| |
| |||||||
Log-Analyse und Auswertung: System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
15.01.2013, 12:13
| #1 |
| |  System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig? Hallo und vielen Dank schonmal vorab! Auf meinem Laptop wurden gestern die folgenden Viren gefunden (Avira Antivir): TR/Zusy.32924.7 Worm/Gamarue.l.410 EXP/CVE-2013-0422 Win32/Necrus.gen! Zudem habe ich eine Abuse-Info von T-Online für mein E-Mailpostfach erhalten. Ich habe diese Viren mit Avira Antivir, Windows Defender und Malwarebytes Anti-Malware von meinem Laptop entfernt und mehrmalige Suchläufe zeigen keine weiteren Infektionen an. Vorsichtshalber habe ich von einem sicheren Rechner aus alle meine Passwörter geändert. Nur würde ich gerne wissen, ob mein Laptop wirklich wieder sauber und sicher ist oder ob doch eine Formatierung und Neuinstallation des Systems sinnvoller ist (wird häufig in Foren bei den erwähnten Viren vorgeschlagen)? Habe ich vielleicht einen Vorteil, da ein Benutzerkonto meines Laptops befallen war, aber nicht das Administratorkonto? Da beim Upload der Log-Files von OTL und GMER eine Fehlermeldung kommt (Datei zu groß), werde ich den Inhalt einzelnd posten. OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.01.2013 10:16:00 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 61,52% Memory free 7,60 Gb Paging File | 5,94 Gb Available in Paging File | 78,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,41 Gb Total Space | 65,43 Gb Free Space | 43,79% Space Free | Partition Type: NTFS Drive D: | 148,28 Gb Total Space | 140,31 Gb Free Space | 94,62% Space Free | Partition Type: NTFS Computer Name: TOSHIBA-TOSH | User Name: Toshiba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\...\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments Corporation) PRC - C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.) PRC - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation) PRC - C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation) PRC - C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation) PRC - C:\Program Files (x86)\National Instruments\MAX\nimxs.exe (National Instruments Corporation) PRC - C:\Windows\SysWOW64\nisvcloc.exe (National Instruments Corp.) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe File not found SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.) SRV - (CoordinatorServiceHost) -- C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.) SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (NITaggerService) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments Corporation) SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.) SRV - (NIDomainService) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation) SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation) SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation) SRV - (NILM License Manager) -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation) SRV - (mxssvr) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe (National Instruments Corporation) SRV - (niSvcLoc) -- C:\Windows\SysWOW64\nisvcloc.exe (National Instruments Corp.) SRV - (OpcEnum) -- C:\Windows\SysWOW64\Opcenum.exe (OPC Foundation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7FC92BF0-BE2F-43FA-AF08-4E8295B41782} IE:64bit: - HKLM\..\SearchScopes\{7FC92BF0-BE2F-43FA-AF08-4E8295B41782}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {7FC92BF0-BE2F-43FA-AF08-4E8295B41782} IE - HKLM\..\SearchScopes\{7FC92BF0-BE2F-43FA-AF08-4E8295B41782}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {7FC92BF0-BE2F-43FA-AF08-4E8295B41782} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {7FC92BF0-BE2F-43FA-AF08-4E8295B41782} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data] IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data] IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1000\..\SearchScopes,DefaultScope = {0E7EBA10-02E6-49DA-8177-40972EE58AC3} IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1000\..\SearchScopes\{0E7EBA10-02E6-49DA-8177-40972EE58AC3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1000\..\SearchScopes\{1CD1390D-646B-4229-A2D5-09A3FBC81E6A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VL^DE&apn_uid=e3239308-0302-454a-9507-3a4515d43cfe&apn_sauid=A9E6328B-3C24-4644-AFB3-653E3061FD21 IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1000\..\SearchScopes\{D0C2DA0D-037E-403A-89F7-64A46622D9A5}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1000\..\SearchScopes\{EABFCA70-B4E0-4151-AB43-AA249817EC04}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data] IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data] IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003\..\SearchScopes,DefaultScope = {C02076A7-BC92-41CF-98A9-B6CD648FEDFD} IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003\..\SearchScopes\{7DFE06D6-569B-4AC6-89C8-D557920301BC}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003\..\SearchScopes\{C02076A7-BC92-41CF-98A9-B6CD648FEDFD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003\..\SearchScopes\{F1820A85-FAEA-4CD7-9C42-52720B40D9BB}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.4 FF - prefs.js..extensions.enabledAddons: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.2.5 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.25 23:56:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.29 14:17:53 | 000,000,000 | ---D | M] [2012.10.23 23:10:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\mozilla\Extensions [2013.01.12 16:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\mozilla\Firefox\Profiles\hmk6agho.default\extensions [2013.01.12 16:57:54 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Toshiba\AppData\Roaming\mozilla\firefox\profiles\hmk6agho.default\extensions\toolbar@web.de.xpi [2013.01.12 16:57:54 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\Toshiba\AppData\Roaming\mozilla\firefox\profiles\hmk6agho.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2013.01.12 16:57:57 | 000,000,911 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\mozilla\firefox\profiles\hmk6agho.default\searchplugins\11-suche.xml [2013.01.12 16:57:57 | 000,002,273 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\mozilla\firefox\profiles\hmk6agho.default\searchplugins\englische-ergebnisse.xml [2013.01.12 16:57:57 | 000,010,563 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\mozilla\firefox\profiles\hmk6agho.default\searchplugins\gmx-suche.xml [2013.01.12 16:49:29 | 000,000,950 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\mozilla\firefox\profiles\hmk6agho.default\searchplugins\icqplugin-1.xml [2012.10.31 15:01:06 | 000,000,168 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\mozilla\firefox\profiles\hmk6agho.default\searchplugins\icqplugin.gif [2012.10.31 15:01:06 | 000,000,618 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\mozilla\firefox\profiles\hmk6agho.default\searchplugins\icqplugin.src [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\mozilla\firefox\profiles\hmk6agho.default\searchplugins\icqplugin.xml [2013.01.12 16:57:57 | 000,002,432 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\mozilla\firefox\profiles\hmk6agho.default\searchplugins\lastminute.xml [2013.01.12 16:57:57 | 000,005,545 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\mozilla\firefox\profiles\hmk6agho.default\searchplugins\webde-suche.xml [2012.11.04 18:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.04 18:11:39 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 14:08:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2007.07.24 17:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv85win32.dll [2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20121125235623.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121125235623.dll (McAfee, Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-21-2106094365-2527480700-1081443235-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\...\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) F3:64bit: - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003 WinNT: Load - (C:\Users\...\LOCALS~1\Temp\mskvzos.bat) - File not found F3 - HKU\S-1-5-21-2106094365-2527480700-1081443235-1003 WinNT: Load - (C:\Users\...\LOCALS~1\Temp\mskvzos.bat) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2106094365-2527480700-1081443235-1000\..Trusted Domains: line6.net ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DED5C1-A174-4B2F-8BDA-81142E3DC124}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.01.14 21:52:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.14 23:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.01.14 23:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.01.14 21:52:29 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.01.14 21:52:29 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.01.14 21:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.01.12 17:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer [2013.01.12 17:38:56 | 000,253,256 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2013.01.12 17:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2013.01.12 17:33:47 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Microsoft Games [2013.01.12 17:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.01.12 17:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2013.01.12 17:28:26 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\TestApp [2013.01.12 17:25:23 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\2K Sports [2013.01.12 17:19:37 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Malwarebytes [2013.01.12 17:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.12 17:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.12 17:19:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.12 17:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.12 17:19:13 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Programs [2013.01.12 14:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Sports [2013.01.09 15:49:43 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 15:49:43 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 15:36:10 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 15:36:09 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 15:36:01 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 15:36:01 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 15:36:01 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 15:36:01 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 15:36:01 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 15:36:01 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 15:36:01 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 15:36:01 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 15:36:01 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 15:36:01 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 15:36:01 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 15:36:01 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 15:36:01 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 15:36:01 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 15:36:01 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 15:36:01 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 15:36:01 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 15:36:01 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 15:36:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 15:36:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 15:36:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 15:36:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 15:36:01 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 15:36:01 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 15:36:00 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 15:36:00 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 15:36:00 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 15:36:00 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 15:36:00 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 15:36:00 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 15:36:00 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 15:36:00 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 15:35:21 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 15:35:20 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 15:35:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 15:35:20 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 15:35:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 15:35:20 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 15:35:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 15:35:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 15:35:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 15:35:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 15:35:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 15:35:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 