| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Habe ich mir einen Trojaner eingefangen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.01.2012, 18:23
| #1 |
 |  Habe ich mir einen Trojaner eingefangen? Hallo, vorab möchte ich sagen, dass ich es super finde, dass es eine solche Plattform wie diese hier gibt. Vielen Dank schonmal! Zu meinem Problem: Über Google bin ich darauf gestoßen, dass Cacaoweb ein Trojaner sein könnte. Mein Anti-Viren Programm hat nichts gemeldet (weder G-Data, noch Avira Antivir Free). Allerdings lässt sich das Programm nicht richtig deinstallieren. Ich habe schon alles versucht, auch in den Systemstarts habe ich es deaktiviert. Trotzdem meldet mir ZoneAlarm immer wieder, dass Cacaoweb sich ins Internet einwählen will. So, dann werde ich mal meine Logs posten (ich hoffe, ich mache es richtig): Code:
ATTFilter OTL logfile created on: 04.01.2012 17:33:06 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\JP_2\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,61 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 54,19% Memory free 3,21 Gb Paging File | 1,95 Gb Available in Paging File | 60,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 123,99 Gb Free Space | 83,19% Space Free | Partition Type: NTFS Drive D: | 148,65 Gb Total Space | 140,55 Gb Free Space | 94,55% Space Free | Partition Type: NTFS Computer Name: JP-TOSH | User Name: JP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.04 17:28:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\JP_2\Desktop\OTL.exe PRC - [2012.01.04 17:26:09 | 000,050,477 | ---- | M] () -- C:\Users\JP_2\Desktop\Defogger.exe PRC - [2012.01.03 19:20:37 | 000,412,160 | ---- | M] () -- C:\Users\JP_2\AppData\Roaming\cacaoweb\cacaoweb.exe PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.12.15 14:59:40 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe PRC - [2010.09.14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.08.15 19:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2010.08.04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe ========== Modules (No Company Name) ========== MOD - [2012.01.04 17:26:09 | 000,050,477 | ---- | M] () -- C:\Users\JP_2\Desktop\Defogger.exe MOD - [2012.01.03 19:20:37 | 000,412,160 | ---- | M] () -- C:\Users\JP_2\AppData\Roaming\cacaoweb\cacaoweb.exe MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.11.23 14:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV:64bit: - [2011.06.28 22:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.02.15 16:26:18 | 000,822,264 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV:64bit: - [2010.10.20 13:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010.09.28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.02.05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV - [2012.01.03 21:05:58 | 000,105,800 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Programme\HitmanPro\hmpsched.exe -- (HitmanProScheduler) SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 14:59:40 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.14 12:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.08.22 10:52:33 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service) SRV - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Disabled | Stopped] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2011.02.10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.08.04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2010.07.01 10:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010.04.12 10:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.12.10 12:54:13 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter) DRV:64bit: - [2011.06.29 00:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.06.28 22:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.23 11:03:42 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd) DRV:64bit: - [2011.01.27 15:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2010.11.24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.19 11:56:44 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.10.18 14:14:02 | 000,042,096 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.09.30 20:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.09.14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010.09.14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010.09.14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010.09.14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.08.14 07:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.08.14 07:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.07.20 17:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.06.18 16:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec) DRV:64bit: - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2010.03.22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2011.12.12 19:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.11.23 14:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2011.02.15 16:25:38 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.01.02 16:38:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.01.02 16:17:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.03 19:49:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.02 15:45:07 | 000,000,000 | ---D | M] [2012.01.02 15:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JP\AppData\Roaming\mozilla\Extensions [2012.01.03 18:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JP\AppData\Roaming\mozilla\Firefox\Profiles\7pgt4m8z.default\extensions [2012.01.02 16:17:16 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\JP\AppData\Roaming\mozilla\Firefox\Profiles\7pgt4m8z.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2012.01.02 16:08:54 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\JP\AppData\Roaming\mozilla\Firefox\Profiles\7pgt4m8z.default\extensions\toolbar@ask.com [2012.01.02 15:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\JP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7PGT4M8Z.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI () (No name found) -- C:\USERS\JP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7PGT4M8Z.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\JP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7PGT4M8Z.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.91\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.91\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.91\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.214 80.69.100.206 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD814BEA-2219-4647-BFC4-D91E3138014E}: DhcpNameServer = 80.69.100.214 80.69.100.206 192.168.0.1 O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\bejeweled3-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\cfaddgadgets.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\cfmain.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\cfprofile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\ci3-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\fate-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\help.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hwsetup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\insaniquariumdeluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\launcher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\mediacontroller.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\ndstray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\onplay.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pcdiag.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\penguins-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\plantsvszombies-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\polar-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\provider.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\racing-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\smoothview.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tacsprop.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tempro.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tfcconf.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tfcrst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tintouch.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\topi.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tosdimonitor.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\toshibaregistration.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\toshibaservicestation.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\trexlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\weddingdash2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\bejeweled3-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\cfaddgadgets.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\cfmain.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\cfprofile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\ci3-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\fate-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\help.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hwsetup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\insaniquariumdeluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\launcher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\mediacontroller.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\ndstray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\onplay.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pcdiag.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\penguins-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\plantsvszombies-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\polar-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\provider.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\racing-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\smoothview.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tacsprop.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tempro.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tfcconf.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tfcrst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tintouch.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\topi.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tosdimonitor.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\toshibaregistration.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\toshibaservicestation.