39:21.0801 2956 nv_agp - ok 14:39:21.0848 2956 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 14:39:21.0863 2956 ohci1394 - ok 14:39:21.0910 2956 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 14:39:21.0973 2956 p2pimsvc - ok 14:39:21.0988 2956 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 14:39:22.0019 2956 p2psvc - ok 14:39:22.0035 2956 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 14:39:22.0051 2956 Parport - ok 14:39:22.0097 2956 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:39:22.0113 2956 partmgr - ok 14:39:22.0129 2956 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 14:39:22.0175 2956 PcaSvc - ok 14:39:22.0207 2956 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 14:39:22.0222 2956 pci - ok 14:39:22.0238 2956 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 14:39:22.0253 2956 pciide - ok 14:39:22.0285 2956 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 14:39:22.0331 2956 pcmcia - ok 14:39:22.0331 2956 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 14:39:22.0347 2956 pcw - ok 14:39:22.0378 2956 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:39:22.0456 2956 PEAUTH - ok 14:39:22.0550 2956 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 14:39:22.0597 2956 PerfHost - ok 14:39:22.0628 2956 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys 14:39:22.0643 2956 PGEffect - ok 14:39:22.0721 2956 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 14:39:22.0815 2956 pla - ok 14:39:22.0893 2956 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:39:22.0971 2956 PlugPlay - ok 14:39:23.0002 2956 PnkBstrA - ok 14:39:23.0002 2956 PnkBstrB - ok 14:39:23.0018 2956 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 14:39:23.0065 2956 PNRPAutoReg - ok 14:39:23.0096 2956 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 14:39:23.0111 2956 PNRPsvc - ok 14:39:23.0174 2956 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:39:23.0252 2956 PolicyAgent - ok 14:39:23.0299 2956 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 14:39:23.0377 2956 Power - ok 14:39:23.0408 2956 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:39:23.0486 2956 PptpMiniport - ok 14:39:23.0533 2956 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 14:39:23.0579 2956 Processor - ok 14:39:23.0611 2956 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 14:39:23.0689 2956 ProfSvc - ok 14:39:23.0704 2956 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 14:39:23.0720 2956 ProtectedStorage - ok 14:39:23.0767 2956 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 14:39:23.0860 2956 Psched - ok 14:39:23.0938 2956 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 14:39:23.0985 2956 ql2300 - ok 14:39:24.0001 2956 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 14:39:24.0001 2956 ql40xx - ok 14:39:24.0032 2956 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 14:39:24.0063 2956 QWAVE - ok 14:39:24.0094 2956 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:39:24.0157 2956 QWAVEdrv - ok 14:39:24.0188 2956 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:39:24.0250 2956 RasAcd - ok 14:39:24.0297 2956 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 14:39:24.0328 2956 RasAgileVpn - ok 14:39:24.0375 2956 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 14:39:24.0422 2956 RasAuto - ok 14:39:24.0484 2956 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:39:24.0562 2956 Rasl2tp - ok 14:39:24.0640 2956 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 14:39:24.0734 2956 RasMan - ok 14:39:24.0765 2956 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:39:24.0843 2956 RasPppoe - ok 14:39:24.0874 2956 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:39:24.0921 2956 RasSstp - ok 14:39:24.0952 2956 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:39:25.0046 2956 rdbss - ok 14:39:25.0093 2956 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 14:39:25.0139 2956 rdpbus - ok 14:39:25.0171 2956 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:39:25.0233 2956 RDPCDD - ok 14:39:25.0264 2956 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:39:25.0327 2956 RDPENCDD - ok 14:39:25.0358 2956 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 14:39:25.0405 2956 RDPREFMP - ok 14:39:25.0451 2956 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:39:25.0545 2956 RDPWD - ok 14:39:25.0592 2956 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 14:39:25.0623 2956 rdyboost - ok 14:39:25.0654 2956 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:39:25.0717 2956 RemoteAccess - ok 14:39:25.0748 2956 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:39:25.0826 2956 RemoteRegistry - ok 14:39:25.0857 2956 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 14:39:25.0919 2956 RpcEptMapper - ok 14:39:25.0951 2956 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 14:39:25.0997 2956 RpcLocator - ok 14:39:26.0044 2956 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 14:39:26.0107 2956 RpcSs - ok 14:39:26.0153 2956 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:39:26.0231 2956 rspndr - ok 14:39:26.0294 2956 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 14:39:26.0309 2956 RSUSBSTOR - ok 14:39:26.0356 2956 