15:35:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 15:35:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 15:35:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 15:35:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 15:35:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 15:35:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 15:35:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 15:35:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 15:35:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 15:35:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 15:35:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 15:35:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 15:35:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 15:35:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 15:35:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 15:35:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 15:35:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 15:35:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 15:35:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 15:35:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 15:35:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.09 15:34:58 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2012.12.29 17:06:02 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steamless Counter Strike Source Pack [2012.12.29 16:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steamless CounterStrikeSource Pack [2012.12.21 12:12:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 12:12:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 12:12:35 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 12:12:35 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.15 10:15:20 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.15 10:15:20 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.15 10:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.15 10:07:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.15 10:07:56 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys [2013.01.15 00:29:49 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe [2013.01.15 00:25:06 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe [2013.01.14 21:52:47 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.01.14 21:52:30 | 000,002,269 | ---- | M] () -- C:\Users\Toshiba\Desktop\SpyHunter.lnk [2013.01.13 19:29:24 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.13 19:29:24 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.12 18:07:41 | 000,002,046 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2013.01.12 17:54:05 | 000,010,662 | -HS- | M] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2013.01.12 17:39:06 | 001,722,833 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2013.01.12 17:19:27 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.12 16:36:30 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.12 16:36:30 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.12 16:36:30 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.12 16:36:30 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.12 16:36:30 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.12 14:37:08 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\NBA 2K11.lnk [2013.01.11 13:55:38 | 000,482,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.06 23:30:14 | 000,003,997 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\LTspiceIV.ini [2012.12.29 17:06:04 | 000,001,265 | ---- | M] () -- C:\Users\Toshiba\Desktop\SteamLess Counter Strike Source.lnk [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.14 21:52:47 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.01.14 21:52:35 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys [2013.01.14 21:52:30 | 000,002,269 | ---- | C] () -- C:\Users\Toshiba\Desktop\SpyHunter.lnk [2013.01.12 17:39:00 | 001,722,833 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2013.01.12 17:19:27 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.12 16:28:49 | 000,010,662 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2013.01.12 14:37:08 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\NBA 2K11.lnk [2012.12.29 17:06:04 | 000,001,265 | ---- | C] () -- C:\Users\Toshiba\Desktop\SteamLess Counter Strike Source.lnk [2012.10.24 23:20:34 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2012.10.24 18:23:18 | 000,212,992 | ---- | C] () -- C:\Windows\SysWow64\WMIMPLEX.dll [2012.10.24 18:23:18 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\maplecompat.dll [2012.10.24 18:23:17 | 000,031,744 | ---- | C] () -- C:\Windows\SysWow64\maplec.dll [2012.10.24 18:03:10 | 000,003,997 | ---- | C] () -- C:\Users\Toshiba\AppData\Roaming\LTspiceIV.ini [2012.10.24 03:46:47 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.10.23 23:01:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2012.10.19 12:56:09 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2012.10.19 12:51:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.01.10 21:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.01.10 21:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2012.01.10 21:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.01.10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.05.30 11:00:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.05 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\2K Sports [2012.12.15 21:50:55 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\AnvSoft [2013.01.15 10:08:44 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Dropbox [2012.12.19 11:26:33 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\EDrawings [2013.01.06 16:02:54 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ICQ [2012.11.05 14:51:00 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\inkscape [2012.11.30 19:51:47 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\JabRef 2.8.1 [2012.10.29 12:22:58 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Line 6 [2012.12.01 14:56:29 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\LyX2.0 [2012.10.24 00:47:54 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Miranda Fusion [2012.11.26 10:59:12 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\OpenOffice.org [2012.10.29 12:22:59 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\PACE Anti-Piracy [2012.10.24 04:00:47 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\SoftGrid Client [2012.10.23 22:26:27 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Toshiba [2012.11.07 16:39:29 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TOSHIBA Online Product Information [2013.01.12 17:25:23 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\2K Sports [2012.10.24 23:18:26 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\DassaultSystemes [2012.10.31 11:00:50 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Dropbox [2012.10.31 15:03:36 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\ICQ [2012.10.31 15:01:11 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\ICQ Search [2012.10.31 01:12:07 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Line 6 [2012.10.31 15:02:11 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Miranda Fusion [2012.10.24 22:29:49 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\SoftGrid Client [2013.01.12 17:28:26 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\TestApp [2012.10.19 13:11:39 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Toshiba [2012.10.24 03:47:37 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\TP [2012.10.24 00:45:17 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\WinBatch ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.01.2013 10:16:00 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lars Breuer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 61,52% Memory free
7,60 Gb Paging File | 5,94 Gb Available in Paging File | 78,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,41 Gb Total Space | 65,43 Gb Free Space | 43,79% Space Free | Partition Type: NTFS
Drive D: | 148,28 Gb Total Space | 140,31 Gb Free Space | 94,62% Space Free | Partition Type: NTFS
Computer Name: TOSHIBA-TOSH | User Name: Toshiba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-2106094365-2527480700-1081443235-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-2106094365-2527480700-1081443235-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\PROGRAM FILES (X86)\WINAMP\Winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\PROGRAM FILES (X86)\WINAMP\Winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\PROGRAM FILES (X86)\WINAMP\Winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\PROGRAM FILES (X86)\WINAMP\Winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\PROGRAM FILES (X86)\WINAMP\Winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\PROGRAM FILES (X86)\WINAMP\Winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DFD214-437F-451F-83B3-F094359FEA5A}" = rport=445 | protocol=6 | dir=out | app=system |
"{08D9AF0C-669A-43BA-9337-65581DA7D373}" = lport=138 | protocol=17 | dir=in | app=system |
"{0AD0E74B-31E5-44CA-9281-94AC48A59EEC}" = rport=137 | protocol=17 | dir=out | app=system |
"{19A8475A-8F6A-45C8-B479-36D571DAD439}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D403140-6604-4B5B-A271-6E54EA0414FE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1F2FFC00-DDD0-402B-B545-6B284317E3E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{301B4103-E70F-492B-A755-B489EAB4CF5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B6CAC3F-FE89-4870-9D16-7666527EAA9E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50882F5F-6C73-4495-BE24-9CF8BACD9E98}" = rport=138 | protocol=17 | dir=out | app=system |
"{5CFD1C00-6CAE-47CC-B5D3-93B818C8C33A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{63FF056B-FFC9-4D47-89A5-9B76F58D6598}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{706D179F-2BF7-48D9-BCE9-080396107525}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D6A4A32-AF45-4256-ABCF-1092849D83E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{863834EC-E66A-4E2B-B9DD-FE1726BD0084}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C619AC4-D3C9-4D1D-BB47-96B48CAC6912}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8C72C6C9-3A14-4E8C-887F-4EEABE604EC9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{983BC017-E8A1-43FC-A8E2-BD33E03BC509}" = lport=137 | protocol=17 | dir=in | app=system |
"{9AD4B7A2-C772-4790-994B-B08E8E63C6B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5B702C0-45BD-40B5-9372-EBA5BC026E0E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA33BAD9-0730-45EC-BB7D-2214DC26B4FF}" = lport=445 | protocol=6 | dir=in | app=system |
"{C8880CAE-D4E6-41D7-8503-B7C346293E79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC25E516-9371-4AF0-9DD4-2FE37D3E32CE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E248A26F-9FED-4FEC-8234-EC5810D9C2DD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E7CF585E-C260-4A31-BEEB-0A9A5FDB7F37}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F5D29A89-1622-4DAA-A3FF-11E217C0F302}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052879DE-C7F4-4002-8DC4-E7057175C972}" = protocol=17 | dir=in | app=c:\users\...\appdata\roaming\dropbox\bin\dropbox.exe |
"{065CEF42-AD8F-486D-AB83-30302FAAEA2E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{07029623-7AFE-47FD-BF0E-BC6C74E543B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{081F68FD-7FB5-43FD-BACB-DACEA783656D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0A91C30A-F615-42C6-825A-220E460D96BB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{0B824D5E-5D54-42E0-B11C-0E94743576D3}" = protocol=6 | dir=in | app=c:\users\...\appdata\roaming\dropbox\bin\dropbox.exe |
"{0E41FC7B-9A9F-4FCD-BBD5-E19BACCF0226}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{11611485-D766-457D-9495-7D7601F4AFE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{151EDB02-DF33-4AA7-BDB6-57AA70F3D7FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{16905ED1-0090-4B65-BBC1-3344EC7EA9AE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{16BCB685-073A-4864-9F84-6E8BECE533B7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2105956D-A276-4584-A9DB-980733A95D55}" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\fusiontools\updater.exe |
"{25519395-229F-4776-B418-BE7A448E813C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{25C1892F-5814-447D-BFF4-D794C35E2C8F}" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"{31676DC9-DA41-46EE-8D79-D2B84C1CC0F9}" = protocol=6 | dir=out | app=system |
"{35AEB4FB-0433-4D02-BC94-CBEB9B00F24A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{41C4B8CA-6572-423C-9C44-821D2B6F1143}" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\fusiontools\updater.exe |
"{43779001-D227-4017-8B35-A2FDE37CEA7B}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe |