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\trexlauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\weddingdash2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: cacaoweb - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.04 16:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.01.04 14:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst [2012.01.04 13:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Wild Tangent [2012.01.03 21:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2012.01.03 21:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012.01.03 21:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012.01.03 19:49:03 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\DivX [2012.01.03 19:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2012.01.03 19:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2012.01.03 19:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2012.01.03 19:47:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2012.01.03 19:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2012.01.03 19:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2012.01.03 19:03:19 | 000,000,000 | R--D | C] -- C:\Sandbox [2012.01.03 18:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie [2012.01.03 18:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie [2012.01.03 14:23:23 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\Macromedia [2012.01.03 13:57:37 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\cacaoweb [2012.01.03 10:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.01.02 19:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2012.01.02 18:00:23 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\vlc [2012.01.02 18:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.01.02 17:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012.01.02 16:48:21 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.01.02 16:48:18 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.01.02 16:48:18 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2012.01.02 16:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.01.02 16:47:42 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\TuneUp Software [2012.01.02 16:47:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012 [2012.01.02 16:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.01.02 16:46:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.01.02 16:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.01.02 16:45:08 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.01.02 16:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.01.02 16:44:05 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\WinRAR [2012.01.02 16:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA Tempro [2012.01.02 16:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage [2012.01.02 16:20:49 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Local\TOSHIBA_Corporation [2012.01.02 16:17:58 | 000,000,000 | ---D | C] -- C:\Users\JP\Documents\ForceField Shared Files [2012.01.02 16:17:58 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\CheckPoint [2012.01.02 16:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012.01.02 16:17:06 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Local\Conduit [2012.01.02 16:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm-Sicherheit [2012.01.02 16:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2012.01.02 16:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm [2012.01.02 16:16:38 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\SysWow64\vsutil_loc0407.dll [2012.01.02 16:16:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs [2012.01.02 16:15:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs [2012.01.02 16:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2012.01.02 16:15:09 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2012.01.02 16:14:40 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\Avira [2012.01.02 16:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.01.02 16:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.01.02 16:08:27 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.01.02 16:08:27 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.01.02 16:08:26 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.01.02 16:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.01.02 16:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.01.02 16:01:41 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\Skype [2012.01.02 15:45:19 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\Mozilla [2012.01.02 15:45:19 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Local\Mozilla [2012.01.02 15:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.01.02 15:42:20 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Local\Google [2012.01.02 15:33:03 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\Adobe [2012.01.02 15:33:03 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Local\Adobe [2012.01.02 15:32:48 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\TOSHIBA Online Product Information [2012.01.02 15:32:35 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.01.02 15:31:32 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Local\Microsoft Help [2012.01.02 15:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.01.02 15:27:01 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Local\SoftGrid Client [2012.01.02 15:26:58 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\SoftGrid Client [2012.01.02 15:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch) [2012.01.02 15:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.01.02 15:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.01.02 15:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client [2012.01.02 15:23:48 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\TP [2012.01.02 15:22:12 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\Toshiba [2012.01.02 15:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay [2012.01.02 15:22:02 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\ATI [2012.01.02 15:22:02 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Local\ATI [2012.01.02 15:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2012.01.02 15:21:03 | 000,000,000 | R--D | C] -- C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.01.02 15:21:02 | 000,000,000 | R--D | C] -- C:\Users\JP\Searches [2012.01.02 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\Identities [2012.01.02 15:20:42 | 000,000,000 | R--D | C] -- C:\Users\JP\Contacts [2012.01.02 15:20:24 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Local\Toshiba [2012.01.02 15:15:19 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Local\VirtualStore [2012.01.02 15:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ToshibaEurope [2012.01.02 15:12:39 | 000,000,000 | --SD | C] -- C:\Users\JP\AppData\Roaming\Microsoft [2012.01.02 15:12:39 | 000,000,000 | R--D | C] -- C:\Users\JP\Videos [2012.01.02 15:12:39 | 000,000,000 | R--D | C] -- C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.01.02 15:12:39 | 000,000,000 | R--D | C] -- C:\Users\JP\Saved Games [2012.01.02 15:12:39 | 000,000,000 | R--D | C] -- C:\Users\JP\Pictures [2012.01.02 15:12:39 | 000,000,000 | R--D | C] -- C:\Users\JP\Music [2012.01.02 15:12:39 | 000,000,000 | R--D | C] -- C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.01.02 15:12:39 | 000,000,000 | R--D | C] -- C:\Users\JP\Links [2012.01.02 15:12:39 | 000,000,000 | R--D | C] -- C:\Users\JP\Favorites [2012.01.02 15:12:39 | 000,000,000 | R--D | C] -- C:\Users\JP\Downloads [2012.01.02 15:12:39 | 000,000,000 | R--D | C] -- C:\Users\JP\Documents [2012.01.02 15:12:39 | 000,000,000 | R--D | C] -- C:\Users\JP\Desktop [2012.01.02 15:12:39 | 000,000,000 | R--D | C] -- C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\Vorlagen [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\AppData\Local\Verlauf [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\AppData\Local\Temporary Internet Files [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\Startmenü [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\SendTo [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\Recent [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\Netzwerkumgebung [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\Lokale Einstellungen [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\Documents\Eigene Videos [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\Documents\Eigene Musik [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\Eigene Dateien [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\Documents\Eigene Bilder [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\Druckumgebung [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\Cookies [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\AppData\Local\Anwendungsdaten [2012.01.02 15:12:39 | 000,000,000 | -HSD | C] -- C:\Users\JP\Anwendungsdaten [2012.01.02 15:12:39 | 000,000,000 | -H-D | C] -- C:\Users\JP\AppData [2012.01.02 15:12:39 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Local\Temp [2012.01.02 15:12:39 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Local\Microsoft [2012.01.02 15:12:39 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\Media Center Programs [2012.01.02 15:12:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.01.02 15:12:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.01.02 15:12:24 | 000,000,000 | -HSD | C] -- C:\Programme [2012.01.02 15:12:24 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.01.02 15:12:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.01.02 15:12:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.01.02 15:12:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.01.02 15:12:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.01.02 15:12:24 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.01.02 15:12:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.01.02 15:12:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.12.10 13:30:12 | 000,000,000 | ---D | C] -- C:\Windows\OemDrv [2011.12.10 13:26:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2011.12.10 13:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba [2011.12.10 13:16:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda [2011.12.10 13:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOH Class Filter [2011.12.10 13:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2011.12.10 13:10:03 | 002,673,664 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2011.12.10 13:10:03 | 000,000,000 | ---D | C] -- C:\Windows\Options [2011.12.10 13:10:02 | 000,443,040 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll [2011.12.10 13:10:02 | 000,063,648 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvui.dll [2011.12.10 13:10:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO [2011.12.10 13:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros [2011.12.10 13:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2011.12.10 13:03:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2011.12.10 13:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2011.12.10 13:03:08 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2011.12.10 13:03:08 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2011.12.10 13:03:08 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2011.12.10 13:03:08 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2011.12.10 13:03:08 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2011.12.10 13:03:06 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll [2011.12.10 13:03:06 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll [2011.12.10 13:03:06 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll [2011.12.10 13:03:06 