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 14:39:26.0372 2956 RTL8167 - ok 14:39:26.0434 2956 [ FFC748D848740D1BC8F330A8879C2674 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys 14:39:26.0481 2956 RTL8192Ce - ok 14:39:26.0481 2956 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 14:39:26.0497 2956 SamSs - ok 14:39:26.0528 2956 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:39:26.0543 2956 sbp2port - ok 14:39:26.0575 2956 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:39:26.0637 2956 SCardSvr - ok 14:39:26.0668 2956 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 14:39:26.0746 2956 scfilter - ok 14:39:26.0809 2956 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 14:39:26.0902 2956 Schedule - ok 14:39:26.0933 2956 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 14:39:26.0965 2956 SCPolicySvc - ok 14:39:26.0980 2956 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:39:27.0043 2956 SDRSVC - ok 14:39:27.0074 2956 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:39:27.0152 2956 secdrv - ok 14:39:27.0183 2956 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 14:39:27.0261 2956 seclogon - ok 14:39:27.0308 2956 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 14:39:27.0401 2956 SENS - ok 14:39:27.0417 2956 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 14:39:27.0448 2956 SensrSvc - ok 14:39:27.0464 2956 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 14:39:27.0479 2956 Serenum - ok 14:39:27.0526 2956 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 14:39:27.0557 2956 Serial - ok 14:39:27.0604 2956 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 14:39:27.0635 2956 sermouse - ok 14:39:27.0698 2956 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 14:39:27.0776 2956 SessionEnv - ok 14:39:27.0807 2956 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:39:27.0869 2956 sffdisk - ok 14:39:27.0885 2956 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:39:27.0916 2956 sffp_mmc - ok 14:39:27.0932 2956 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:39:27.0979 2956 sffp_sd - ok 14:39:28.0025 2956 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 14:39:28.0072 2956 sfloppy - ok 14:39:28.0119 2956 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:39:28.0213 2956 SharedAccess - ok 14:39:28.0259 2956 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:39:28.0353 2956 ShellHWDetection - ok 14:39:28.0384 2956 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:39:28.0400 2956 SiSRaid2 - ok 14:39:28.0415 2956 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 14:39:28.0431 2956 SiSRaid4 - ok 14:39:28.0462 2956 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:39:28.0509 2956 Smb - ok 14:39:28.0571 2956 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:39:28.0603 2956 SNMPTRAP - ok 14:39:28.0634 2956 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 14:39:28.0649 2956 spldr - ok 14:39:28.0681 2956 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 14:39:28.0727 2956 Spooler - ok 14:39:28.0868 2956 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 14:39:29.0008 2956 sppsvc - ok 14:39:29.0039 2956 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 14:39:29.0133 2956 sppuinotify - ok 14:39:29.0180 2956 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 14:39:29.0211 2956 srv - ok 14:39:29.0227 2956 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:39:29.0242 2956 srv2 - ok 14:39:29.0289 2956 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:39:29.0336 2956 srvnet - ok 14:39:29.0383 2956 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:39:29.0445 2956 SSDPSRV - ok 14:39:29.0492 2956 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:39:29.0539 2956 SstpSvc - ok 14:39:29.0585 2956 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 14:39:29.0601 2956 stexstor - ok 14:39:29.0663 2956 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 14:39:29.0695 2956 stisvc - ok 14:39:29.0726 2956 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 14:39:29.0741 2956 swenum - ok 14:39:29.0773 2956 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 14:39:29.0882 2956 swprv - ok 14:39:29.0960 2956 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 14:39:29.0991 2956 SynTP - ok 14:39:30.0069 2956 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 14:39:30.0147 2956 SysMain - ok 14:39:30.0178 2956 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:39:30.0241 2956 TabletInputService - ok 14:39:30.0272 2956 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:39:30.0334 2956 TapiSrv - ok 14:39:30.0365 2956 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 14:39:30.0443 2956 TBS - ok 14:39:30.0537 2956 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:39:30.0584 2956 Tcpip - ok 14:39:30.0662 2956 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 14:39:30.0724 2956 TCPIP6 - ok 14:39:30.0755 2956 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:39:30.0802 2956 tcpipreg - ok 14:39:30.0880 2956 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys 14:39:30.0896 2956 tdcmdpst - ok 14:39:30.0911 2956 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:39:30.0974 2956 TDPIPE - ok 14:39:31.0005 2956 