"{43C5CA93-BB51-45F9-A417-1037217F7CB6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{44B342AB-02EB-4A4D-A5DD-D0F8D8382379}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{477A281D-B8F3-4C7A-BFF1-93EA5BDD10F7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{494C5DC2-0744-4732-A1F7-29A576443CFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AAA7021-74A1-405E-A4C5-280669F106ED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5E3B84DB-D54E-48BD-9BD5-8BDB80E08CD5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{608CDDDE-DD09-42A1-B74B-B722E0D90E69}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6749A76F-5138-4248-AA28-0D6CF2EB26B2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78425C82-6017-4014-B646-D0BDD0B695F0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{79F51A94-3826-4D74-8D0A-A6B8723A4393}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{820E8870-361C-4D2F-9918-DD6FB42BAE0F}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{823C6572-6747-4691-8F25-69ADC3ECBA03}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{88805CFA-D80E-4283-8AC3-441CFD184415}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360.exe |
"{891B5D79-6022-40BB-9550-4BCC3E78950C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{959C739E-9AB4-4DCD-B683-92D5AA63D3A5}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360.exe |
"{9FACB51D-467C-4BDD-BE5B-038C8A945724}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{A41C9AF1-164B-4C6B-B3E2-ECCBBAE5CB86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A77EE9B5-D422-4477-82FD-990D44898752}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B979A496-3660-4479-8EB0-E56403A253AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C756F06D-ECC5-4E0D-9556-5E146BD275B5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C9939123-02D0-4380-BF42-762F1C19D164}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6C4DC47-E8D4-4649-AF3E-AC644C1299DE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DC58B553-F974-4B41-B9D1-E41B1FC0E080}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E5493ADF-0C40-4841-8D4A-8DDD110A8B3C}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe |
"{F419BB66-566D-4596-A690-86179FEB7D89}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{F448EEC5-CA39-4CE5-8FC0-8AD8BF6FAD46}" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"{F7B5355B-3902-4C5B-963B-59311AB96153}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{311D8E95-6563-4549-AADA-A33F8A8ABB6F}C:\program files (x86)\mirandafusion\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"TCP Query User{3769EB6E-608B-4C5F-BCDA-168165C92D3C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{3D83CC99-C6C0-4E61-8B68-66ABE7AE785F}C:\program files (x86)\2k sports\nba 2k11\nba2k11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k11\nba2k11.exe |
"TCP Query User{4946B63B-FCB5-4372-B954-1537E1FE0F7F}C:\program files (x86)\2k sports\nba 2k11\nba2k11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k11\nba2k11.exe |
"TCP Query User{B852F377-289F-49C1-8C6F-DC14827CDE80}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{CD5A7156-A5CE-4589-AF23-456C7151333F}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{D35C68F7-35AB-447E-9DA1-780BFC4BF52A}C:\users\...\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\...\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{110DD244-E4F6-4604-BA30-791B80F9E552}C:\users\...\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\...\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{37043F6D-9DAF-44BF-8893-E24BAAC2D0AA}C:\program files (x86)\2k sports\nba 2k11\nba2k11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k11\nba2k11.exe |
"UDP Query User{5F24A35F-DE87-4F76-8D39-D76B7E2A5C12}C:\program files (x86)\mirandafusion\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"UDP Query User{68ECAF52-A593-467B-9EE0-CDCB8EF25162}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{7E9EDCD2-02AF-48F3-8B7D-4B5E561E8808}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{8F784577-5076-4D30-A7AA-5040C8255E18}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{90BEE77D-0068-4998-99D7-76A95E63F848}C:\program files (x86)\2k sports\nba 2k11\nba2k11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k11\nba2k11.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21903252-3854-48D6-8F0C-F648CFA818C9}" = NI Help Assistant (64bit)
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{2844A4FA-B106-49E0-BD30-15FA4A40C13F}" = NI VC2005MSMs x64
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{496F4FDB-A4A5-4AB1-89C2-7B4FFD37F9F1}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C66F076-D3AB-49C8-85D4-BAA6D82FCAE2}" = SolidWorks 2012 x64 Edition SP0
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65DDB7D8-5E04-45DF-B60E-89557ED37ED2}" = SolidWorks Explorer 2012 SP0 x64 Edition
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}" = SpyHunter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A6B3A293-6427-4266-AE42-2BDC14C7AC2C}" = SolidWorks eDrawings 2012 x64 Edition SP0
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D385F5B2-6880-4B57-B857-DE1BFB234804}" = NI-DAQmx - LabVIEW shared documentation for 64 Bit Windows 1.3.1
"{D3CB988F-2A25-4AD5-BE84-24349E9CCCD8}" = SolidWorks 2012 x64 German Resources
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"GPL Ghostscript 9.06" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.2
"WinDjView" = WinDjView 2.0.2
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04333594-B0F2-47C8-AFAE-3A372B178159}" = NI LabVIEW 8.5.1 Manuals
"{065F29A4-D4D9-4BB9-85AF-8A878907BBD6}" = NI LabVIEW Run-Time Engine 8.5.1
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0699C67B-F5B5-4CA3-A3A9-B976406FA4DA}" = NI Service Locator
"{071ED036-038F-4F6C-8188-B5E02602C8AD}" = NI LabVIEW MAX XML
"{074A23EE-23DB-4393-BCDF-441FF5539DD1}" = NI LabVIEW 8.5.1 WWW
"{07EC2A8F-AF18-4908-942A-3CD62E9FB4B7}" = NI License Manager
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{148B1E59-71A1-441B-ACF6-342612CE68F4}" = NI LabVIEW 8.5.1 Menus
"{1538B06D-3F62-4622-B9D2-27B894C3496C}" = NI LVBrokerAux 8.5.0
"{15D5755D-3795-45FE-9ED6-BC0DAFA3B333}" = NI-RPC 3.4.0f1
"{17F4ADCB-387E-43A5-8292-A4A37704D670}" = NI MDF Support
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21848659-B9DA-4F53-89BC-B4D9E8E257CB}" = NI LabVIEW 8.5.1 gMath
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{297BDF30-471F-4E8C-9C05-09C3882300CD}" = NI LabWindows/CVI 8.1.1 Run-Time Engine
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F60CB4C-4134-42CA-B8A6-76F732CBADC2}" = NI Variable Manager
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FD67C2E-0F4B-4691-8680-24CD60217220}" = NI Variable Engine
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3401C71A-99BA-492F-B7F2-652705326BBE}" = NI LabVIEW 8.5.1 Templates
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38A4AD83-3492-4A4E-A502-48106D88DD3E}" = NI USI 1.5.0
"{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}" = TOSHIBA ConfigFree
"{3BEFE7B3-1FAF-4C0E-A44D-7E5AF5916087}" = NI LabVIEW 8.5 Help File
"{3D047C6C-19EE-46E3-C14B-9FA84260DF9B}" = Photo Service - powered by myphotobook
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5474BF08-A9D0-49A2-9FCA-4D081B3797B5}" = NI Logos XT Support
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{597F2892-688F-4E80-92A5-B573625FAB6D}" = NI LabVIEW 8.5.1 Project
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{671A5B67-1A00-424A-A902-49BC020FB3D1}" = NI VC2005MSMs x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69674082-8C33-4877-A3EA-EF9B1C17A92F}" = NI LabVIEW 8.5.1 VI.lib
"{69CAA81F-B084-4DF6-8D33-A5A9B125DA88}" = NI LabVIEW 8.5.1 User.lib
"{6CF70201-637F-4A89-B82C-30A163B87016}" = NI LabVIEW 8.5 License
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E605604-E2CE-4331-AA19-5FEF273F3CFD}" = NI LabVIEW Real-Time FIFO for Runtime
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{707A4E0C-8ACE-41BD-8597-117E6C3A5EA2}" = NI DataSocket 4.5.4
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F4EA0E-6E74-4336-BFB7-8B1376CACBB1}" = NI Instrument IO Assistant for LabVIEW 8.5
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{77F73F6E-139D-4B38-AB0D-6D2F0E860478}" = NI Logos 4.9.1
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7C0B9FD1-5181-4446-AD62-299873B5508B}" = NI Uninstaller
"{7DE3B2CC-B0EA-4607-B407-7E5E7C8BEAB0}" = NI LabVIEW Broker
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873B6C52-4EAF-4FA8-A156-907FE78D74F3}" = NI LabWindows/CVI Code Generator
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A53CFE0-A77B-4256-B232-9BAFCDB8EBA3}" = NI LabVIEW 8.5.1 iMath
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90F878B3-11B9-4BAD-8772-6251ADC7779C}" = NI LabVIEW Deployable License 8.5.0
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E15D54-5972-4E8B-A8B9-71C47B7941A2}" = NI LabVIEW 8.5.1 Help
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{969B34AE-635A-4FED-9392-24C55489C6D9}" = NI LabVIEW 8.5.1 Resource
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D9C8C52-6D2F-4FBA-B98B-DDA5817F6D67}" = NI LabVIEW 8.5 MeasAppChm File
"{9FBEC876-60EB-4BAC-BF51-E7EF29C1D71A}" = NI Assistant Framework LabVIEW Code Generator 8.2
"{9FC283EF-65DB-4DBE-930E-D5754091DF63}" = NI LabVIEW 8.5.1 Applibs
"{A0AEA1F9-687A-4587-95B1-9354135CE5D2}" = NI LabVIEW 8.5.1 Examples
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BAFBA29B-7219-4A45-8B18-0C992126A280}" = NI OPC Support
"{BB6B7CF3-6231-4F11-8F5B-8A7F10F3F587}" = NI Assistant Framework
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDA7A019-02C1-437C-87E5-AD0097AB162F}" = NI Variable Engine LabVIEW 8.5.1 Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0AA2E4A-CC81-4BE4-8607-8C4D5BC8AE03}" = Origin85
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D105D090-E9E5-4572-A61C-01EDE7568A17}" = NI TDMS
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D3FE1E36-DF92-442F-AAE6-FFF4D5913834}" = NI LabVIEW Merge Utility 8.5.0
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D88B4D82-11CD-4E56-872F-6E34A643D2DE}" = NI MXS
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DCC02AC1-1A01-4A72-9B16-0E328803CD91}" = NI MXS 4.4.0f0 for LabVIEW Real-Time
"{DD59BC08-8840-42FF-8755-851A83A38610}" = NI LabVIEW 8.5.1 CINtools
"{DE68F9CC-50F9-4F3F-9DDE-B7DFFF4D054E}" = NI LabVIEW 8.5.1 Instr.lib
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E49070-F2C7-402A-9D36-C9B87CA2E09D}" = OriginPro 8.5
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E51A29FF-C828-4AA1-AC39-9A312411FFEC}" = NI LabVIEW 8.5 Simulation
"{E6BBBB50-76E9-4F2F-AA8C-3FDDEB978A87}" = NI Assistant Framework LabVIEW Code Generator 8.5
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBB36B68-9FD1-4AC2-852C-714D42607B67}" = NI LabVIEW 8.5.1
"{EDF51FA5-6909-47E1-AAFE-411BA8900AA1}" = NI-DAQmx - LabVIEW shared documentation
"{EF168C8D-7EAD-4BEC-ACC7-167A0AA2944B}" = NI Example Finder 8.5.1
"{EFF4152D-BBAB-40F4-8FA7-D49116BEAAC1}" = NI Logos LabVIEW 8.5.1 Support
"{EFF6E91F-0009-4047-83BA-6DAD390D7B60}_is1" = Fussball Manager 12
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7D0E9F5-6025-49FA-B13C-CFA27E062062}" = NI EULA Depot
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDA3B45E-073C-4394-90F5-44887B54CC2C}" = NI LabVIEW 8.5 Device Detection and Deployment Support
"{FDEABB07-6AC3-41E1-A17C-CA5D9707EF72}" = NI-RPC 3.4.0f1 for Phar Lap ETS
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.5.7
"Avira AntiVir Desktop" = Avira Free Antivirus
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"GLVIEW3" = OpenGL Extensions Viewer 3.0
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IsoBuster_is1" = IsoBuster 3.0
"LyX20" = LyX 2.0.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Maple 15" = Maple 15 (32-bit)
"Maple Toolbox" = Maple Toolbox
"MatlabR2010a" = MATLAB Student R2010a
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"MirandaFusion" = Miranda Fusion 3.2.0.0
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Service Center" = Native Instruments Service Center
"NBA 2K11_is1" = NBA 2K11
"NI Uninstaller" = National Instruments-Software
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"SolidWorks Installation Manager 20120-40000-1100-100" = SolidWorks 2012 x64 Edition SP0
"Steamless Counter Strike Source Pack" = Steamless Counter Strike Source Pack
"VLC media player" = VLC media player 2.0.4
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"Winamp" = Winamp
"WinAmp Controller_is1" = WinAmp Controller 2.0
"WinLiveSuite" = Windows Live Essentials
"WTA-0e6744cb-0b1b-4f06-a363-1b68aba93580" = Plants vs. Zombies - Game of the Year
"WTA-2d235bf2-80fc-45c9-be95-e4cbe94aafe1" = Wedding Dash 2 - Rings Around the World
"WTA-39a539aa-1edc-4852-b342-7319da423495" = Zuma Deluxe
"WTA-46d6951e-ba4e-4dbd-9875-b703b51c31a6" = Bejeweled 2 Deluxe
"WTA-6a27839f-505e-459f-9132-e9079e55c7c4" = Chuzzle Deluxe
"WTA-6fcb3355-443f-4eb0-a34a-c80c32b1e001" = Polar Bowler
"WTA-7dd24050-2f33-406a-9976-e9d33e52054d" = Penguins!