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2011.12.10 13:03:05 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2011.12.10 13:03:05 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2011.12.10 13:03:05 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2011.12.10 13:03:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2011.12.10 13:03:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2011.12.10 13:03:05 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2011.12.10 13:03:05 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2011.12.10 13:03:05 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2011.12.10 13:03:05 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2011.12.10 13:03:05 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2011.12.10 13:03:05 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2011.12.10 13:03:04 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2011.12.10 13:03:04 | 001,870,168 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2011.12.10 13:03:04 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2011.12.10 13:03:04 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2011.12.10 13:03:04 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2011.12.10 13:03:02 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2011.12.10 13:03:02 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2011.12.10 13:03:02 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2011.12.10 13:03:02 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2011.12.10 13:03:02 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2011.12.10 13:03:02 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2011.12.10 13:03:02 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2011.12.10 13:03:02 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2011.12.10 13:03:02 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2011.12.10 13:03:02 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2011.12.10 13:03:02 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2011.12.10 13:03:02 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2011.12.10 13:03:02 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2011.12.10 13:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2011.12.10 13:03:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2011.12.10 13:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2011.12.10 12:54:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Microsoft.VC80.MFC [2011.12.10 12:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\vista64 [2011.12.10 12:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\xp [2011.12.10 12:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\win7_64 [2011.12.10 12:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\win7_32 [2011.12.10 12:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\vista32 [2011.12.10 12:54:13 | 000,020,592 | ---- | C] (Compal Electronics, INC.) -- C:\Windows\SysNative\drivers\CeKbFilter.sys [2011.12.10 12:53:50 | 000,295,936 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Windows\SysNative\HWS_Ctrl.dll [2011.12.10 12:53:50 | 000,008,192 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Windows\SysNative\TSBWLS.dll [2011.12.10 12:53:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Microsoft.VC80.MFC [2011.12.10 12:52:21 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2011.12.10 12:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.12.10 12:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2011.12.10 12:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2011.12.10 12:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2011.12.10 12:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2011.12.10 12:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2011.12.10 12:46:54 | 000,485,376 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2011.12.10 12:46:54 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2011.12.10 12:46:54 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2011.12.10 12:46:54 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll [2011.12.10 12:46:54 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2011.12.10 12:46:50 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.12.10 12:45:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.04 17:31:59 | 000,002,706 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.01.04 17:30:19 | 000,000,000 | ---- | M] () -- C:\Users\JP\defogger_reenable [2012.01.04 17:14:15 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.04 17:14:15 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.04 17:11:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.04 17:06:49 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.04 17:06:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.04 17:06:13 | 1292,611,584 | -HS- | M] () -- C:\hiberfil.sys [2012.01.04 09:55:46 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.04 09:55:46 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.04 09:55:46 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.04 09:55:46 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.04 09:55:46 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.03 21:05:59 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys [2012.01.03 13:14:33 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.01.03 10:23:56 | 001,526,948 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.02 22:29:48 | 000,002,046 | ---- | M] () -- C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2012.01.02 17:30:22 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012.01.02 16:48:11 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.01.02 16:48:11 | 000,002,200 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012.01.02 16:18:20 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2012.01.02 16:16:40 | 000,005,977 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml [2012.01.02 14:04:19 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.01.02 14:04:19 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.01.02 14:02:08 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\TOSHIBA_Satellite C660D_15493-GR_PSC1YE-02K00.MRK [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.12.14 12:23:40 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2011.12.14 12:23:22 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011.12.14 12:23:22 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011.12.10 13:27:06 | 000,000,000 | ---- | M] () -- C:\Windows\NDSTray.INI [2011.12.10 13:11:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2011.12.10 12:54:13 | 000,020,592 | ---- | M] (Compal Electronics, INC.) -- C:\Windows\SysNative\drivers\CeKbFilter.sys [2011.12.10 12:50:20 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.04 17:30:19 | 000,000,000 | ---- | C] () -- C:\Users\JP\defogger_reenable [2012.01.03 21:05:59 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys [2012.01.03 19:02:18 | 000,002,706 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.01.02 17:30:22 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.01.02 16:48:11 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.01.02 16:48:11 | 000,002,212 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012.01.02 16:48:11 | 000,002,200 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012.01.02 16:16:39 | 000,005,977 | ---- | C] () -- C:\Windows\SysWow64\vsconfig.xml [2012.01.02 16:16:05 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2012.01.02 15:45:11 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.01.02 15:25:12 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.02 15:21:06 | 000,001,450 | ---- | C] () -- C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.01.02 15:12:39 | 000,002,046 | ---- | C] () -- C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2012.01.02 14:02:08 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\TOSHIBA_Satellite C660D_15493-GR_PSC1YE-02K00.MRK [2011.12.10 13:27:06 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2011.12.10 13:11:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2011.12.10 12:50:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.10 12:46:54 | 001,127,552 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2011.12.10 12:46:54 | 001,127,552 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2011.12.10 12:46:54 | 000,233,765 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2011.12.10 12:46:54 | 000,166,656 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2011.12.10 12:46:54 | 000,032,874 | ---- | C] () -- C:\Windows\atiogl.xml [2011.12.10 12:46:54 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.12.10 12:46:54 | 000,003,929 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat [2011.12.10 12:40:41 | 1292,611,584 | -HS- | C] () -- C:\hiberfil.sys [2010.11.09 12:09:58 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2012.01.03 18:49:50 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\cacaoweb [2012.01.02 16:17:58 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\CheckPoint [2012.01.03 14:30:31 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\SoftGrid Client [2012.01.02 15:33:40 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\Toshiba [2012.01.02 15:32:49 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\TOSHIBA Online Product Information [2012.01.02 15:27:15 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\TP [2012.01.02 23:40:22 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\TuneUp Software [2009.07.14 06:08:49 | 000,011,280 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.01.02 22:11:30 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.01.02 15:12:24 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.01.02 15:32:35 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.01.03 21:05:57 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.03 19:46:48 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.01.04 14:00:31 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.01.02 15:12:24 | 000,000,000 | -HSD | M] -- C:\Programme [2012.01.03 19:12:23 | 000,000,000 | R--D | M] -- C:\Sandbox [2012.01.04 17:35:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.02 15:23:01 | 000,000,000 | ---D | M] -- C:\Toshiba [2012.01.02 22:11:07 | 000,000,000 | R--D | M] -- C:\Users [2012.01.04 17:31:59 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2010.11.21 04:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > |
|
04.01.2012, 19:29
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Habe ich mir einen Trojaner eingefangen?Zitat:
 Warum hast du dir Cacaoweb installiert wenn du diesem Programm keinen Zugriff aufs Internet offensichtlich gewähren willst, warum nicht einfach deinstallieren wenn du offensichtlich nicht weißt was das ist und du es auch anscheinend nicht benötigst?  Zum Thema ZoneAlarm: Eine zusätzliche bzw. andere Software-Firewall und v.a. sowas wie SecuritySuites sind Quatsch mit Sauce, in vielen Fällen kontraproduktiv und Ursache für die "lustigsten" Fehler. Bitte umgehend deinstallieren, Windows danach neustarten und sicherstellen, dass die Windows-Firewall aktiv ist und keine gefährlichen "Löcher" (siehe Ausnahmeliste) hat.