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:39:31.0052 2956 TDTCP - ok 14:39:31.0099 2956 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:39:31.0177 2956 tdx - ok 14:39:31.0223 2956 [ 40E154B3125E17CE6F2AFAD57AFCFEB2 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe 14:39:31.0286 2956 TemproMonitoringService - ok 14:39:31.0317 2956 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 14:39:31.0348 2956 TermDD - ok 14:39:31.0411 2956 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 14:39:31.0473 2956 TermService - ok 14:39:31.0504 2956 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 14:39:31.0535 2956 Themes - ok 14:39:31.0567 2956 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 14:39:31.0598 2956 THREADORDER - ok 14:39:31.0660 2956 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 14:39:31.0676 2956 TMachInfo - ok 14:39:31.0707 2956 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe 14:39:31.0723 2956 TODDSrv - ok 14:39:31.0801 2956 [ DB9719688C08F42705FEB3F6A0C98B91 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 14:39:31.0847 2956 TosCoSrv - ok 14:39:31.0894 2956 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 14:39:31.0910 2956 TOSHIBA HDD SSD Alert Service - ok 14:39:31.0941 2956 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 14:39:32.0019 2956 TrkWks - ok 14:39:32.0081 2956 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:39:32.0159 2956 TrustedInstaller - ok 14:39:32.0206 2956 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:39:32.0237 2956 tssecsrv - ok 14:39:32.0300 2956 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 14:39:32.0331 2956 TsUsbFlt - ok 14:39:32.0393 2956 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:39:32.0440 2956 tunnel - ok 14:39:32.0503 2956 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS 14:39:32.0518 2956 TVALZ - ok 14:39:32.0549 2956 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 14:39:32.0565 2956 uagp35 - ok 14:39:32.0612 2956 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:39:32.0690 2956 udfs - ok 14:39:32.0737 2956 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:39:32.0768 2956 UI0Detect - ok 14:39:32.0799 2956 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:39:32.0815 2956 uliagpkx - ok 14:39:32.0861 2956 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 14:39:32.0908 2956 umbus - ok 14:39:32.0955 2956 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 14:39:32.0986 2956 UmPass - ok 14:39:33.0111 2956 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 14:39:33.0173 2956 UNS - ok 14:39:33.0189 2956 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 14:39:33.0251 2956 upnphost - ok 14:39:33.0314 2956 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 14:39:33.0345 2956 USBAAPL64 - ok 14:39:33.0407 2956 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:39:33.0454 2956 usbccgp - ok 14:39:33.0517 2956 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:39:33.0548 2956 usbcir - ok 14:39:33.0595 2956 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 14:39:33.0626 2956 usbehci - ok 14:39:33.0688 2956 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:39:33.0735 2956 usbhub - ok 14:39:33.0782 2956 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 14:39:33.0813 2956 usbohci - ok 14:39:33.0844 2956 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:39:33.0907 2956 usbprint - ok 14:39:33.0938 2956 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:39:34.0016 2956 USBSTOR - ok 14:39:34.0063 2956 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 14:39:34.0078 2956 usbuhci - ok 14:39:34.0125 2956 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 14:39:34.0187 2956 usbvideo - ok 14:39:34.0219 2956 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 14:39:34.0312 2956 UxSms - ok 14:39:34.0328 2956 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 14:39:34.0343 2956 VaultSvc - ok 14:39:34.0390 2956 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 14:39:34.0421 2956 vdrvroot - ok 14:39:34.0468 2956 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 14:39:34.0546 2956 vds - ok 14:39:34.0593 2956 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:39:34.0624 2956 vga - ok 14:39:34.0640 2956 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 14:39:34.0687 2956 VgaSave - ok 14:39:34.0733 2956 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 14:39:34.0749 2956 vhdmp - ok 14:39:34.0765 2956 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 14:39:34.0765 2956 viaide - ok 14:39:34.0827 2956 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:39:34.0843 2956 volmgr - ok 14:39:34.0889 2956 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:39:34.0921 2956 volmgrx - ok 14:39:34.0967 2956 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:39:34.0983 2956 volsnap - ok 14:39:35.0030 2956 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 14:39:35.0045 2956 vsmraid - ok 14:39:35.0123 2956 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 14:39:35.0233 2956 VSS - ok 14:39:35.0248 2956 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 14:39:35.0279 2956 vwifibus - ok 14:39:35.0311 2956 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 