"WTA-9558264f-03d1-4c0c-a018-2d639e6492fd" = Final Drive: Nitro
"WTA-9badf373-ed20-4132-a72e-4f55b3148ff0" = Insaniquarium Deluxe
"WTA-a8f65613-74bd-430c-83a4-2519f3ee6379" = Bejeweled 3
"WTA-bc213c5f-096f-47cb-b4d4-e46b30d00c1b" = Slingo Deluxe
"WTA-cf3ada4a-6f44-4598-9e15-1d45d134eaa8" = FATE
"WTA-e563aad0-28c5-4ff3-a7bf-710f3a1c8e26" = Diner Dash 2 Restaurant Rescue
"WTA-f4b3811f-3986-4592-8b4a-92d62e415439" = Chicken Invaders 3 - Revenge of the Yolk
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2106094365-2527480700-1081443235-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2106094365-2527480700-1081443235-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.12.2012 11:59:59 | Computer Name = Toshiba-TOSH | Source = WinMgmt | ID = 10
Description =
Error - 31.12.2012 12:35:24 | Computer Name = Toshiba-TOSH | Source = McLogEvent | ID = 5022
Description = Initialisierung des MCSCAN32-Moduls ist fehlgeschlagen. Das Modul hat
folgenden Fehler ausgegeben: 1
Error - 31.12.2012 12:37:01 | Computer Name = Toshiba-TOSH | Source = WinMgmt | ID = 10
Description =
Error - 01.01.2013 08:39:55 | Computer Name = Toshiba-TOSH | Source = McLogEvent | ID = 5022
Description = Initialisierung des MCSCAN32-Moduls ist fehlgeschlagen. Das Modul hat
folgenden Fehler ausgegeben: 1
Error - 01.01.2013 08:41:32 | Computer Name = Toshiba-TOSH | Source = WinMgmt | ID = 10
Description =
Error - 01.01.2013 08:49:51 | Computer Name = Toshiba-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service
rpcnetp since QueryServiceConfig API failed System Error: Das System kann die angegebene
Datei nicht finden. .
Error - 01.01.2013 11:06:56 | Computer Name = Toshiba-TOSH | Source = McLogEvent | ID = 5022
Description = Initialisierung des MCSCAN32-Moduls ist fehlgeschlagen. Das Modul hat
folgenden Fehler ausgegeben: 1
Error - 01.01.2013 11:08:35 | Computer Name = Toshiba-TOSH | Source = WinMgmt | ID = 10
Description =
Error - 01.01.2013 17:23:42 | Computer Name = Toshiba-TOSH | Source = McLogEvent | ID = 5022
Description = Initialisierung des MCSCAN32-Moduls ist fehlgeschlagen. Das Modul hat
folgenden Fehler ausgegeben: 1
Error - 01.01.2013 17:25:19 | Computer Name = Toshiba-TOSH | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 06.01.2013 20:55:16 | Computer Name = Toshiba-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Services" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 06.01.2013 20:55:16 | Computer Name = Toshiba-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee VirusScan Announcer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 06.01.2013 20:55:16 | Computer Name = Toshiba-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Network Agent" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.01.2013 07:20:42 | Computer Name = Toshiba-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.01.2013 07:20:45 | Computer Name = Toshiba-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Personal Firewall" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.01.2013 07:20:45 | Computer Name = Toshiba-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.01.2013 07:20:45 | Computer Name = Toshiba-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Anti-Spam Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.01.2013 07:23:06 | Computer Name = Toshiba-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Services" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 07.01.2013 07:23:06 | Computer Name = Toshiba-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee VirusScan Announcer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.01.2013 07:23:06 | Computer Name = Toshiba-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Network Agent" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
|
|
15.01.2013, 12:16
| #2 |
| | System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig? GMER 2.0.18444 - GMER - Rootkit Detector and Remover
__________________Rootkit scan 2013-01-15 11:19:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GS00 298,09GB Running: gmer-2.0.18444.exe; Driver: C:\Users\Toshiba\AppData\Local\Temp\pwliypog.sys ---- User code sections - GMER 2.0 ---- .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000073ab17fa 2 bytes [AB, 73] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073ab1860 2 bytes [AB, 73] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073ab1942 2 bytes [AB, 73] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000073ab194d 2 bytes [AB, 73] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ed1401 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ed1419 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ed1431 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ed144a 2 bytes [ED, 75] .text ... * 9 .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ed14dd 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075ed14f5 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ed150d 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075ed1525 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ed153d 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ed1555 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ed156d 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ed1585 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ed159d 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ed15b5 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ed15cd 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075ed16b2 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkcitdl.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075ed16bd 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000073ab17fa 2 bytes [AB, 73] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073ab1860 2 bytes [AB, 73] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073ab1942 2 bytes [AB, 73] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000073ab194d 2 bytes [AB, 73] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ed1401 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ed1419 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ed1431 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ed144a 2 bytes [ED, 75] .text ... * 9 .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ed14dd 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075ed14f5 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ed150d 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075ed1525 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ed153d 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ed1555 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ed156d 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ed1585 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ed159d 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ed15b5 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ed15cd 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075ed16b2 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lkads.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075ed16bd 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000073ab17fa 2 bytes [AB, 73] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073ab1860 2 bytes [AB, 73] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073ab1942 2 bytes [AB, 73] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000073ab194d 2 bytes [AB, 73] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ed1401 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ed1419 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ed1431 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ed144a 2 bytes [ED, 75] .text ... * 9 .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ed14dd 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075ed14f5 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ed150d 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075ed1525 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ed153d 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ed1555 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ed156d 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ed1585 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ed159d 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ed15b5 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ed15cd 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075ed16b2 2 bytes [ED, 75] .text C:\Windows\SysWOW64\lktsrv.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075ed16bd 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ed1401 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ed1419 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ed1431 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ed144a 2 bytes [ED, 75] .text ... * 9 .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ed14dd 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075ed14f5 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ed150d 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075ed1525 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ed153d 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ed1555 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ed156d 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ed1585 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ed159d 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ed15b5 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ed15cd 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075ed16b2 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075ed16bd 2 bytes [ED, 75] .text C:\Windows\SysWOW64\nisvcloc.exe[1964] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000073ab17fa 2 bytes [AB, 73] .text C:\Windows\SysWOW64\nisvcloc.exe[1964] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073ab1860 2 bytes [AB, 73] .text C:\Windows\SysWOW64\nisvcloc.exe[1964] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073ab1942 2 bytes [AB, 73] .text C:\Windows\SysWOW64\nisvcloc.exe[1964] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000073ab194d 2 bytes [AB, 73] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ed1401 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ed1419 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ed1431 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ed144a 2 bytes [ED, 75] .text ... * 9 .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ed14dd 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075ed14f5 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ed150d 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075ed1525 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ed153d 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ed1555 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ed156d 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ed1585 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ed159d 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ed15b5 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ed15cd 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075ed16b2 2 bytes [ED, 75] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075ed16bd 2 bytes [ED, 75] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Windows\system32\mfevtps.exe[1680] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f2e8a80] C:\Windows\system32\mfevtps.exe IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2284] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef90c2750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2284] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef90c2b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2284] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef90c7de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2284] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef90c8130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2284] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef90c1908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2284] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef90c1c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2284] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef90c81d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2284] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef90c2878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2284] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef90c7a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2284] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef90c6c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2284] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef90c77bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2284] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef90c7064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2284] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef90c6544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2284] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef90c5e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- EOF - GMER 2.0 ---- |
|
19.01.2013, 15:38
| #3 |
| /// Helfer-Team  | System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig?__________________
__________________ |
|
19.01.2013, 15:45
| #4 |
| | System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig? Hallo, ich habe die Anvira und Malwarebytes Log-Files nicht mehr, da ich den Pc inzwischen neu aufgezogen habe. Jetzt müsste ja auf jeden Fall alles wieder sauber sein oder? |
|
19.01.2013, 15:49
| #5 | |
| /// Helfer-Team | System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig?Zitat:
Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
dann: Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. danach: Downloade Dir bitte SecurityCheck von einem der folgenden Links: LINK1 LINK2
|
|
19.01.2013, 15:57
| #6 |
| | System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig? Ok werde ich machen, danke! OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.01.2013 16:18:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\..._2\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 66,10% Memory free 7,60 Gb Paging File | 5,92 Gb Available in Paging File | 77,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,41 Gb Total Space | 109,92 Gb Free Space | 73,57% Space Free | Partition Type: NTFS Drive D: | 148,28 Gb Total Space | 140,30 Gb Free Space | 94,62% Space Free | Partition Type: NTFS Computer Name: ...-TOSH | User Name: ... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\..._2\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {429839CD-FA0B-47E6-90A1-9E21C63AC7DC} IE:64bit: - HKLM\..\SearchScopes\{429839CD-FA0B-47E6-90A1-9E21C63AC7DC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {429839CD-FA0B-47E6-90A1-9E21C63AC7DC} IE - HKLM\..\SearchScopes\{429839CD-FA0B-47E6-90A1-9E21C63AC7DC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data] IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data] IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1001\..\SearchScopes,DefaultScope = {0E96649E-EE50-41A2-9D9C-45D2262AD3CB} IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1001\..\SearchScopes\{0E96649E-EE50-41A2-9D9C-45D2262AD3CB}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1001\..\SearchScopes\{3E921346-11AA-459C-9248-174A7216F2D0}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1001\..\SearchScopes\{DEA9D829-01E2-4BEF-8651-0AFF5BC03EFC}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1001\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data] IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data] IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1003\..\SearchScopes,DefaultScope = {3E81C022-B058-4530-A8EE-598542164B37} IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1003\..\SearchScopes\{17977F66-8531-4A45-915E-8348C1C32BBA}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1003\..\SearchScopes\{3E81C022-B058-4530-A8EE-598542164B37}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1003\..