__________________ |
|
04.01.2012, 23:24
| #3 | |||
| | Habe ich mir einen Trojaner eingefangen?Zitat:
Zitat:
Zitat:
Lieben Gruß und gute Nacht, Shaiel |
|
05.01.2012, 10:13
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe ich mir einen Trojaner eingefangen? Ok, Asche auf mein Haupt, hab überlesen, dass es sich nicht richtig deinstallieren lässt  Mach mal nach der Deinstallation bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.01.2012, 17:20
| #5 |
| | Habe ich mir einen Trojaner eingefangen? Hiho, vielen Dank für die Antwort. Leider ist meine Log-File zu lang, daher habe ich sie als Zip-Datei angehängt. Lieben Gruß Shaiel |
|
05.01.2012, 21:11
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe ich mir einen Trojaner eingefangen? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2514096238-3946182807-2429419329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKU\S-1-5-21-2514096238-3946182807-2429419329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hiergehtslos.de
IE - HKU\S-1-5-21-2514096238-3946182807-2429419329-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
[2012.01.02 16:17:16 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\JP\AppData\Roaming\mozilla\Firefox\Profiles\7pgt4m8z.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2012.01.02 16:08:54 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\JP\AppData\Roaming\mozilla\Firefox\Profiles\7pgt4m8z.default\extensions\toolbar@ask.com
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2514096238-3946182807-2429419329-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2514096238-3946182807-2429419329-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2514096238-3946182807-2429419329-1000\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
[2012.01.05 16:34:09 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012.01.04 13:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Wild Tangent
[2012.01.03 13:57:37 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\cacaoweb
[2012.01.02 16:17:58 | 000,000,000 | ---D | C] -- C:\Users\JP\Documents\ForceField Shared Files
[2012.01.02 16:17:58 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Roaming\CheckPoint
[2012.01.02 16:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.01.02 16:17:06 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Local\Conduit
[2012.01.02 16:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm-Sicherheit
[2012.01.02 16:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012.01.02 16:16:38 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\SysWow64\vsutil_loc0407.dll
[2012.01.02 16:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012.01.02 16:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Habe ich mir einen Trojaner eingefangen? |
|
06.01.2012, 20:12
| #7 |
| | Habe ich mir einen Trojaner eingefangen? Hi nochmal, ich bekomme am Ende eine Fehlermeldung "Cannot create folder C:Windows\System32\drivers\etc\Hosts." Wenn ich dann auf "ok" klicke, tut sich nichts mehr. Lieben Gruß Shaiel |
|
06.01.2012, 20:13
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe ich mir einen Trojaner eingefangen? OTL per Rechtsklick als Administrator ausgeführt? Ich denke nicht...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2012, 21:25
| #9 |
| | Habe ich mir einen Trojaner eingefangen? Natürlich habe ich das per Rechtsklick als Admin ausgeführt.  Zur Sicherheit habe ich es gerade nochmal gemacht, weil ich jetzt doch kurz an mir selbst gezweifelt habe. Aber es kam wieder die selbe Meldung... Programme inkl. Virensoftware habe ich auch alle beendet. Geändert von Shaiel (06.01.2012 um 21:36 Uhr) |
|
06.01.2012, 21:52
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe ich mir einen Trojaner eingefangen? Funktioniert's im abgesicherte Modus mit Netzwerktreibern? Abgesicherter Modus zur Bereinigung
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2012, 22:03
| #11 |
| | Habe ich mir einen Trojaner eingefangen? Das hat geklappt! Danke. Hier der Log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll not found.
HKU\S-1-5-21-2514096238-3946182807-2429419329-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2514096238-3946182807-2429419329-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2514096238-3946182807-2429419329-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll not found.
Folder C:\Users\JP\AppData\Roaming\mozilla\Firefox\Profiles\7pgt4m8z.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
Folder C:\Users\JP\AppData\Roaming\mozilla\Firefox\Profiles\7pgt4m8z.default\extensions\toolbar@ask.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File Sicherheit\prxtbZone.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
64bit-Registry value HKEY_USERS\S-1-5-21-2514096238-3946182807-2429419329-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_USERS\S-1-5-21-2514096238-3946182807-2429419329-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2514096238-3946182807-2429419329-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}\ not found.
File Sicherheit\prxtbZone.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.
File Protocol\Handler\wlpg - No CLSID value found not found.
Folder C:\Windows\Internet Logs\ not found.
Folder C:\ProgramData\Wild Tangent\ not found.
Folder C:\Users\JP\AppData\Roaming\cacaoweb\ not found.
Folder C:\Users\JP\Documents\ForceField Shared Files\ not found.
Folder C:\Users\JP\AppData\Roaming\CheckPoint\ not found.
Folder C:\Program Files (x86)\Conduit\ not found.
Folder C:\Users\JP\AppData\Local\Conduit\ not found.
Folder C:\Program Files (x86)\ZoneAlarm-Sicherheit\ not found.
Folder C:\Program Files\CheckPoint\ not found.
File C:\Windows\SysWow64\vsutil_loc0407.dll not found.
Folder C:\ProgramData\CheckPoint\ not found.
Folder C:\Program Files (x86)\Ask.com\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: JP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38228 bytes
->FireFox cache emptied: 23854800 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: JP_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: RPP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 23,00 mb
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01062012_215630
Files\Folders moved on Reboot...