14:39:35.0373 2956 vwififlt - ok 14:39:35.0404 2956 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 14:39:35.0420 2956 vwifimp - ok 14:39:35.0451 2956 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 14:39:35.0529 2956 W32Time - ok 14:39:35.0560 2956 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 14:39:35.0576 2956 WacomPen - ok 14:39:35.0638 2956 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 14:39:35.0716 2956 WANARP - ok 14:39:35.0716 2956 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:39:35.0763 2956 Wanarpv6 - ok 14:39:35.0841 2956 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 14:39:35.0903 2956 WatAdminSvc - ok 14:39:35.0981 2956 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 14:39:36.0059 2956 wbengine - ok 14:39:36.0075 2956 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 14:39:36.0106 2956 WbioSrvc - ok 14:39:36.0137 2956 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:39:36.0184 2956 wcncsvc - ok 14:39:36.0200 2956 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:39:36.0231 2956 WcsPlugInService - ok 14:39:36.0247 2956 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 14:39:36.0262 2956 Wd - ok 14:39:36.0309 2956 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:39:36.0371 2956 Wdf01000 - ok 14:39:36.0387 2956 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:39:36.0496 2956 WdiServiceHost - ok 14:39:36.0512 2956 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:39:36.0543 2956 WdiSystemHost - ok 14:39:36.0605 2956 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 14:39:36.0668 2956 WebClient - ok 14:39:36.0699 2956 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:39:36.0777 2956 Wecsvc - ok 14:39:36.0808 2956 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:39:36.0886 2956 wercplsupport - ok 14:39:36.0933 2956 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 14:39:36.0980 2956 WerSvc - ok 14:39:37.0027 2956 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 14:39:37.0073 2956 WfpLwf - ok 14:39:37.0105 2956 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 14:39:37.0105 2956 WIMMount - ok 14:39:37.0120 2956 WinDefend - ok 14:39:37.0136 2956 WinHttpAutoProxySvc - ok 14:39:37.0183 2956 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:39:37.0229 2956 Winmgmt - ok 14:39:37.0323 2956 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 14:39:37.0401 2956 WinRM - ok 14:39:37.0448 2956 [ FE88B288356E7B47B74B13372ADD906D ] winusb C:\Windows\system32\DRIVERS\winusb.sys 14:39:37.0479 2956 winusb - ok 14:39:37.0526 2956 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 14:39:37.0557 2956 Wlansvc - ok 14:39:37.0697 2956 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:39:37.0760 2956 wlidsvc - ok 14:39:37.0807 2956 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:39:37.0838 2956 WmiAcpi - ok 14:39:37.0885 2956 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:39:37.0916 2956 wmiApSrv - ok 14:39:37.0947 2956 WMPNetworkSvc - ok 14:39:37.0994 2956 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:39:38.0025 2956 WPCSvc - ok 14:39:38.0056 2956 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:39:38.0072 2956 WPDBusEnum - ok 14:39:38.0103 2956 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:39:38.0165 2956 ws2ifsl - ok 14:39:38.0197 2956 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 14:39:38.0228 2956 wscsvc - ok 14:39:38.0228 2956 WSearch - ok 14:39:38.0337 2956 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 14:39:38.0415 2956 wuauserv - ok 14:39:38.0431 2956 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:39:38.0493 2956 WudfPf - ok 14:39:38.0509 2956 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:39:38.0555 2956 WUDFRd - ok 14:39:38.0587 2956 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:39:38.0633 2956 wudfsvc - ok 14:39:38.0665 2956 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 14:39:38.0727 2956 WwanSvc - ok 14:39:38.0758 2956 ================ Scan global =============================== 14:39:38.0789 2956 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 14:39:38.0836 2956 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 14:39:38.0852 2956 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 14:39:38.0883 2956 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 14:39:38.0914 2956 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 14:39:38.0930 2956 [Global] - ok 14:39:38.0930 2956 ================ Scan MBR ================================== 14:39:38.0945 2956 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 14:39:39.0694 2956 \Device\Harddisk0\DR0 - ok 14:39:39.0694 2956 ================ Scan VBR ================================== 14:39:39.0725 2956 [ 22E07D1061FEC7D25A2416AFE5F8AED3 ] \Device\Harddisk0\DR0\Partition1 14:39:39.0725 2956 \Device\Harddisk0\DR0\Partition1 - ok 14:39:39.0741 2956 [ D217711193A78E5FD071C16F2BD6E7CA ] \Device\Harddisk0\DR0\Partition2 14:39:39.0741 2956 \Device\Harddisk0\DR0\Partition2 - ok 14:39:39.0741 2956 ============================================================ 14:39:39.0741 2956 Scan finished 14:39:39.0741 2956 ============================================================ 14:39:39.0757 5308 Detected object count: 1 14:39:39.0757 5308 Actual detected object count: 1 14:40:10.0114 5308 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user 14:40:10.0114 5308 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip soo bitteschön : ) War dieser schritt falsch ?? :S |