\SearchScopes\{BF7B56E9-678F-4A24-8BF3-342F12F1DF08}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1003\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKU\S-1-5-21-381712674-3796369227-1840947805-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.01.18 16:44:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 16:13:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.18 20:24:46 | 000,000,000 | ---D | M] [2013.01.18 16:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions [2013.01.18 17:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\ykh35mj4.default\extensions [2013.01.18 17:33:52 | 000,538,938 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\ykh35mj4.default\extensions\toolbar@web.de.xpi [2013.01.18 16:36:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\ykh35mj4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.18 17:33:57 | 000,000,911 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\ykh35mj4.default\searchplugins\11-suche.xml [2013.01.18 17:33:57 | 000,002,273 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\ykh35mj4.default\searchplugins\englische-ergebnisse.xml [2013.01.18 17:33:57 | 000,010,563 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\ykh35mj4.default\searchplugins\gmx-suche.xml [2013.01.18 17:33:57 | 000,002,432 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\ykh35mj4.default\searchplugins\lastminute.xml [2013.01.18 17:33:57 | 000,005,545 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\ykh35mj4.default\searchplugins\webde-suche.xml [2013.01.18 16:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-21-381712674-3796369227-1840947805-1001..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-21-381712674-3796369227-1840947805-1003..\Run: [icq] C:\Users\..._2\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKU\S-1-5-21-381712674-3796369227-1840947805-1003..\Run: [Miranda Fusion] C:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe (Miranda Fusion Team) O4 - HKU\S-1-5-21-381712674-3796369227-1840947805-1003..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\..._2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEA96A2E-CF36-48FB-AC26-B7B613823408}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.18 21:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2013.01.18 21:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JabRef 2.9.2 [2013.01.18 21:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JabRef [2013.01.18 21:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDjView [2013.01.18 21:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinDjView [2013.01.18 19:47:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.18 19:47:34 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Adobe [2013.01.18 19:02:12 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.01.18 19:02:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.01.18 19:02:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.01.18 19:02:11 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.01.18 19:02:11 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2013.01.18 19:02:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.01.18 19:02:09 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.01.18 19:02:09 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.01.18 19:02:09 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.01.18 19:02:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.01.18 19:02:09 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.01.18 19:02:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.01.18 19:02:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.01.18 19:02:09 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.01.18 19:02:09 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.01.18 19:02:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.01.18 19:02:08 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.01.18 19:02:08 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.01.18 19:02:08 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.01.18 19:02:08 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.01.18 19:02:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.01.18 19:02:08 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.01.18 19:02:08 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.01.18 19:02:07 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.01.18 19:02:07 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.01.18 19:01:03 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.01.18 19:01:01 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.01.18 19:01:01 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.01.18 18:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.01.18 18:38:49 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\MathWorks [2013.01.18 18:38:40 | 000,000,000 | ---D | C] -- C:\Users\...\Documents\MATLAB [2013.01.18 18:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB [2013.01.18 18:31:20 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Microsoft Games [2013.01.18 18:30:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MATLAB [2013.01.18 17:49:38 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\WinRAR [2013.01.18 17:49:38 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.01.18 17:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.01.18 17:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.01.18 17:49:17 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2013.01.18 17:49:17 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2013.01.18 17:39:33 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.01.18 17:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013.01.18 17:38:28 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2013.01.18 17:26:59 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.01.18 17:25:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.01.18 17:25:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.01.18 17:25:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.01.18 17:25:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.01.18 17:25:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.01.18 17:25:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.01.18 17:25:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.01.18 17:25:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.01.18 17:25:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.01.18 17:25:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.01.18 17:25:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.01.18 17:25:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.01.18 17:25:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.01.18 17:25:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.01.18 17:25:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.01.18 17:25:03 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\MiKTeX [2013.01.18 17:24:44 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\MiKTeX [2013.01.18 17:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LyX 2.0 [2013.01.18 17:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyX 2.0 [2013.01.18 17:22:23 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013.01.18 17:22:23 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013.01.18 17:22:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013.01.18 17:22:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013.01.18 17:21:46 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2013.01.18 17:21:46 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2013.01.18 17:21:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2013.01.18 17:21:45 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2013.01.18 17:20:17 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Skype [2013.01.18 17:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.01.18 17:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.01.18 17:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2013.01.18 17:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft [2013.01.18 17:15:03 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013.01.18 17:15:03 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2013.01.18 17:14:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LTC [2013.01.18 17:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape [2013.01.18 17:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9 [2013.01.18 17:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.01.18 17:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.01.18 17:00:09 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe [2013.01.18 17:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX [2013.01.18 16:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2013.01.18 16:55:56 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2013.01.18 16:55:54 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2013.01.18 16:55:08 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2013.01.18 16:55:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect [2013.01.18 16:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2013.01.18 16:54:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiKTeX 2.9 [2013.01.18 16:54:32 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Winamp [2013.01.18 16:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2013.01.18 16:47:41 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ [2013.01.18 16:47:24 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\ICQM [2013.01.18 16:47:07 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\ICQ-Profile [2013.01.18 16:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miranda Fusion 3 [2013.01.18 16:46:13 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Miranda Fusion [2013.01.18 16:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MirandaFusion [2013.01.18 16:40:30 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\TOSHIBA_Corporation [2013.01.18 16:40:09 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Avira [2013.01.18 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Macromedia [2013.01.18 16:39:07 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2013.01.18 16:38:53 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.18 16:38:52 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.18 16:38:52 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.18 16:38:50 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.18 16:38:49 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.18 16:38:48 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.18 16:38:48 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.18 16:38:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.18 16:38:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.18 16:38:43 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.18 16:38:43 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.18 16:38:42 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.18 16:38:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.18 16:38:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.18 16:38:38 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.18 16:38:37 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.18 16:38:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.18 16:38:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.18 16:38:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.18 16:38:32 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.18 16:38:32 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.18 16:38:32 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.18 16:38:31 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.18 16:38:31 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.18 16:37:58 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.18 16:37:58 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.18 16:37:58 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.18 16:37:58 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.18 16:37:56 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.18 16:37:54 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.18 16:37:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.18 16:37:51 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.18 16:37:36 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.18 16:37:36 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.18 16:37:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.01.18 16:36:26 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.18 16:36:26 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.18 16:36:26 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.18 16:36:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.18 16:36:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.18 16:36:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.18 16:36:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.18 16:36:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.18 16:36:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.18 16:36:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.18 16:36:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.18 16:36:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.18 16:36:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.18 16:36:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.18 16:36:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.18 16:36:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.18 16:36:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.18 16:36:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.18 16:36:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.18 16:36:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.18 16:36:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.18 16:36:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.18 16:36:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.18 16:36:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.18 16:36:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.18 16:36:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.18 16:36:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.18 16:36:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.18 16:36:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.18 16:36:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.18 16:36:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.18 16:36:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.18 16:36:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.18 16:36:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.18 16:36:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.18 16:36:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.18 16:36:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.18 16:36:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.18 16:36:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.18 16:36:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.18 16:36:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.18 16:36:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.18 16:36:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.18 16:36:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.18 16:36:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.18 16:36:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.18 16:36:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.18 16:36:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.18 16:36:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.18 16:36:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.18 16:36:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.18 16:36:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.18 16:36:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.18 16:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.18 16:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.18 16:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.18 16:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.18 16:36:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.18 16:36:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.18 16:36:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.18 16:36:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.18 16:36:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.18 16:36:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.18 16:36:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.18 16:36:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.18 16:36:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.18 16:36:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.18 16:36:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.18 16:36:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.18 16:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.18 16:34:36 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.18 16:34:36 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.18 16:34:36 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.18 16:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.01.18 16:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.01.18 16:33:47 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2013.01.18 16:33:47 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.01.18 16:33:47 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2013.01.18 16:33:46 