File\Folder C:\Users\JP\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
06.01.2012, 22:20
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe ich mir einen Trojaner eingefangen? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2012, 22:34
| #13 |
| | Habe ich mir einen Trojaner eingefangen?Code:
ATTFilter 22:29:04.0407 0996 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
22:29:04.0750 0996 ============================================================
22:29:04.0750 0996 Current date / time: 2012/01/06 22:29:04.0750
22:29:04.0750 0996 SystemInfo:
22:29:04.0750 0996
22:29:04.0750 0996 OS Version: 6.1.7601 ServicePack: 1.0
22:29:04.0750 0996 Product type: Workstation
22:29:04.0750 0996 ComputerName: JP-TOSH
22:29:04.0750 0996 UserName: JP
22:29:04.0750 0996 Windows directory: C:\Windows
22:29:04.0750 0996 System windows directory: C:\Windows
22:29:04.0750 0996 Running under WOW64
22:29:04.0750 0996 Processor architecture: Intel x64
22:29:04.0750 0996 Number of processors: 2
22:29:04.0750 0996 Page size: 0x1000
22:29:04.0750 0996 Boot type: Normal boot
22:29:04.0750 0996 ============================================================
22:29:06.0264 0996 Initialize success
22:30:31.0643 3372 ============================================================
22:30:31.0643 3372 Scan started
22:30:31.0643 3372 Mode: Manual; SigCheck; TDLFS;
22:30:31.0643 3372 ============================================================
22:30:32.0689 3372 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:30:32.0860 3372 1394ohci - ok
22:30:33.0235 3372 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:30:33.0281 3372 ACPI - ok
22:30:33.0625 3372 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:30:33.0734 3372 AcpiPmi - ok
22:30:34.0108 3372 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:30:34.0186 3372 adp94xx - ok
22:30:34.0545 3372 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:30:34.0607 3372 adpahci - ok
22:30:34.0966 3372 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:30:35.0013 3372 adpu320 - ok
22:30:35.0387 3372 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:30:35.0481 3372 AFD - ok
22:30:35.0840 3372 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:30:35.0887 3372 agp440 - ok
22:30:36.0245 3372 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:30:36.0292 3372 aliide - ok
22:30:36.0651 3372 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:30:36.0682 3372 amdide - ok
22:30:37.0025 3372 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:30:37.0119 3372 AmdK8 - ok
22:30:37.0712 3372 amdkmdag (62ddf55680f8c53e4b8dde4189ada0b8) C:\Windows\system32\DRIVERS\atikmdag.sys
22:30:38.0398 3372 amdkmdag - ok
22:30:38.0773 3372 amdkmdap (51f027dffedfb8d763fabffa06b56e6d) C:\Windows\system32\DRIVERS\atikmpag.sys
22:30:38.0851 3372 amdkmdap - ok
22:30:39.0209 3372 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:30:39.0272 3372 AmdPPM - ok
22:30:39.0631 3372 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:30:39.0677 3372 amdsata - ok
22:30:40.0052 3372 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:30:40.0099 3372 amdsbs - ok
22:30:40.0457 3372 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:30:40.0489 3372 amdxata - ok
22:30:40.0832 3372 amd_sata (8a2b4818215d8a6ff54dc3f0d63cbb2d) C:\Windows\system32\DRIVERS\amd_sata.sys
22:30:41.0050 3372 amd_sata - ok
22:30:41.0378 3372 amd_xata (a2d8977623e13591b15f6370c6cc37b0) C:\Windows\system32\DRIVERS\amd_xata.sys
22:30:41.0425 3372 amd_xata - ok
22:30:41.0815 3372 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:30:42.0002 3372 AppID - ok
22:30:42.0361 3372 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:30:42.0407 3372 arc - ok
22:30:42.0751 3372 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:30:42.0813 3372 arcsas - ok
22:30:43.0172 3372 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:30:43.0390 3372 AsyncMac - ok
22:30:43.0827 3372 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:30:43.0874 3372 atapi - ok
22:30:44.0311 3372 athr (782d36bad8ddbf008d02e055dbe70f82) C:\Windows\system32\DRIVERS\athrx.sys
22:30:44.0482 3372 athr - ok
22:30:44.0872 3372 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
22:30:44.0919 3372 avgntflt - ok
22:30:45.0278 3372 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
22:30:45.0325 3372 avipbb - ok
22:30:45.0683 3372 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:30:45.0715 3372 avkmgr - ok
22:30:46.0105 3372 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:30:46.0198 3372 b06bdrv - ok
22:30:46.0557 3372 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:30:46.0666 3372 b57nd60a - ok
22:30:47.0041 3372 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:30:47.0134 3372 Beep - ok
22:30:47.0509 3372 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
22:30:47.0587 3372 blbdrive - ok
22:30:47.0945 3372 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:30:48.0023 3372 bowser - ok
22:30:48.0367 3372 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:30:48.0429 3372 BrFiltLo - ok
22:30:48.0757 3372 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:30:48.0819 3372 BrFiltUp - ok
22:30:49.0178 3372 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:30:49.0303 3372 Brserid - ok
22:30:49.0646 3372 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:30:49.0724 3372 BrSerWdm - ok
22:30:50.0067 3372 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:30:50.0145 3372 BrUsbMdm - ok
22:30:50.0504 3372 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:30:50.0551 3372 BrUsbSer - ok
22:30:50.0894 3372 BtFilter (2347abbd13bada65826fdab4caafe357) C:\Windows\system32\DRIVERS\btfilter.sys
22:30:50.0925 3372 BtFilter - ok
22:30:51.0284 3372 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
22:30:51.0362 3372 BTHMODEM - ok
22:30:51.0736 3372 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:30:51.0861 3372 cdfs - ok
22:30:52.0204 3372 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:30:52.0298 3372 cdrom - ok
22:30:52.0657 3372 CeKbFilter (7e83e47bd1ff93e11cd69f1ad65a9581) C:\Windows\system32\DRIVERS\CeKbFilter.sys
22:30:52.0704 3372 CeKbFilter - ok
22:30:53.0078 3372 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:30:53.0172 3372 circlass - ok
22:30:53.0421 3372 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:30:53.0468 3372 CLFS - ok
22:30:53.0874 3372 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:30:53.0920 3372 CmBatt - ok
22:30:54.0264 3372 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:30:54.0310 3372 cmdide - ok
22:30:54.0654 3372 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
22:30:54.0747 3372 CNG - ok
22:30:55.0106 3372 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
22:30:55.0153 3372 Compbatt - ok
22:30:55.0512 3372 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:30:55.0574 3372 CompositeBus - ok
22:30:55.0933 3372 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:30:55.0995 3372 crcdisk - ok
22:30:56.0385 3372 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:30:56.0526 3372 DfsC - ok
22:30:56.0884 3372 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:30:56.0994 3372 discache - ok
22:30:57.0352 3372 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:30:57.0399 3372 Disk - ok
22:30:57.0789 3372 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:30:57.0852 3372 drmkaud - ok
22:30:58.0226 3372 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:30:58.0288 3372 DXGKrnl - ok