|
17.06.2013, 15:00
| #8 |
| /// Malware-holic | Zeus Virus auf meinen Laptop ?!! Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.06.2013, 15:13
| #9 |
| | Zeus Virus auf meinen Laptop ?!! Ok werde ich machen aber was sind Code Tags ?? Code:
ATTFilter ComboFix 13-06-17.01 - Fichtinger 17.06.2013 16:18:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3955.2614 [GMT 2:00]
ausgeführt von:: c:\users\Fichtinger\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fichtinger\AppData\Roaming\toolplugin\toolbar.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-17 bis 2013-06-17 ))))))))))))))))))))))))))))))
.
.
2013-06-17 14:23 . 2013-06-17 14:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-17 12:24 . 2013-06-17 12:31 -------- d-----w- C:\_OTL
2013-06-17 11:39 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2018E50-64DD-4D72-9E69-732FCB64BCB8}\mpengine.dll
2013-06-15 16:26 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-06-15 16:26 . 2013-06-15 16:26 -------- d-----w- c:\program files\iPod
2013-06-15 16:26 . 2013-06-15 16:26 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-15 16:26 . 2013-06-15 16:26 -------- d-----w- c:\program files\iTunes
2013-06-15 16:26 . 2013-06-15 16:26 -------- d-----w- c:\program files (x86)\iTunes
2013-06-15 16:25 . 2013-06-15 16:25 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-06-15 16:25 . 2013-06-15 16:25 -------- d-----w- c:\program files\Common Files\Apple
2013-06-15 16:24 . 2013-06-15 16:24 -------- d-----w- c:\program files\Bonjour
2013-06-15 16:24 . 2013-06-15 16:24 -------- d-----w- c:\program files (x86)\Bonjour
2013-06-15 14:14 . 2013-05-21 20:48 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E35C4D79-7379-458A-9193-425E06898B72}\gapaengine.dll
2013-06-15 14:14 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-15 14:08 . 2013-06-15 14:08 -------- d--h--w- c:\windows\AxInstSV
2013-06-14 16:02 . 2013-06-14 16:02 -------- d-----w- c:\programdata\Ableton
2013-06-14 16:02 . 2013-06-14 16:02 -------- d-----w- c:\users\Fichtinger\AppData\Roaming\Ableton
2013-06-14 16:02 . 2011-03-29 11:44 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2013-06-14 15:59 . 2013-06-14 16:06 -------- d-----w- c:\users\Fichtinger\AppData\Roaming\PerformerSoft
2013-06-14 15:59 . 2013-06-14 15:59 -------- d-----w- c:\programdata\IBUpdaterService
2013-06-14 15:59 . 2012-12-19 13:53 19632 ----a-w- c:\windows\system32\roboot64.exe
2013-06-13 17:20 . 2013-06-13 17:20 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-06-13 16:15 . 2013-06-13 16:15 -------- d-----w- c:\users\Fichtinger\AppData\Local\Gameforge4d
2013-06-13 16:15 . 2013-06-13 16:15 -------- d-----w- c:\users\Fichtinger\AppData\Local\Programs
2013-06-12 14:36 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 14:33 . 2013-06-12 14:33 -------- d-----w- c:\users\Fichtinger\AppData\Local\Windows Live Writer
2013-06-12 14:33 . 2013-06-12 14:33 -------- d-----w- c:\users\Fichtinger\AppData\Roaming\Windows Live Writer
2013-06-12 14:31 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 14:31 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 14:24 . 2013-06-12 14:24 -------- d-----w- c:\windows\de
2013-06-12 14:24 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 14:24 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 14:24 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 14:24 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 14:21 . 2013-06-12 14:21 -------- d-----w- c:\program files\Windows Live
2013-06-12 14:21 . 2013-06-12 14:21 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-12 14:20 . 2010-06-02 02:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-06-12 14:20 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-06-12 14:20 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-06-12 14:20 . 2010-06-02 02:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-06-12 14:20 . 2010-05-26 09:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-06-12 14:20 . 2010-05-26 09:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-06-12 14:20 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-06-12 14:20 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-06-12 14:19 . 2013-06-12 14:19 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-06-12 14:19 . 2013-06-12 14:31 -------- d-----r- c:\users\Fichtinger\SkyDrive