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.01.18 16:33:46 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2013.01.18 16:33:46 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2013.01.18 16:33:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2013.01.18 16:33:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2013.01.18 16:33:28 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2013.01.18 16:33:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2013.01.18 16:33:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2013.01.18 16:33:25 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2013.01.18 16:33:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2013.01.18 16:33:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2013.01.18 16:33:15 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2013.01.18 16:33:10 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2013.01.18 16:33:10 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2013.01.18 16:33:09 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2013.01.18 16:33:09 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2013.01.18 16:33:07 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.18 16:33:05 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2013.01.18 16:33:05 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2013.01.18 16:33:04 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2013.01.18 16:33:04 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2013.01.18 16:33:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2013.01.18 16:33:04 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2013.01.18 16:33:04 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2013.01.18 16:33:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2013.01.18 16:33:03 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2013.01.18 16:32:59 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013.01.18 16:32:58 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2013.01.18 16:32:56 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.18 16:32:53 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2013.01.18 16:32:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2013.01.18 16:32:53 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2013.01.18 16:32:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.01.18 16:32:49 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.01.18 16:31:57 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2013.01.18 16:31:57 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2013.01.18 16:31:53 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2013.01.18 16:31:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2013.01.18 16:31:49 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.01.18 16:31:49 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.01.18 16:31:48 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.01.18 16:31:28 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2013.01.18 16:31:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2013.01.18 16:29:34 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2013.01.18 16:29:32 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2013.01.18 16:29:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2013.01.18 16:29:20 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.01.18 16:29:12 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2013.01.18 16:29:11 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2013.01.18 16:29:11 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2013.01.18 16:29:11 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2013.01.18 16:29:11 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2013.01.18 16:29:10 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2013.01.18 16:29:10 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2013.01.18 16:29:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2013.01.18 16:29:10 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2013.01.18 16:29:09 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2013.01.18 16:29:09 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2013.01.18 16:29:09 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2013.01.18 16:29:08 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2013.01.18 16:29:04 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2013.01.18 16:29:04 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2013.01.18 16:28:55 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2013.01.18 16:28:55 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2013.01.18 16:28:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2013.01.18 16:28:36 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.18 16:28:36 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.18 16:28:29 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2013.01.18 16:28:27 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.18 16:28:25 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2013.01.18 16:28:21 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.01.18 16:28:21 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.01.18 16:28:18 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.01.18 16:28:16 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2013.01.18 16:28:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [2013.01.18 16:28:13 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013.01.18 16:28:07 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2013.01.18 16:28:05 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2013.01.18 16:28:04 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2013.01.18 16:27:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2013.01.18 16:27:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2013.01.18 16:27:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2013.01.18 16:27:50 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2013.01.18 16:27:47 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2013.01.18 16:27:46 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2013.01.18 16:27:44 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2013.01.18 16:27:40 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2013.01.18 16:23:52 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.01.18 16:23:50 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.01.18 16:20:10 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\SoftGrid Client [2013.01.18 16:20:10 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\SoftGrid Client [2013.01.18 16:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch) [2013.01.18 16:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.01.18 16:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.01.18 16:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client [2013.01.18 16:18:54 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\TP [2013.01.18 16:17:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2013.01.18 16:17:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2013.01.18 16:16:59 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2013.01.18 16:16:59 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2013.01.18 16:15:45 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\TOSHIBA Online Product Information [2013.01.18 16:13:58 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Mozilla [2013.01.18 16:13:58 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Mozilla [2013.01.18 16:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.01.18 16:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.01.18 16:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.18 16:09:54 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Toshiba [2013.01.18 16:06:55 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Adobe [2013.01.18 16:06:18 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Toshiba [2013.01.18 16:05:58 | 000,000,000 | R--D | C] -- C:\Users\...\Searches [2013.01.18 16:05:58 | 000,000,000 | R--D | C] -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.01.18 16:05:50 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Identities [2013.01.18 16:05:43 | 000,000,000 | R--D | C] -- C:\Users\...\Contacts [2013.01.18 16:05:39 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\VirtualStore [2013.01.18 16:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ToshibaEurope [2013.01.18 16:03:01 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013.01.18 16:03:01 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.01.18 16:03:01 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2013.01.18 16:02:50 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013.01.18 16:02:50 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013.01.18 16:02:50 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013.01.18 16:02:42 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.01.18 16:02:42 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013.01.18 16:02:18 | 000,000,000 | R--D | C] -- C:\Users\...\Videos [2013.01.18 16:02:18 | 000,000,000 | R--D | C] -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.01.18 16:02:18 | 000,000,000 | R--D | C] -- C:\Users\...\Saved Games [2013.01.18 16:02:18 | 000,000,000 | R--D | C] -- C:\Users\...\Pictures [2013.01.18 16:02:18 | 000,000,000 | R--D | C] -- C:\Users\...\Music [2013.01.18 16:02:18 | 000,000,000 | R--D | C] -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.01.18 16:02:18 | 000,000,000 | R--D | C] -- C:\Users\...\Links [2013.01.18 16:02:18 | 000,000,000 | R--D | C] -- C:\Users\...\Favorites [2013.01.18 16:02:18 | 000,000,000 | R--D | C] -- C:\Users\...\Downloads [2013.01.18 16:02:18 | 000,000,000 | R--D | C] -- C:\Users\...\Documents [2013.01.18 16:02:18 | 000,000,000 | R--D | C] -- C:\Users\...\Desktop [2013.01.18 16:02:18 | 000,000,000 | R--D | C] -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\Vorlagen [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\AppData\Local\Verlauf [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\AppData\Local\Temporary Internet Files [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\Startmenü [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\SendTo [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\Recent [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\Netzwerkumgebung [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\Lokale Einstellungen [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\Documents\Eigene Videos [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\Documents\Eigene Musik [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\Eigene Dateien [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\Documents\Eigene Bilder [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\Druckumgebung [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\Cookies [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\AppData\Local\Anwendungsdaten [2013.01.18 16:02:18 | 000,000,000 | -HSD | C] -- C:\Users\...\Anwendungsdaten [2013.01.18 16:02:18 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Temp [2013.01.18 16:02:18 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Microsoft [2013.01.18 16:02:18 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Media Center Programs [2013.01.18 16:02:18 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Macromedia [2013.01.18 16:02:17 | 000,000,000 | --SD | C] -- C:\Users\...\AppData\Roaming\Microsoft [2013.01.18 16:02:17 | 000,000,000 | -H-D | C] -- C:\Users\...\AppData [2013.01.18 16:01:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.01.18 16:01:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.01.18 16:01:56 | 000,000,000 | -HSD | C] -- C:\Programme [2013.01.18 16:01:56 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.01.18 16:01:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.01.18 16:01:56 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.01.18 16:01:56 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.01.18 16:01:56 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.01.18 16:01:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.01.18 16:01:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.01.18 16:01:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.01.18 14:57:35 | 000,000,000 | ---D | C] -- C:\Windows\OemDrv [2013.01.18 14:55:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.01.18 14:53:02 | 000,038,096 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\drivers\PGEffect.sys [2013.01.18 14:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba [2013.01.18 14:50:56 | 001,111,144 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\rtl8192se.sys [2013.01.18 14:50:56 | 001,103,464 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\rtl8192ce.sys [2013.01.18 14:50:56 | 000,612,352 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\rtl819xp.sys [2013.01.18 14:50:56 | 000,450,048 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\rtl8187B.sys [2013.01.18 14:50:56 | 000,442,368 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\rtl8187Se.sys [2013.01.18 14:50:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek WLAN Driver [2013.01.18 14:50:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda [2013.01.18 14:50:34 | 007,367,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsUStoricon.dll [2013.01.18 14:50:34 | 000,422,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtsUStor.dll [2013.01.18 14:50:34 | 000,232,992 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys [2013.01.18 14:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2013.01.18 14:49:25 | 000,827,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll [2013.01.18 14:49:25 | 000,607,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll [2013.01.18 14:49:25 | 000,099,320 | ---- | C] (TOSHIBA CORPORATION) -- C:\Windows\SysNative\tosWirelessLANIndicatorCP.dll [2013.01.18 14:46:46 | 000,024,576 | ---- | C] (Toshiba) -- C:\Windows\SysWow64\TSCI.dll [2013.01.18 14:46:46 | 000,024,576 | ---- | C] (Toshiba) -- C:\Windows\SysWow64\THCI.dll [2013.01.18 14:46:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Microsoft.VC80.MFC [2013.01.18 14:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\xp [2013.01.18 14:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\win7_64 [2013.01.18 14:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\win7_32 [2013.01.18 14:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\vista64 [2013.01.18 14:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\vista32 [2013.01.18 14:46:18 | 000,020,592 | ---- | C] (Compal Electronics, INC.) -- C:\Windows\SysNative\drivers\CeKbFilter.sys [2013.01.18 14:45:58 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2013.01.18 14:45:40 | 000,295,424 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Windows\SysNative\HWS_Ctrl.dll [2013.01.18 14:45:40 | 000,008,192 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Windows\SysNative\TSBWLS.dll [2013.01.18 14:45:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Microsoft.VC80.MFC [2013.01.18 14:43:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.01.18 14:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.01.18 14:43:48 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.01.18 14:43:48 | 002,032,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2013.01.18 14:43:48 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2013.01.18 14:43:48 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.01.18 14:43:48 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2013.01.18 14:43:48 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll [2013.01.18 14:43:48 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.01.18 14:43:48 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.01.18 14:43:48 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.01.18 14:43:48 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll [2013.01.18 14:43:48 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll [2013.01.18 14:43:48 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2013.01.18 14:43:47 | 002,618,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2013.01.18 14:43:47 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.01.18 14:43:47 | 001,756,160 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2013.01.18 14:43:47 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2013.01.18 14:43:47 | 001,213,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2013.01.18 14:43:47 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2013.01.18 14:43:47 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2013.01.18 14:43:47 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2013.01.18 14:43:47 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2013.01.18 14:43:47 | 