22:30:58.0741 3372 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:30:58.0866 3372 ebdrv - ok
22:30:59.0287 3372 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:30:59.0349 3372 elxstor - ok
22:30:59.0692 3372 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:30:59.0770 3372 ErrDev - ok
22:31:00.0145 3372 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:31:00.0270 3372 exfat - ok
22:31:00.0597 3372 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:31:00.0738 3372 fastfat - ok
22:31:01.0096 3372 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:31:01.0159 3372 fdc - ok
22:31:01.0518 3372 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:31:01.0564 3372 FileInfo - ok
22:31:01.0908 3372 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:31:02.0017 3372 Filetrace - ok
22:31:02.0376 3372 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:31:02.0422 3372 flpydisk - ok
22:31:02.0766 3372 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:31:02.0828 3372 FltMgr - ok
22:31:03.0187 3372 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:31:03.0234 3372 FsDepends - ok
22:31:03.0577 3372 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:31:03.0624 3372 Fs_Rec - ok
22:31:04.0014 3372 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:31:04.0076 3372 fvevol - ok
22:31:04.0419 3372 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:31:04.0450 3372 gagp30kx - ok
22:31:04.0840 3372 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:31:04.0918 3372 hcw85cir - ok
22:31:05.0277 3372 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:31:05.0371 3372 HdAudAddService - ok
22:31:05.0714 3372 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:31:05.0776 3372 HDAudBus - ok
22:31:06.0104 3372 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:31:06.0166 3372 HidBatt - ok
22:31:06.0510 3372 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:31:06.0588 3372 HidBth - ok
22:31:06.0931 3372 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:31:06.0978 3372 HidIr - ok
22:31:07.0321 3372 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:31:07.0383 3372 HidUsb - ok
22:31:07.0742 3372 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:31:07.0789 3372 HpSAMD - ok
22:31:08.0148 3372 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:31:08.0304 3372 HTTP - ok
22:31:08.0647 3372 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:31:08.0694 3372 hwpolicy - ok
22:31:09.0021 3372 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:31:09.0084 3372 i8042prt - ok
22:31:09.0442 3372 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:31:09.0505 3372 iaStorV - ok
22:31:09.0864 3372 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:31:09.0895 3372 iirsp - ok
22:31:10.0347 3372 IntcAzAudAddService (8bc7eb3bf3fa1c434aa830a50456dd02) C:\Windows\system32\drivers\RTKVHD64.sys
22:31:10.0488 3372 IntcAzAudAddService - ok
22:31:10.0831 3372 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:31:10.0878 3372 intelide - ok
22:31:11.0221 3372 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
22:31:11.0283 3372 intelppm - ok
22:31:11.0642 3372 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:11.0736 3372 IpFilterDriver - ok
22:31:12.0079 3372 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:31:12.0141 3372 IPMIDRV - ok
22:31:12.0484 3372 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:31:12.0594 3372 IPNAT - ok
22:31:12.0937 3372 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:31:13.0046 3372 IRENUM - ok
22:31:13.0374 3372 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:31:13.0420 3372 isapnp - ok
22:31:13.0764 3372 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:31:13.0826 3372 iScsiPrt - ok
22:31:14.0169 3372 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:31:14.0216 3372 kbdclass - ok
22:31:14.0622 3372 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:31:14.0684 3372 kbdhid - ok
22:31:15.0027 3372 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
22:31:15.0074 3372 KMWDFILTER - ok
22:31:15.0417 3372 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
22:31:15.0448 3372 KSecDD - ok
22:31:15.0823 3372 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
22:31:15.0870 3372 KSecPkg - ok
22:31:16.0213 3372 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:31:16.0306 3372 ksthunk - ok
22:31:16.0681 3372 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:31:16.0806 3372 lltdio - ok
22:31:17.0180 3372 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\Windows\system32\DRIVERS\LPCFilter.sys
22:31:17.0227 3372 LPCFilter - ok
22:31:17.0586 3372 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:31:17.0632 3372 LSI_FC - ok
22:31:17.0976 3372 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:31:18.0038 3372 LSI_SAS - ok
22:31:18.0381 3372 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:31:18.0444 3372 LSI_SAS2 - ok
22:31:18.0771 3372 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:31:18.0818 3372 LSI_SCSI - ok
22:31:19.0161 3372 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:31:19.0270 3372 luafv - ok
22:31:19.0645 3372 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:31:19.0676 3372 megasas - ok
22:31:20.0035 3372 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:31:20.0082 3372 MegaSR - ok
22:31:20.0440 3372 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:31:20.0534 3372 Modem - ok
22:31:20.0877 3372 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:31:20.0955 3372 monitor - ok
22:31:21.0298 3372 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:31:21.0345 3372 mouclass - ok
22:31:21.0688 3372 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:31:21.0751 3372 mouhid - ok
22:31:22.0094 3372 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:31:22.0156 3372 mountmgr - ok
22:31:22.0484 3372 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:31:22.0531 3372 mpio - ok
22:31:22.0858 3372 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:31:22.0983 3372 mpsdrv - ok
22:31:23.0311 3372 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:31:23.0389 3372 MRxDAV - ok
22:31:23.0748 3372 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:31:23.0841 3372 mrxsmb - ok
22:31:24.0184 3372 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:31:24.0262 3372 mrxsmb10 - ok
22:31:24.0606 3372 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:31:24.0668 3372 mrxsmb20 - ok
22:31:24.0996 3372 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
22:31:25.0042 3372 msahci - ok
22:31:25.0386 3372 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:31:25.0432 3372 msdsm - ok
22:31:25.0791 3372 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:31:25.0900 3372 Msfs - ok
22:31:26.0244 3372 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:31:26.0353 3372 mshidkmdf - ok
22:31:26.0680 3372 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:31:26.0727 3372 msisadrv - ok
22:31:27.0086 3372 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:31:27.0211 3372 MSKSSRV - ok
22:31:27.0554 3372 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:31:27.0679 3372 MSPCLOCK - ok
22:31:28.0022 3372 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:31:28.0131 3372 MSPQM - ok
22:31:28.0474 3372 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:31:28.0537 3372 MsRPC - ok
22:31:28.0864 3372 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:31:28.0911 3372 mssmbios - ok