2013-06-12 14:19 . 2013-06-12 14:19 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-06-12 14:18 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 14:18 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 14:18 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 14:18 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 14:18 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 14:18 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 14:18 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 14:18 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 14:18 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 14:18 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 14:18 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 14:18 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 13:28 . 2013-06-12 13:31 -------- d-----w- c:\users\Fichtinger\AppData\Roaming\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 14:44 . 2011-06-15 17:26 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 22:43 . 2012-04-16 14:02 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 22:43 . 2011-06-18 02:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 20:48 . 2012-10-12 06:54 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2011-06-23 20:45 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-17 11:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-17 11:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-17 11:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-17 11:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-17 11:35 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-17 11:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 19:07 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-17 11:35 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-17 11:35 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-17 11:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-05 23:19 . 2013-04-05 23:19 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-05 23:19 . 2013-04-05 23:19 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-05 23:19 . 2013-04-05 23:19 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-05 23:19 . 2013-04-05 23:19 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-05 23:19 . 2013-04-05 23:19 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-05 23:19 . 2013-04-05 23:19 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-05 23:19 . 2013-04-05 23:19 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-05 23:19 . 2013-04-05 23:19 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 23:19 . 2013-04-05 23:19 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-05 23:19 . 2013-04-05 23:19 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-05 23:19 . 2013-04-05 23:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-05 23:19 . 2013-04-05 23:19 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-05 23:19 . 2013-04-05 23:19 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-05 23:19 . 2013-04-05 23:19 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-05 23:19 . 2013-04-05 23:19 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-05 23:19 . 2013-04-05 23:19 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-05 23:19 . 2013-04-05 23:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-05 23:19 . 2013-04-05 23:19 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-05 23:19 . 2013-04-05 23:19 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-05 23:19 . 2013-04-05 23:19 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-05 23:19 . 2013-04-05 23:19 441856 ----a-w- c:\windows\system32\html.iec
2013-04-05 23:19 . 2013-04-05 23:19 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-05 23:19 . 2013-04-05 23:19 235008 ----a-w- c:\windows\system32\url.dll
2013-04-05 23:19 . 2013-04-05 23:19 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-05 23:19 . 2013-04-05 23:19 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-05 23:19 . 2013-04-05 23:19 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-05 23:19 . 2013-04-05 23:19 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-05 23:19 . 2013-04-05 23:19 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-05 23:19 . 2013-04-05 23:19 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-05 23:19 . 2013-04-05 23:19 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 23:19 . 2013-04-05 23:19 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-05 23:19 . 2013-04-05 23:19 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-05 23:19 . 2013-04-05 23:19 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-05 23:19 . 2013-04-05 23:19 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-05 23:19 . 2013-04-05 23:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-05 23:19 . 2013-04-05 23:19 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-05 23:19 . 2013-04-05 23:19 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-05 23:19 . 2013-04-05 23:19 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-05 23:19 . 2013-04-05 23:19 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-05 23:19 . 2013-04-05 23:19 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-05 23:19 . 2013-04-05 23:19 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-05 23:19 . 2013-04-05 23:19 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-05 23:19 . 2013-04-05 23:19 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-05 23:19 . 2013-04-05 23:19 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-05 23:19 . 2013-04-05 23:19 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-05 23:19 . 2013-04-05 23:19 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-05 23:19 . 2013-04-05 23:19 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-05 23:19 . 2013-04-05 23:19 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-05 23:19 . 