000,476,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2013.01.18 14:43:47 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2013.01.18 14:43:47 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.01.18 14:43:47 | 000,372,328 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat [2013.01.18 14:43:47 | 000,334,848 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2013.01.18 14:43:47 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2013.01.18 14:43:47 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.01.18 14:43:47 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.01.18 14:43:47 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2013.01.18 14:43:47 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.01.18 14:43:47 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.01.18 14:43:47 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2013.01.18 14:43:47 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2013.01.18 14:43:47 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.01.18 14:43:47 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2013.01.18 14:43:47 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2013.01.18 14:43:47 | 000,124,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2013.01.18 14:43:47 | 000,124,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2013.01.18 14:43:47 | 000,123,104 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2013.01.18 14:43:47 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2013.01.18 14:43:47 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.01.18 14:43:47 | 000,076,904 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2013.01.18 14:43:47 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.01.18 14:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.01.18 14:43:46 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2013.01.18 14:43:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.01.18 14:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.01.18 14:42:02 | 000,538,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys [2013.01.18 14:40:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.01.18 14:39:26 | 000,000,000 | ---D | C] -- C:\Intel [2013.01.18 14:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.01.18 14:38:48 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys [2013.01.18 14:36:16 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.01.18 14:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.01.18 14:35:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.18 14:32:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.19 16:09:41 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.19 16:09:41 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.19 16:09:41 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.19 16:09:41 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.19 16:09:41 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.19 15:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.19 10:50:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.18 21:22:33 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\JabRef 2.9.2.lnk [2013.01.18 19:48:57 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.01.18 19:23:12 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.18 19:23:12 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.18 19:18:18 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe [2013.01.18 19:15:00 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys [2013.01.18 19:14:53 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe [2013.01.18 19:10:06 | 000,002,042 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2013.01.18 18:50:33 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.01.18 18:48:45 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.18 18:48:45 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.18 18:36:27 | 000,001,253 | ---- | M] () -- C:\Users\Public\Desktop\MATLAB R2010a Student.lnk [2013.01.18 18:25:09 | 000,294,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.18 17:27:52 | 001,526,948 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.18 17:24:16 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\LyX 2.0.lnk [2013.01.18 17:17:06 | 000,004,004 | ---- | M] () -- C:\Users\...\AppData\Roaming\LTspiceIV.ini [2013.01.18 17:15:40 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk [2013.01.18 17:15:31 | 000,001,178 | ---- | M] () -- C:\Users\...\Desktop\LTspice IV.lnk [2013.01.18 17:02:26 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.01.18 16:56:05 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2013.01.18 16:46:17 | 000,001,287 | ---- | M] () -- C:\Users\...\Desktop\Miranda Fusion.lnk [2013.01.18 16:34:47 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.18 16:13:51 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.18 15:00:43 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.01.18 15:00:43 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.01.18 14:58:51 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\TOSHIBA_Satellite C660_14816-GR_PSC0QE-04X00.MRK [2013.01.18 14:55:55 | 000,000,000 | ---- | M] () -- C:\Windows\NDSTray.INI [2013.01.18 14:50:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2013.01.18 14:46:18 | 000,020,592 | ---- | M] (Compal Electronics, INC.) -- C:\Windows\SysNative\drivers\CeKbFilter.sys [2013.01.18 14:41:42 | 000,015,354 | ---- | M] () -- C:\Windows\SysNative\results.xml [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.18 21:22:33 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\JabRef 2.9.2.lnk [2013.01.18 19:47:51 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2013.01.18 19:47:51 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.01.18 18:36:27 | 000,001,253 | ---- | C] () -- C:\Users\Public\Desktop\MATLAB R2010a Student.lnk [2013.01.18 17:49:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.01.18 17:24:16 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\LyX 2.0.lnk [2013.01.18 17:21:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.01.18 17:16:59 | 000,004,004 | ---- | C] () -- C:\Users\...\AppData\Roaming\LTspiceIV.ini [2013.01.18 17:16:08 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk [2013.01.18 17:15:40 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk [2013.01.18 17:15:30 | 000,001,178 | ---- | C] () -- C:\Users\...\Desktop\LTspice IV.lnk [2013.01.18 17:02:26 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.01.18 16:56:05 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2013.01.18 16:46:17 | 000,001,287 | ---- | C] () -- C:\Users\...\Desktop\Miranda Fusion.lnk [2013.01.18 16:37:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.18 16:34:47 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.18 16:19:24 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.18 16:13:51 | 000,001,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.18 16:13:51 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.18 16:06:40 | 000,000,454 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Places.lnk [2013.01.18 16:06:39 | 000,000,520 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Music Place.lnk [2013.01.18 16:05:59 | 000,001,446 | ---- | C] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.01.18 16:02:18 | 000,002,042 | ---- | C] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2013.01.18 14:58:51 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\TOSHIBA_Satellite C660_14816-GR_PSC0QE-04X00.MRK [2013.01.18 14:55:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2013.01.18 14:50:55 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2013.01.18 14:50:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2013.01.18 14:43:49 | 000,000,008 | ---- | C] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat [2013.01.18 14:41:42 | 000,015,354 | ---- | C] () -- C:\Windows\SysNative\results.xml [2013.01.18 14:32:56 | 3059,748,864 | -HS- | C] () -- C:\hiberfil.sys [2013.01.18 14:32:51 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\rpcnetp.exe [2012.01.10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.01.10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2012.01.10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.01.10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.05.30 11:00:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.18 16:49:59 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ICQ-Profile [2013.01.18 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ICQM [2013.01.18 16:46:13 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Miranda Fusion [2013.01.18 16:40:27 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\SoftGrid Client [2013.01.18 16:22:39 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Toshiba [2013.01.18 16:15:45 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TOSHIBA Online Product Information [2013.01.18 16:20:20 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TP [2013.01.18 19:38:28 | 000,000,000 | ---D | M] -- C:\Users\..._2\AppData\Roaming\ICQ-Profile [2013.01.18 19:37:25 | 000,000,000 | ---D | M] -- C:\Users\..._2\AppData\Roaming\ICQM [2013.01.18 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\..._2\AppData\Roaming\LyX2.0 [2013.01.18 18:49:57 | 000,000,000 | ---D | M] -- C:\Users\..._2\AppData\Roaming\Miranda Fusion [2013.01.18 17:07:56 | 000,000,000 | ---D | M] -- C:\Users\..._2\AppData\Roaming\Toshiba [2013.01.18 17:13:13 | 000,000,000 | ---D | M] -- C:\Users\..._2\AppData\Roaming\TOSHIBA Online Product Information ========== Purity Check ========== < End of report > |
|
19.01.2013, 16:47
| #7 |
| | System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig? OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.01.2013 16:18:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\..._2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 66,10% Memory free
7,60 Gb Paging File | 5,92 Gb Available in Paging File | 77,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,41 Gb Total Space | 109,92 Gb Free Space | 73,57% Space Free | Partition Type: NTFS
Drive D: | 148,28 Gb Total Space | 140,30 Gb Free Space | 94,62% Space Free | Partition Type: NTFS
Computer Name: ...-TOSH | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-381712674-3796369227-1840947805-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-381712674-3796369227-1840947805-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0368BADF-C54D-4670-A64C-D652FA4E50AB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{055A6F7B-5E91-4C33-A872-503822E262BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FFE144B-3E86-4BA7-AB7D-61FE9E8938C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E6A1B88-0608-45A4-99C4-91355660EFC2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4B74B01A-AE4D-4883-833C-CFA83EE2E194}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A25411E-C539-41BF-8580-EDBBB9DF7AA6}" = lport=138 | protocol=17 | dir=in | app=system |
"{6266FDB6-A075-4F28-8E93-8C5FD9627DCB}" = lport=137 | protocol=17 | dir=in | app=system |
"{73F83FA5-593F-4FFD-8C30-75E6E3E86AFD}" = rport=138 | protocol=17 | dir=out | app=system |
"{760AA678-8CF2-4F7E-9966-9DF9F5E033AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C72C6C9-3A14-4E8C-887F-4EEABE604EC9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9A8F6D66-40CB-47B5-822E-657BFEA298D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BE697A1-3933-46F1-B32B-7A9AE8BB667E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A4523AA1-9151-4284-806C-82A7F4A23440}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0C6C0DB-FD2D-4C6B-AFE3-8B0A1B278E4B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B45DB103-998F-4935-8554-A09D804A6AE0}" = rport=139 | protocol=6 | dir=out | app=system |
"{B51CA4C6-EB2C-4971-B8A8-2116DA705726}" = rport=445 | protocol=6 | dir=out | app=system |
"{CC25E516-9371-4AF0-9DD4-2FE37D3E32CE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DA33C4FD-0887-4F26-AAE0-B8C3581D4A37}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB8BBEFF-6E4A-4C62-ABB2-7C2E3651C2A4}" = lport=139 | protocol=6 | dir=in | app=system |
"{ED895B4F-EBD7-4DB6-BEFD-CCEE3779726E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F3D26A78-4872-4B63-B48A-F331B615FEE6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FDC34EED-5BB7-4CCF-A0E8-A3BA07DE6CEF}" = rport=137 | protocol=17 | dir=out | app=system |
"{FF3AB200-7CA6-4027-AE7E-71FB3227082B}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06689B5E-3AED-43DD-B7A8-73BA26B559D9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0AA14D29-33CD-4C31-ACCF-A21ED992A75A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0E3820B1-1DDC-4DBB-915B-F8514C31796A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1665B076-935F-4C75-A99C-07ED4DF61BEA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{16905ED1-0090-4B65-BBC1-3344EC7EA9AE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{16BCB685-073A-4864-9F84-6E8BECE533B7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1B300B37-2658-4BFC-A80D-E679C863EC4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1C7930D6-5DFE-4325-BFDF-41C6AE85BBE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2EDF3E77-602E-4D34-89DA-6519AD711E66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F8A722C-93AD-4EAE-B28F-C90289BF81C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{35AEB4FB-0433-4D02-BC94-CBEB9B00F24A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{40AEAD3B-0F7F-41EE-97F6-1F111B7CF398}" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"{41B761F4-5CDB-403E-A33F-A1DEE423CAE8}" = protocol=6 | dir=out | app=system |
"{54F7242B-4B16-4E4F-ABBA-2B91FBA373C6}" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\fusiontools\updater.exe |
"{6723DCD1-1476-4DCB-B81D-BA8DCBD2A5AA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6EFC496D-1331-4278-AF99-579FDA00B951}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7B8A221E-E6F2-451E-BE23-02AE4C49F9D1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D439442-332B-4902-8252-263B4CB73601}" = protocol=17 | dir=in | app=c:\users\...\appdata\roaming\icqm\icq.exe |
"{A485681D-0837-47A0-9B48-24648F50476C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7F30508-0CA6-4880-981D-7003CA67B017}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AF80DEA4-44A4-4C16-AB02-B3FAAC7E8783}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B010E6FC-0F9C-4FE6-8D96-9E726687F048}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5337CC8-66A1-44EE-9887-5B67BE9269C6}" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\fusiontools\updater.exe |
"{C756F06D-ECC5-4E0D-9556-5E146BD275B5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CB9089CD-360C-494A-ACB2-288789B75C1D}" = protocol=6 | dir=in | app=c:\users\...\appdata\roaming\icqm\icq.exe |
"{D6C4DC47-E8D4-4649-AF3E-AC644C1299DE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E8CA4304-1F48-48EF-85E7-7B91AECE1338}" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe |
"{EB130E8D-3D52-40BA-BD19-CA17F63D31E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE9EC531-2D67-456A-9B36-08578FC508EF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3C8C043-BFF1-40B5-998D-9B13B825CE82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7B5355B-3902-4C5B-963B-59311AB96153}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{C28438B0-3915-4C0E-B4D0-9FE4482314FB}C:\users\..._2\appdata\roaming\icqm\icq.exe" = protocol=6 | dir=in | app=c:\users\..._2\appdata\roaming\icqm\icq.exe |
"UDP Query User{3F39F8F6-8E5D-4D54-86B7-A0DA0156096D}C:\users\..._2\appdata\roaming\icqm\icq.exe" = protocol=17 | dir=in | app=c:\users\..._2\appdata\roaming\icqm\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5
"WinDjView" = WinDjView 2.0.2
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}" = TOSHIBA ConfigFree
"{3D047C6C-19EE-46E3-C14B-9FA84260DF9B}" = Photo Service - powered by myphotobook
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.5.8
"Avira AntiVir Desktop" = Avira Free Antivirus
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"JabRef 2.9.2" = JabRef 2.9.2
"LTspice IV" = LTspice IV
"LyX2051" = LyX 2.0.5.1
"MatlabR2010a" = MATLAB Student R2010a
"MiKTeX 2.9" = MiKTeX 2.9
"MirandaFusion" = Miranda Fusion 3.2.0
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WTA-0e6744cb-0b1b-4f06-a363-1b68aba93580" = Plants vs. Zombies - Game of the Year
"WTA-2d235bf2-80fc-45c9-be95-e4cbe94aafe1" = Wedding Dash 2 - Rings Around the World
"WTA-39a539aa-1edc-4852-b342-7319da423495" = Zuma Deluxe
"WTA-46d6951e-ba4e-4dbd-9875-b703b51c31a6" = Bejeweled 2 Deluxe
"WTA-6a27839f-505e-459f-9132-e9079e55c7c4" = Chuzzle Deluxe
"WTA-6fcb3355-443f-4eb0-a34a-c80c32b1e001" = Polar Bowler
"WTA-7dd24050-2f33-406a-9976-e9d33e52054d" = Penguins!