22:31:29.0239 3372 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:31:29.0364 3372 MSTEE - ok
22:31:29.0691 3372 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:31:29.0754 3372 MTConfig - ok
22:31:30.0081 3372 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:31:30.0128 3372 Mup - ok
22:31:30.0502 3372 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:31:30.0580 3372 NativeWifiP - ok
22:31:30.0970 3372 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:31:31.0033 3372 NDIS - ok
22:31:31.0360 3372 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:31:31.0470 3372 NdisCap - ok
22:31:31.0813 3372 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:31:31.0922 3372 NdisTapi - ok
22:31:32.0265 3372 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:31:32.0374 3372 Ndisuio - ok
22:31:32.0718 3372 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:31:32.0858 3372 NdisWan - ok
22:31:33.0217 3372 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:31:33.0310 3372 NDProxy - ok
22:31:33.0638 3372 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:31:33.0747 3372 NetBIOS - ok
22:31:34.0090 3372 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:31:34.0215 3372 NetBT - ok
22:31:34.0590 3372 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:31:34.0636 3372 nfrd960 - ok
22:31:34.0980 3372 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:31:35.0089 3372 Npfs - ok
22:31:35.0416 3372 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:31:35.0526 3372 nsiproxy - ok
22:31:35.0916 3372 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:31:36.0025 3372 Ntfs - ok
22:31:36.0368 3372 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:31:36.0462 3372 Null - ok
22:31:36.0789 3372 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:31:36.0852 3372 nvraid - ok
22:31:37.0179 3372 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:31:37.0226 3372 nvstor - ok
22:31:37.0569 3372 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:31:37.0616 3372 nv_agp - ok
22:31:37.0959 3372 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:31:38.0022 3372 ohci1394 - ok
22:31:38.0380 3372 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:31:38.0443 3372 Parport - ok
22:31:38.0770 3372 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:31:38.0833 3372 partmgr - ok
22:31:39.0192 3372 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:31:39.0254 3372 pci - ok
22:31:39.0582 3372 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:31:39.0613 3372 pciide - ok
22:31:39.0972 3372 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:31:40.0018 3372 pcmcia - ok
22:31:40.0362 3372 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:31:40.0393 3372 pcw - ok
22:31:40.0736 3372 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:31:40.0876 3372 PEAUTH - ok
22:31:41.0266 3372 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
22:31:41.0313 3372 PGEffect - ok
22:31:41.0703 3372 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:31:41.0828 3372 PptpMiniport - ok
22:31:42.0171 3372 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:31:42.0234 3372 Processor - ok
22:31:42.0592 3372 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:31:42.0717 3372 Psched - ok
22:31:43.0092 3372 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:31:43.0201 3372 ql2300 - ok
22:31:43.0544 3372 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:31:43.0575 3372 ql40xx - ok
22:31:43.0934 3372 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:31:43.0996 3372 QWAVEdrv - ok
22:31:44.0355 3372 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:31:44.0449 3372 RasAcd - ok
22:31:44.0808 3372 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:31:44.0917 3372 RasAgileVpn - ok
22:31:45.0276 3372 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:31:45.0400 3372 Rasl2tp - ok
22:31:45.0744 3372 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:31:45.0868 3372 RasPppoe - ok
22:31:46.0212 3372 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:31:46.0352 3372 RasSstp - ok
22:31:46.0695 3372 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:31:46.0820 3372 rdbss - ok
22:31:47.0163 3372 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
22:31:47.0210 3372 rdpbus - ok
22:31:47.0569 3372 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:31:47.0662 3372 RDPCDD - ok
22:31:48.0006 3372 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:31:48.0115 3372 RDPENCDD - ok
22:31:48.0474 3372 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:31:48.0567 3372 RDPREFMP - ok
22:31:48.0910 3372 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:31:49.0004 3372 RDPWD - ok
22:31:49.0363 3372 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:31:49.0378 3372 rdyboost - ok
22:31:49.0784 3372 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:31:49.0924 3372 rspndr - ok
22:31:50.0314 3372 RSUSBSTOR (9beb5f18a418ff70659ce2e356829568) C:\Windows\system32\Drivers\RtsUStor.sys
22:31:50.0377 3372 RSUSBSTOR - ok
22:31:50.0736 3372 RTL8167 (5d6a444bd37b52ff846387c87dcdf98a) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:31:50.0814 3372 RTL8167 - ok
22:31:50.0907 3372 SbieDrv (1fc5d553f8ec9779702fb8264863e3a2) C:\Program Files\Sandboxie\SbieDrv.sys
22:31:50.0970 3372 SbieDrv - ok
22:31:51.0313 3372 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:31:51.0360 3372 sbp2port - ok
22:31:51.0703 3372 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:31:51.0796 3372 scfilter - ok
22:31:52.0171 3372 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:31:52.0280 3372 secdrv - ok
22:31:52.0639 3372 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:31:52.0701 3372 Serenum - ok
22:31:53.0044 3372 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:31:53.0107 3372 Serial - ok
22:31:53.0450 3372 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:31:53.0512 3372 sermouse - ok
22:31:53.0871 3372 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:31:53.0934 3372 sffdisk - ok
22:31:54.0277 3372 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:31:54.0339 3372 sffp_mmc - ok
22:31:54.0667 3372 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:31:54.0729 3372 sffp_sd - ok
22:31:55.0057 3372 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:31:55.0104 3372 sfloppy - ok
22:31:55.0494 3372 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
22:31:55.0556 3372 Sftfs - ok
22:31:55.0915 3372 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:31:55.0962 3372 Sftplay - ok
22:31:56.0320 3372 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:31:56.0336 3372 Sftredir - ok
22:31:56.0679 3372 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
22:31:56.0726 3372 Sftvol - ok
22:31:57.0085 3372 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:31:57.0132 3372 SiSRaid2 - ok
22:31:57.0475 3372 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:31:57.0522 3372 SiSRaid4 - ok
22:31:57.0849 3372 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:31:57.0958 3372 Smb - ok
22:31:58.0333 3372 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:31:58.0380 3372 spldr - ok
22:31:58.0738 3372 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:31:58.0848 3372 srv - ok
22:31:59.0191 3372 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:31:59.0269 3372 srv2 - ok
22:31:59.0612 3372 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:31:59.0674 3372 srvnet - ok
22:32:00.0049 3372 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:32:00.0096 3372 stexstor - ok