2013-04-05 23:19 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-05 23:17 . 2013-04-05 23:17 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-05 23:17 . 2013-04-05 23:17 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-04-05 23:17 . 2013-04-05 23:17 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-04-05 23:17 . 2013-04-05 23:17 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-05 23:17 . 2013-04-05 23:17 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-05 23:17 . 2013-04-05 23:17 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-05 23:17 . 2013-04-05 23:17 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-05 23:17 . 2013-04-05 23:17 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-05 23:17 . 2013-04-05 23:17 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-05 23:17 . 2013-04-05 23:17 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-05 23:17 . 2013-04-05 23:17 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-05 23:17 . 2013-04-05 23:17 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-04-05 23:17 . 2013-04-05 23:17 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-05 23:17 . 2013-04-05 23:17 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-05 23:17 . 2013-04-05 23:17 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-04-05 23:17 . 2013-04-05 23:17 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-05 23:17 . 2013-04-05 23:17 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-05 23:17 . 2013-04-05 23:17 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-04-05 23:17 . 2013-04-05 23:17 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-05 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-03 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 90668905
*Deregistered* - 90668905
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 22:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Fichtinger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - c:\users\Fichtinger\AppData\Roaming\toolplugin\toolbar.dll
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
AddRemove-toolplugin - c:\users\FICHTI~1\AppData\Local\Temp\WZSE0.TMP\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2598626978-1349924558-3492067610-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2598626978-1349924558-3492067610-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2598626978-1349924558-3492067610-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2720C924-B446-4D4F-1600-2F131BF90E41}*]
"hanjdimgfoaolhjd"=hex:6a,61,65,65,66,6a,63,64,65,64,64,61,68,67,65,68,6c,62,
68,61,00,00
"iahknemjhfejmoklic"=hex:63,61,63,65,6a,6a,00,00
"iadlfopmgmcolegkik"=hex:6a,61,68,65,64,6a,63,65,6b,6e,66,66,6f,68,70,65,6d,6d,
6d,67,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-17 16:25:25
ComboFix-quarantined-files.txt 2013-06-17 14:25
.
Vor Suchlauf: 8 Verzeichnis(se), 25.603.928.064 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 25.448.382.464 Bytes frei
.
- - End Of File - - A57B14A864085396CD435056BC3043CD
D41D8CD98F00B204E9800998ECF8427E
|
|
17.06.2013, 18:01
| #10 |
| /// Malware-holic | Zeus Virus auf meinen Laptop ?!! Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.06.2013, 18:28
| #11 |
| | Zeus Virus auf meinen Laptop ?!! Soll ich das ganz normal bei "C:\Program Files (x86)", installieren oder ist etwas anderes gemeint ?? :S also hab es schon verstanden : )) ich hab bei Fertigstellen die Häkchen bei : Aktiviere kostenlosen Test Malwarebytes Anti-Malware Pro Aktualisiere Malwarebytes Anti-Malware Malwarebytes Anti-Malware starten gelassen . l g Dominik Malwarebytes Anti-Malware (Test) 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.06.17.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Fichtinger :: FICHTINGER-TOSH [Administrator] Schutz: Aktiviert 17.06.2013 19:40:27 mbam-log-2013-06-17 (19-40-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 373063 Laufzeit: 49 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\Fichtinger\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 3 C:\Users\Fichtinger\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fichtinger\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Soo Bitteschön : )) kannst du jetzt nun etwas zu meinen Problem mit den angeblichen "Zeus" Virus ? Also ich meine ob du schon etwas dazu sagen kannst was jetzt mit diesem "Zeus" Virus ist, und die Schädlinge die jetzt noch in der Quarantäne sind soll ich die entfernen oder lassen ? L g Dominik Also markusg, wie geht es nun wleiter ? was ist noch alles zu tun ? habe ich mir den sogenannten "Zeus" Virus eingefangen ? Und wenn ja ist er jetzt weg? Sind generell jetzt alle Trojaner weg ? Würd mich über eine Rückmeldung freuen l g domiiniik |
|
18.06.2013, 17:00
| #12 |
| /// Malware-holic | Zeus Virus auf meinen Laptop ?!! den zeus haben wir entfernt, dateien können in quarantäne bleiben. später passwörter endern lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Zeus Virus auf meinen Laptop ?!! |
| anleitung, beste, besten, community, computer, e-mail, erklären, essen, folge, folgendes, gelöscht, gestern, gesuch, gesucht, gmx, google, hoffe, laptop, liebe, problem, security, seite, verzweifeln, virus, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