"WTA-9558264f-03d1-4c0c-a018-2d639e6492fd" = Final Drive: Nitro
"WTA-9badf373-ed20-4132-a72e-4f55b3148ff0" = Insaniquarium Deluxe
"WTA-a8f65613-74bd-430c-83a4-2519f3ee6379" = Bejeweled 3
"WTA-bc213c5f-096f-47cb-b4d4-e46b30d00c1b" = Slingo Deluxe
"WTA-cf3ada4a-6f44-4598-9e15-1d45d134eaa8" = FATE
"WTA-e563aad0-28c5-4ff3-a7bf-710f3a1c8e26" = Diner Dash 2 Restaurant Rescue
"WTA-f4b3811f-3986-4592-8b4a-92d62e415439" = Chicken Invaders 3 - Revenge of the Yolk
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-381712674-3796369227-1840947805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-381712674-3796369227-1840947805-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.01.2013 13:23:40 | Computer Name = ...-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sftlist.exe, Version: 4.6.2.22610,
Zeitstempel: 0x4e85d062 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x728e6cdc ID des fehlerhaften
Prozesses: 0x890 Startzeit der fehlerhaften Anwendung: 0x01cdf5a048aa2c6b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Application Virtualization
Client\sftlist.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: cccf9488-6193-11e2-90f3-b888e313ec16
Error - 18.01.2013 13:26:09 | Computer Name = ...-TOSH | Source = WinMgmt | ID = 10
Description =
Error - 18.01.2013 13:46:17 | Computer Name = ...-TOSH | Source = WinMgmt | ID = 10
Description =
Error - 18.01.2013 13:49:02 | Computer Name = ...-TOSH | Source = MATLAB | ID = 0
Description =
Error - 18.01.2013 13:57:08 | Computer Name = ...-TOSH | Source = WinMgmt | ID = 10
Description =
Error - 18.01.2013 14:00:10 | Computer Name = ...-TOSH | Source = MATLAB | ID = 0
Description =
Error - 18.01.2013 14:01:09 | Computer Name = ...-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service
rpcnetp since QueryServiceConfig API failed System Error: Das System kann die angegebene
Datei nicht finden. .
Error - 18.01.2013 14:10:31 | Computer Name = ...-TOSH | Source = WinMgmt | ID = 10
Description =
Error - 18.01.2013 14:16:45 | Computer Name = ...-TOSH | Source = WinMgmt | ID = 10
Description =
Error - 18.01.2013 16:29:11 | Computer Name = ...-TOSH | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Der angeforderte Name ist gültig, es wurden
jedoch keine Daten des angeforderten Typs gefunden. ErrorCode: 14007(0x36b7).
[ System Events ]
Error - 18.01.2013 13:23:39 | Computer Name = ...-TOSH | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype Updater" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 18.01.2013 13:23:41 | Computer Name = ...-TOSH | Source = Service Control Manager | ID = 7034
Description = Dienst "Application Virtualization Client" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 18.01.2013 13:23:41 | Computer Name = ...-TOSH | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 18.01.2013 13:23:41 | Computer Name = ...-TOSH | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 3
Mal passiert.
Error - 18.01.2013 13:23:49 | Computer Name = ...-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%109
Error - 18.01.2013 13:25:07 | Computer Name = ...-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 18.01.2013 13:45:00 | Computer Name = ...-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 18.01.2013 13:55:34 | Computer Name = ...-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 18.01.2013 14:08:56 | Computer Name = ...-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 18.01.2013 14:15:20 | Computer Name = ...-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-01-19 16:26:58 ----------------------------- 16:26:58.580 OS Version: Windows x64 6.1.7601 Service Pack 1 16:26:58.580 Number of processors: 4 586 0x2505 16:26:58.580 ComputerName: ... UserName: ... 16:27:00.077 Initialize success 16:30:55.815 AVAST engine defs: 13011900 16:32:04.878 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:32:04.878 Disk 0 Vendor: TOSHIBA_ GS00 Size: 305245MB BusType: 3 16:32:04.940 Disk 0 MBR read successfully 16:32:04.956 Disk 0 MBR scan 16:32:04.956 Disk 0 Windows 7 default MBR code 16:32:04.971 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048 16:32:05.003 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 153000 MB offset 821248 16:32:05.034 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 151843 MB offset 314165248 16:32:05.065 Disk 0 scanning C:\Windows\system32\drivers 16:32:15.236 Service scanning 16:33:01.662 Modules scanning 16:33:01.677 Disk 0 trace - called modules: 16:33:01.709 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 16:33:01.724 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cf0060] 16:33:01.724 3 CLASSPNP.SYS[fffff88001a5a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049da050] 16:33:02.551 AVAST engine scan C:\Windows 16:33:04.329 AVAST engine scan C:\Windows\system32 16:35:38.988 AVAST engine scan C:\Windows\system32\drivers 16:35:50.189 AVAST engine scan C:\Users\Lars 16:38:03.688 AVAST engine scan C:\ProgramData 16:38:44.107 Scan finished successfully 16:39:02.562 Disk 0 MBR has been saved successfully to "C:\Users\...\Desktop\MBR.dat" 16:39:02.562 The log file has been saved successfully to "C:\Users\...\Desktop\aswMBR.txt" Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 20 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (18.0) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
19.01.2013, 17:26
| #8 |
| /// Helfer-Team | System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig? Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
19.01.2013, 18:15
| #9 |
| | System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig? Ich habe sowohl Java als auch den Acrobat Reader (war ja auch als veraltet angegeben) geupdatet. Der PluginCheck liefert folgendes: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 18.0 ist aktuell Flash (11,5,502,146) ist aktuell. Java (1,7,0,11) ist aktuell. Adobe Reader 11,0,1,36 ist aktuell. |
|
19.01.2013, 20:23
| #10 |
| /// Helfer-Team | System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig? Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: JAVA Plug-In deaktivieren Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
19.01.2013, 20:29
| #11 |
| | System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig? Firefox 18.0 ist aktuell Flash (11,5,502,146) ist aktuell. Java ist Installiert aber nicht aktiviert. Adobe Reader 11,0,1,36 ist aktuell. |
|
19.01.2013, 23:10
| #12 |
| /// Helfer-Team | System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig? Sehr gut!  damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
19.01.2013, 23:18
| #13 |
| | System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig? Perfekt und vielen Dank für den Support! Super Job den ihr hier macht! |
|
19.01.2013, 23:26
| #14 |
| /// Helfer-Team | System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig? Wir wuenschen eine virenfreie Zeit  |
|
| Themen zu System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig? |
| anti-malware, antivir, any video converter, avira, avira antivir, avira searchfree toolbar, benutzerkonto, datei, defender, diner dash, enigma, entfernt, erhalte, esgscanner.sys, fehlermeldung, folge, folgende, foren, formatierung, gmer, index, install.exe, laptop, malwarebytes, microsoft office 2003, msn deutschland, national, neuinstallation, origin, passwörter, plug-in, rechner, system, upload, viren, visual studio, wildtangent games, windows, wirklich |
Linear-Darstellung