22:32:00.0454 3372 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:32:00.0486 3372 swenum - ok
22:32:00.0907 3372 SynTP (9484c1de568173dc1c44df80f16092cc) C:\Windows\system32\DRIVERS\SynTP.sys
22:32:01.0000 3372 SynTP - ok
22:32:01.0437 3372 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:32:01.0531 3372 Tcpip - ok
22:32:01.0952 3372 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:32:02.0030 3372 TCPIP6 - ok
22:32:02.0373 3372 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:32:02.0482 3372 tcpipreg - ok
22:32:02.0872 3372 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:32:02.0904 3372 tdcmdpst - ok
22:32:03.0231 3372 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:32:03.0325 3372 TDPIPE - ok
22:32:03.0652 3372 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:32:03.0746 3372 TDTCP - ok
22:32:04.0089 3372 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:32:04.0198 3372 tdx - ok
22:32:04.0557 3372 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:32:04.0604 3372 TermDD - ok
22:32:05.0041 3372 tosrfbd (09cf82c0068c7cff7e2b3797be7f5cc2) C:\Windows\system32\DRIVERS\tosrfbd.sys
22:32:05.0103 3372 tosrfbd - ok
22:32:05.0431 3372 Tosrfcom - ok
22:32:05.0790 3372 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\Windows\system32\DRIVERS\tosrfec.sys
22:32:05.0836 3372 tosrfec - ok
22:32:06.0180 3372 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\Windows\system32\DRIVERS\tosrfusb.sys
22:32:06.0226 3372 Tosrfusb - ok
22:32:06.0601 3372 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:32:06.0710 3372 tssecsrv - ok
22:32:07.0053 3372 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:32:07.0131 3372 TsUsbFlt - ok
22:32:07.0474 3372 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:32:07.0537 3372 TsUsbGD - ok
22:32:07.0755 3372 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
22:32:07.0786 3372 TuneUpUtilitiesDrv - ok
22:32:08.0145 3372 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:32:08.0270 3372 tunnel - ok
22:32:08.0613 3372 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:32:08.0660 3372 TVALZ - ok
22:32:08.0988 3372 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:32:09.0050 3372 uagp35 - ok
22:32:09.0393 3372 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:32:09.0518 3372 udfs - ok
22:32:09.0892 3372 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:32:09.0939 3372 uliagpkx - ok
22:32:10.0298 3372 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:32:10.0360 3372 umbus - ok
22:32:10.0688 3372 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:32:10.0750 3372 UmPass - ok
22:32:11.0094 3372 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:32:11.0156 3372 usbccgp - ok
22:32:11.0515 3372 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:32:11.0577 3372 usbcir - ok
22:32:11.0920 3372 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:32:11.0983 3372 usbehci - ok
22:32:12.0342 3372 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:32:12.0420 3372 usbhub - ok
22:32:12.0747 3372 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:32:12.0810 3372 usbohci - ok
22:32:13.0153 3372 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
22:32:13.0215 3372 usbprint - ok
22:32:13.0558 3372 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:32:13.0668 3372 USBSTOR - ok
22:32:13.0995 3372 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:32:14.0058 3372 usbuhci - ok
22:32:14.0416 3372 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:32:14.0494 3372 usbvideo - ok
22:32:14.0838 3372 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:32:14.0884 3372 vdrvroot - ok
22:32:15.0243 3372 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:32:15.0306 3372 vga - ok
22:32:15.0633 3372 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:32:15.0758 3372 VgaSave - ok
22:32:16.0101 3372 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:32:16.0164 3372 vhdmp - ok
22:32:16.0507 3372 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:32:16.0554 3372 viaide - ok
22:32:16.0881 3372 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:32:16.0928 3372 volmgr - ok
22:32:17.0287 3372 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:32:17.0365 3372 volmgrx - ok
22:32:17.0708 3372 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:32:17.0770 3372 volsnap - ok
22:32:18.0129 3372 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:32:18.0176 3372 vsmraid - ok
22:32:18.0504 3372 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:32:18.0566 3372 vwifibus - ok
22:32:18.0909 3372 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:32:18.0987 3372 vwififlt - ok
22:32:19.0346 3372 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:32:19.0408 3372 WacomPen - ok
22:32:19.0767 3372 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:32:19.0892 3372 WANARP - ok
22:32:19.0908 3372 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:32:19.0986 3372 Wanarpv6 - ok
22:32:20.0344 3372 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:32:20.0391 3372 Wd - ok
22:32:20.0750 3372 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:32:20.0828 3372 Wdf01000 - ok
22:32:21.0218 3372 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:32:21.0312 3372 WfpLwf - ok
22:32:21.0670 3372 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:32:21.0702 3372 WIMMount - ok
22:32:22.0138 3372 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:32:22.0216 3372 WmiAcpi - ok
22:32:22.0591 3372 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:32:22.0700 3372 ws2ifsl - ok
22:32:23.0152 3372 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:32:23.0386 3372 WudfPf - ok
22:32:23.0745 3372 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:32:23.0870 3372 WUDFRd - ok
22:32:23.0932 3372 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:32:24.0837 3372 \Device\Harddisk0\DR0 - ok
22:32:24.0884 3372 Boot (0x1200) (9b327f519e01edea97d72a67d3574cee) \Device\Harddisk0\DR0\Partition0
22:32:24.0884 3372 \Device\Harddisk0\DR0\Partition0 - ok
22:32:24.0915 3372 Boot (0x1200) (c0694022b203a9372bcf94053810053e) \Device\Harddisk0\DR0\Partition1
22:32:24.0915 3372 \Device\Harddisk0\DR0\Partition1 - ok
22:32:24.0915 3372 ============================================================
22:32:24.0915 3372 Scan finished
22:32:24.0915 3372 ============================================================
22:32:24.0962 3688 Detected object count: 0
22:32:24.0962 3688 Actual detected object count: 0
|
|
06.01.2012, 22:36
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe ich mir einen Trojaner eingefangen? Ok. Wollen wir noch tiefer graben? Es ging ja nur um cacaoweb und Schädlinge waren so offensichtlich nicht da
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2012, 22:52
| #15 |
| | Habe ich mir einen Trojaner eingefangen? Wenn dieses Cacaoweb endlich weg ist, dann dürfte sonst nicht viel drauf sein... ich habe es nämlich geschafft, ein 2 Tage altes System direkt zu infizieren! Vielen vielen Dank nochmal! |
|
| Themen zu Habe ich mir einen Trojaner eingefangen? |
| 2.0.7, anti-viren programm, antivir, autorun, avira, avira searchfree toolbar, bho, cacaoweb, checkpoint, conduit, error, firefox, focus, format, g-data, google, helper, home, internet, logfile, performance, plug-in, problem, programm, realtek, registry, required, rundll, scan, software, super, trojaner, usb, usb 2.0, vista, webcheck, wildtangent games, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
